Jump to content


Photo

New windows7 system, want to clean up before putting into service


  • Please log in to reply
No replies to this topic

#1 gravity

gravity

    New Member

  • Members
  • 1 posts

Posted 15 January 2012 - 12:43 PM

I have a brand new system which I'd like to clean up prior to making restorable backups and putting into service. I have already installed the MS 2007 office suite because I need that and didn't think of doing this before I installed Office! I'm not planning to use Norton. (Planning to use Avast (unless the advice here is that that isn't wise).) The dds log and hijack this logs follow.

HijackThis did tell me it couldn't write to the Hosts file. However, I couldn't "Find the line(s) HijackThis reports and delete them" because I didn't see any such lines reported by HijackThis.

So, can I safely delete:
1. all Norton items in O2, O3, O4, O23?
2. all Bing items in O2, O3
3. all O23 items with "file missing"
4. all the WildTangent stuff
5. anything else?

Thanks very much in advance!
Neal
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by general at 10:20:20 on 2012-01-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.3038 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\SymSilent\SymSilent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce: [SymSilent] "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRunOnce-x64: [SymSilent] "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [2012-1-7 1143416]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSviA64.sys [2012-1-7 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS --> C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]
R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [2012-1-7 138760]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-1-7 1128952]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-7 2656280]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-15 17:07:09 388096 ----a-r- C:\Users\general\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-15 17:07:09 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-15 16:57:15 -------- d-----w- C:\Users\general\AppData\Local\CrashDumps
2012-01-14 21:10:50 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-01-14 21:10:26 -------- d-----w- C:\Users\general\AppData\Local\Microsoft Help
2012-01-14 20:36:22 1581088 ----a-w- C:\Windows\System32\drivers\tdrpm174.sys
2012-01-14 20:36:20 880160 ----a-w- C:\Windows\System32\drivers\timntr.sys
2012-01-14 20:36:20 83488 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys
2012-01-14 20:36:20 237600 ----a-w- C:\Windows\System32\drivers\snman380.sys
2012-01-14 20:23:13 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2012-01-14 20:22:19 -------- d-----w- C:\Users\general\AppData\Local\PDFC
2012-01-14 20:21:59 -------- d-----w- C:\Users\general\AppData\Local\VirtualStore
2012-01-14 20:21:48 -------- d-----w- C:\Users\general\AppData\Local\RemEngine
2012-01-14 20:14:16 -------- d-----w- C:\Users\general\AppData\Local\Hewlett-Packard
2012-01-14 20:14:05 -------- d-----w- C:\Users\general\AppData\Local\Hewlett-Packard_Company
2012-01-07 09:36:00 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-07 09:33:31 904704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll
2012-01-07 09:30:51 -------- d-----w- C:\Windows\en
2012-01-07 09:30:26 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-01-07 09:28:33 20968 ----a-w- C:\Windows\System32\pdfc_port.dll
2012-01-07 09:28:32 -------- d-----w- C:\Program Files (x86)\PDF Complete
2012-01-07 09:28:30 -------- d-----w- C:\ProgramData\PDFC
2012-01-07 09:28:20 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll
2012-01-07 09:28:20 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll
2012-01-07 09:28:04 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc
2012-01-07 09:28:03 -------- d-----w- C:\Program Files (x86)\PlayReady
2012-01-07 09:27:59 -------- d-----w- C:\Program Files (x86)\Kobo
2012-01-07 09:27:52 -------- d-----w- C:\Windows\PRIndex
2012-01-07 09:27:51 -------- d-----w- C:\Program Files (x86)\NewspaperDirect
2012-01-07 09:27:48 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4
2012-01-07 09:27:44 -------- d-----w- C:\Program Files\ZinioReader4
2012-01-07 09:26:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-07 09:26:45 -------- d-----w- C:\Program Files\PlayReady
2012-01-07 09:24:46 -------- d-----w- C:\Program Files (x86)\HP Games
2012-01-07 09:24:42 -------- d-----w- C:\Program Files (x86)\WildTangent Games
2012-01-07 09:24:41 -------- d-----w- C:\ProgramData\WildTangent
2012-01-07 09:23:51 -------- d-----w- C:\ProgramData\Symantec
2012-01-07 09:23:51 -------- d-----w- C:\Program Files (x86)\Symantec
2012-01-07 09:23:47 379784 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeLauncher.exe
2012-01-07 09:23:47 18197896 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe
2012-01-07 09:23:47 -------- d-----r- C:\Program Files (x86)\Online Services
2012-01-07 09:21:59 667648 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Proofing.en-us\Proof.fr\Proof.msi
2012-01-07 09:19:40 -------- d-----w- C:\ProgramData\{95164853-C885-4648-BEAA-E04328156EF0}
2012-01-07 09:19:26 -------- d-----w- C:\Program Files (x86)\Hp
2012-01-07 09:19:01 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll
2012-01-07 09:17:35 -------- d-----w- C:\Program Files\hp
2012-01-07 09:17:31 74752 ----a-w- C:\Windows\System32\HPMUIDir.exe
2012-01-07 09:15:17 4352 ----a-w- C:\Windows\System32\drivers\FBIKB_NT.Sys
2012-01-07 09:13:43 -------- d-----w- C:\Windows\SysWow64\RTCOM
2012-01-07 09:13:43 -------- d-----w- C:\Program Files\Realtek
2012-01-07 09:13:33 -------- d-----w- C:\Program Files\Common Files\Intel
2012-01-07 09:13:32 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-01-07 09:09:50 3137536 ----a-w- C:\Windows\System32\win32k.sys
2012-01-07 09:08:55 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-01-07 09:06:48 2871808 ----a-w- C:\Windows\explorer.exe
2012-01-07 09:05:54 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-01-07 09:04:50 800256 ----a-w- C:\Windows\System32\usp10.dll
2012-01-07 09:03:53 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2012-01-07 09:02:25 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-01-07 08:52:36 16235512 ----a-w- C:\Program Files (x86)\Online Services\Rhapsody\RhapsodyHpq.EXE
.
==================== Find3M ====================
.
2012-01-07 09:31:52 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-01-07 09:10:11 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-01-07 09:10:11 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-01-07 09:10:11 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-01-07 09:10:11 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-01-07 09:10:11 2565632 ----a-w- C:\Windows\System32\esent.dll
2012-01-07 09:10:11 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-01-07 09:10:11 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2012-01-07 09:10:11 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-01-07 09:10:11 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-01-07 09:10:11 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-01-07 09:10:11 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-01-07 09:08:47 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-01-07 09:07:48 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-01-07 09:07:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-01-07 09:07:48 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2012-01-07 09:07:48 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-01-07 09:07:06 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-01-07 09:07:06 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-01-07 09:07:06 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-01-07 09:07:06 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-01-07 09:07:06 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-01-07 09:07:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-01-07 09:07:06 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-01-07 09:05:54 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-01-07 09:04:50 7680 ----a-w- C:\Windows\System32\KBDINTAM.DLL
2012-01-07 09:03:53 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2012-01-07 09:03:44 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2012-01-07 09:03:44 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2012-01-07 09:03:44 723968 ----a-w- C:\Windows\System32\EncDec.dll
2012-01-07 09:03:44 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2012-01-07 09:03:44 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-01-07 09:03:44 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2012-01-07 09:03:44 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2012-01-07 09:03:44 1118720 ----a-w- C:\Windows\System32\sbe.dll
2012-01-07 09:03:26 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2012-01-07 09:03:26 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-01-07 09:03:08 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-01-07 09:03:08 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 10:20:45.07 ===============

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:33:40 AM, on 1/15/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [SymSilent] "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8816 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users