Jump to content
Sign in to follow this  
gravity

New windows7 system, want to clean up before putting into service

Recommended Posts

I have a brand new system which I'd like to clean up prior to making restorable backups and putting into service. I have already installed the MS 2007 office suite because I need that and didn't think of doing this before I installed Office! I'm not planning to use Norton. (Planning to use Avast (unless the advice here is that that isn't wise).) The dds log and hijack this logs follow.

 

HijackThis did tell me it couldn't write to the Hosts file. However, I couldn't "Find the line(s) HijackThis reports and delete them" because I didn't see any such lines reported by HijackThis.

 

So, can I safely delete:

1. all Norton items in O2, O3, O4, O23?

2. all Bing items in O2, O3

3. all O23 items with "file missing"

4. all the WildTangent stuff

5. anything else?

 

Thanks very much in advance!

Neal

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by general at 10:20:20 on 2012-01-15

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4003.3038 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\SymSilent\SymSilent.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRunOnce: [symSilent] "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll

mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRunOnce-x64: [symSilent] "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1300000.080\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1300000.080\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20110519.002\BHDrvx64.sys [2012-1-7 1143416]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1300000.080\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20110519.031\IDSviA64.sys [2012-1-7 488056]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1300000.080\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS --> C:\Windows\system32\drivers\NISx64\1300000.080\SYMNETS.SYS [?]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-9 85560]

R2 HPAuto;HP Auto;C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-2-16 682040]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe [2012-1-7 138760]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-1-7 1128952]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-7 2656280]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-01-15 17:07:09 388096 ----a-r- C:\Users\general\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-15 17:07:09 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-01-15 16:57:15 -------- d-----w- C:\Users\general\AppData\Local\CrashDumps

2012-01-14 21:10:50 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2012-01-14 21:10:26 -------- d-----w- C:\Users\general\AppData\Local\Microsoft Help

2012-01-14 20:36:22 1581088 ----a-w- C:\Windows\System32\drivers\tdrpm174.sys

2012-01-14 20:36:20 880160 ----a-w- C:\Windows\System32\drivers\timntr.sys

2012-01-14 20:36:20 83488 ----a-w- C:\Windows\System32\drivers\tifsfilt.sys

2012-01-14 20:36:20 237600 ----a-w- C:\Windows\System32\drivers\snman380.sys

2012-01-14 20:23:13 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL

2012-01-14 20:22:19 -------- d-----w- C:\Users\general\AppData\Local\PDFC

2012-01-14 20:21:59 -------- d-----w- C:\Users\general\AppData\Local\VirtualStore

2012-01-14 20:21:48 -------- d-----w- C:\Users\general\AppData\Local\RemEngine

2012-01-14 20:14:16 -------- d-----w- C:\Users\general\AppData\Local\Hewlett-Packard

2012-01-14 20:14:05 -------- d-----w- C:\Users\general\AppData\Local\Hewlett-Packard_Company

2012-01-07 09:36:00 -------- d-sh--w- C:\$RECYCLE.BIN

2012-01-07 09:33:31 904704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll

2012-01-07 09:30:51 -------- d-----w- C:\Windows\en

2012-01-07 09:30:26 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-01-07 09:28:33 20968 ----a-w- C:\Windows\System32\pdfc_port.dll

2012-01-07 09:28:32 -------- d-----w- C:\Program Files (x86)\PDF Complete

2012-01-07 09:28:30 -------- d-----w- C:\ProgramData\PDFC

2012-01-07 09:28:20 5425496 ----a-w- C:\Windows\System32\D3DX9_41.dll

2012-01-07 09:28:20 4178264 ----a-w- C:\Windows\SysWow64\D3DX9_41.dll

2012-01-07 09:28:04 -------- d-----w- C:\Program Files (x86)\K-NFB Reading Technology Inc

2012-01-07 09:28:03 -------- d-----w- C:\Program Files (x86)\PlayReady

2012-01-07 09:27:59 -------- d-----w- C:\Program Files (x86)\Kobo

2012-01-07 09:27:52 -------- d-----w- C:\Windows\PRIndex

2012-01-07 09:27:51 -------- d-----w- C:\Program Files (x86)\NewspaperDirect

2012-01-07 09:27:48 -------- d-----w- C:\Program Files (x86)\Zinio Reader 4

2012-01-07 09:27:44 -------- d-----w- C:\Program Files\ZinioReader4

2012-01-07 09:26:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-07 09:26:45 -------- d-----w- C:\Program Files\PlayReady

2012-01-07 09:24:46 -------- d-----w- C:\Program Files (x86)\HP Games

2012-01-07 09:24:42 -------- d-----w- C:\Program Files (x86)\WildTangent Games

2012-01-07 09:24:41 -------- d-----w- C:\ProgramData\WildTangent

2012-01-07 09:23:51 -------- d-----w- C:\ProgramData\Symantec

2012-01-07 09:23:51 -------- d-----w- C:\Program Files (x86)\Symantec

2012-01-07 09:23:47 379784 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeLauncher.exe

2012-01-07 09:23:47 18197896 ----a-w- C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe

2012-01-07 09:23:47 -------- d-----r- C:\Program Files (x86)\Online Services

2012-01-07 09:21:59 667648 ----a-w- C:\ProgramData\Microsoft\OEMOffice14\Office14\Proofing.en-us\Proof.fr\Proof.msi

2012-01-07 09:19:40 -------- d-----w- C:\ProgramData\{95164853-C885-4648-BEAA-E04328156EF0}

2012-01-07 09:19:26 -------- d-----w- C:\Program Files (x86)\Hp

2012-01-07 09:19:01 8192 ----a-w- C:\Windows\System32\drivers\IntelMEFWVer.dll

2012-01-07 09:17:35 -------- d-----w- C:\Program Files\hp

2012-01-07 09:17:31 74752 ----a-w- C:\Windows\System32\HPMUIDir.exe

2012-01-07 09:15:17 4352 ----a-w- C:\Windows\System32\drivers\FBIKB_NT.Sys

2012-01-07 09:13:43 -------- d-----w- C:\Windows\SysWow64\RTCOM

2012-01-07 09:13:43 -------- d-----w- C:\Program Files\Realtek

2012-01-07 09:13:33 -------- d-----w- C:\Program Files\Common Files\Intel

2012-01-07 09:13:32 -------- d-----w- C:\Program Files (x86)\Common Files\Intel

2012-01-07 09:09:50 3137536 ----a-w- C:\Windows\System32\win32k.sys

2012-01-07 09:08:55 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-01-07 09:06:48 2871808 ----a-w- C:\Windows\explorer.exe

2012-01-07 09:05:54 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-01-07 09:04:50 800256 ----a-w- C:\Windows\System32\usp10.dll

2012-01-07 09:03:53 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-01-07 09:02:25 995328 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2012-01-07 08:52:36 16235512 ----a-w- C:\Program Files (x86)\Online Services\Rhapsody\RhapsodyHpq.EXE

.

==================== Find3M ====================

.

2012-01-07 09:31:52 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2012-01-07 09:10:11 96768 ----a-w- C:\Windows\System32\fsutil.exe

2012-01-07 09:10:11 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe

2012-01-07 09:10:11 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys

2012-01-07 09:10:11 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys

2012-01-07 09:10:11 2565632 ----a-w- C:\Windows\System32\esent.dll

2012-01-07 09:10:11 189824 ----a-w- C:\Windows\System32\drivers\storport.sys

2012-01-07 09:10:11 1699328 ----a-w- C:\Windows\SysWow64\esent.dll

2012-01-07 09:10:11 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys

2012-01-07 09:10:11 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2012-01-07 09:10:11 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys

2012-01-07 09:10:11 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys

2012-01-07 09:08:47 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2012-01-07 09:07:48 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-01-07 09:07:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-01-07 09:07:48 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2012-01-07 09:07:48 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-01-07 09:07:06 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2012-01-07 09:07:06 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys

2012-01-07 09:07:06 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2012-01-07 09:07:06 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2012-01-07 09:07:06 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2012-01-07 09:07:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2012-01-07 09:07:06 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2012-01-07 09:05:54 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-01-07 09:04:50 7680 ----a-w- C:\Windows\System32\KBDINTAM.DLL

2012-01-07 09:03:53 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-01-07 09:03:44 961024 ----a-w- C:\Windows\System32\CPFilters.dll

2012-01-07 09:03:44 850944 ----a-w- C:\Windows\SysWow64\sbe.dll

2012-01-07 09:03:44 723968 ----a-w- C:\Windows\System32\EncDec.dll

2012-01-07 09:03:44 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll

2012-01-07 09:03:44 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll

2012-01-07 09:03:44 259072 ----a-w- C:\Windows\System32\mpg2splt.ax

2012-01-07 09:03:44 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax

2012-01-07 09:03:44 1118720 ----a-w- C:\Windows\System32\sbe.dll

2012-01-07 09:03:26 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2012-01-07 09:03:26 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2012-01-07 09:03:08 715776 ----a-w- C:\Windows\System32\kerberos.dll

2012-01-07 09:03:08 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll

.

============= FINISH: 10:20:45.07 ===============

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:33:40 AM, on 1/15/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPDSK/1

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\IPS\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\coIEPlg.dll

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\RunOnce: [symSilent] "C:\Program Files (x86)\SymSilent\SymSilent.exe" /_spawn /service

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

O23 - Service: HP Auto (HPAuto) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe

O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.0.0.128\ccSvcHst.exe

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 8816 bytes

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

Click here to Read Amazon Reviews!



×