PDA

View Full Version : Hacked



NZHawk
21-06-2013, 01:32 PM
I have a person who thinks their computer has been hacked into.

I have updated their internet security program (BitDefender Internet Security 2013) & scanned (37 threats detected so far)

I am going to change their security key on their wireless adsl router

is there anything else that I should do:
1] to detect whether or not they have been hacked into
2] to prevent further hacking?


Thank you

NZHawk
21-06-2013, 01:44 PM
and
is there anyway of identifying if the computer has been hacked into (she wants proof)

Speedy Gonzales
21-06-2013, 01:47 PM
Look in its logs and see if it blocked anything. What are the threats?

NZHawk
21-06-2013, 01:54 PM
will get back to you on that when the scan is completed.

Alex B
21-06-2013, 02:03 PM
Why does she think it has been hacked, and what information does she think has been accessed.

NZHawk
21-06-2013, 02:08 PM
Good question and it was hard for me to pin her down as she was quite vague
but she said setting seemed to have been changed
windows would open up & then close & she wouldn't be able to find them.
she took pictures of some of the windows - but I couldn't make out enough of the details to know what they were reflecting.
she has very little data if any - only uses the laptop for skype & emails

NZHawk
21-06-2013, 02:20 PM
here is the results of the scan:
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\VJZCCJGC.txt Cookie.2o7 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\DXT2VUFB.txt Cookie.2o7 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\M5V34YXF.txt Cookie.Ru4 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\RTUWIFEU.txt Cookie.Advertising Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\UFJIYXSJ.txt Cookie.2o7 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\LEERTKSC.txt Cookie.WebTrends Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\ATQ6G444.txt Cookie.Casalemedia Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\L10ON3Q6.txt Cookie.Apmebf Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\QRWN8ZWS.txt Cookie.DoubleClick Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\VO4GP8N0.txt Cookie.2o7 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\28LTQYND.txt Cookie.Rub Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\6RXHJNEG.txt Cookie.FastClick Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\46GY02AA.txt Cookie.BS.Serving-Sys Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\TLKW6YL1.txt Cookie.Rub Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\0T9Q417E.txt Cookie.Overture Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\OEFYJYF4.txt Cookie.Zedo Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\2WPI16OZ.txt Cookie.DoubleClick Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\DY42TRBH.txt Cookie.Advertising Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\5FFV7DXJ.txt Cookie.Zedo Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\D6582QS9.txt Cookie.Rub Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\ASVUP1DX.txt Cookie.Ru4 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\63845PIZ.txt Cookie.BurstNet Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\G1XH4WMM.txt Cookie.Adtech Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\X8BI7HT0.txt Cookie.TribalFusion Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\Z6QRKQ9W.txt Cookie.2o7 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\BUVF4W11.txt Cookie.2o7 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\LM812XKL.txt Cookie.Mediaplex Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\2B70IVSW.txt Cookie.2o7 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\K9Z501MC.txt Cookie.2o7 Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\R6BHMEP1.txt Cookie.247RealMedia Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\45BSUEFH.txt Cookie.Statcounter Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\Q07Q75ZW.txt Cookie.BS.Serving-Sys Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\SHD05AQQ.txt Cookie.Overture Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\RBHA77JU.txt Cookie.Rub Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\SLSAY69O.txt Cookie.QuestionMarket Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\XUMIYN3N.txt Cookie.Advertising Deleted
Cookie: C:\Users\Sheryl\AppData\Roaming\Microsoft\Windows\ Cookies\3JHG9PSE.txt Cookie.RealMedia


Not scanned:
File: C:\swsetup\HPQWB\qwfiles\data.1=>datafs (BAD CRC) Overcompressed Not scanned (file was overcompressed)

File: D:\OWNER-PC\Backup Set 2012-04-09 185240\Backup Files 2012-04-09 185240\Backup files 12.zip=>C=>Users=>Owner=>Downloads=>setup (1).zip=>setup.exe=>(RAR Sfx o)=>lb66wf4rdb56hlt.exe=>(RAR Sfx o)=>tt123fxamh7if34.exe Password-protected Not scanned (file was password-protected)

File: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)

File: D:\OWNER-PC\Backup Set 2012-04-09 185240\Backup Files 2012-04-22 202938\Backup files 2.zip=>C=>Users=>Owner=>Downloads=>setup (1).zip=>setup.exe=>(RAR Sfx o)=>lb66wf4rdb56hlt.exe=>(RAR Sfx o)=>tt123fxamh7if34.exe Password-protected Not scanned (file was password-protected)

File: D:\OWNER-PC\Backup Set 2012-04-09 185240\Backup Files 2012-05-27 195526\Backup files 2.zip=>C=>Users=>Owner=>Downloads=>setup (1).zip=>setup.exe=>(RAR Sfx o)=>lb66wf4rdb56hlt.exe=>(RAR Sfx o)=>tt123fxamh7if34.exe Password-protected Not scanned (file was password-protected)

File: C:\swsetup\HPQWB\qwfiles\home.1=>homefs (BAD CRC) Overcompressed Not scanned (file was overcompressed)

File: C:\System Volume Information\{207032f0-d80b-11e2-a126-e4115b2e9dac}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\Users\Sheryl\AppData\Local\Temp\SP59624.exe=>(CAB Sfx 2o)=>=>HPPTVFSSetup.exe=>(Embedded DocFile r)=>(Embedded CAB)=>WinUSBCoInstaller_x86_300.dll.0A805B51_A7A6_44F0_B 475_3BCE758D57C8=>(CAB Sfx 2r)=>update\update.exe

Speedy Gonzales
21-06-2013, 02:29 PM
Well the 1st lot are cookies. I wouldnt worry about those. Did she make the backup files?? If not delete them. It looks like SP59624.exe is an HP setup file

I would disable system restore, use ccleaner to remove temp files/cookies. Then turn system restore back on

NZHawk
21-06-2013, 02:31 PM
Yep I agree, I wasn't too worried about the cookies.
Will run CCleaner after Malwarebytes finishes it's scan

cheers

Speedy Gonzales
21-06-2013, 02:34 PM
Post a HJT log . We'll see whats in it

NZHawk
21-06-2013, 02:38 PM
Thank you:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:35:11 p.m., on 21/06/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal

Running processes:
C:\windows\system32\taskhost.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\HP HD Webcam [Fixed]\Monitor.exe
C:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdiSdkHelper.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\SearchFilterHost.exe
H:\2 Cleaning Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/118
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/118
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/118
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/118
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,c:\Progr am Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [NUSB3MON] "c:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files\HP HD Webcam [Fixed]\monitor.exe
O4 - HKLM\..\Run: [DTRun] c:\Program Files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HPQuickWebProxy] "c:\Program Files\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O9 - Extra button: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromI E.exe
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\aestsrv.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files\Intel\Services\IPT\jhi_service.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: @%SystemRoot%\system32\stlang.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system32\ArcVCapRender\uArcCapture.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
O23 - Service: XobniService - Xobni Corporation - C:\Program Files\Xobni\XobniService.exe

--
End of file - 12623 bytes

Speedy Gonzales
21-06-2013, 03:07 PM
Does she used McAfee endpoint Encryption agent, If she doesnt I would uninstall it. Does this support dual graphics? Since it looks like its got Intel and ATI video drivers on it?

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

There's a few things in there that you dont really need.

HP Software Framework ,HPConnectionManager, HPQuickWebProxy, HP ProtectTools, HP Support Assistant. The netbook I have here has downloads for these. But I wont be installing them.. All they do is take up space on the hdd. And I dont even know what they do anyway. But, it runs fine without them

NZHawk
21-06-2013, 03:10 PM
I agree - I feel HP overloads their systems with stuff the user doesn't need or want.
Cheers - will make the suggested changes.

Speedy Gonzales
21-06-2013, 03:14 PM
Sweet no probs. Yup most branded PC's you'll get a lot of junk on them lol. One reason I build my own. None of this crap gets installed on it lol

NZHawk
21-06-2013, 03:38 PM
Malwarebytes found:
Files Detected: 2
D:\OWNER-PC\Backup Set 2012-04-09 185240\Backup Files 2012-04-22 202938\Backup files 2.zip (Rogue.Installer.SFXGen1)
D:\OWNER-PC\Backup Set 2012-04-09 185240\Backup Files 2012-05-27 195526\Backup files 2.zip (Rogue.Installer.SFXGen1)

Speedy Gonzales
21-06-2013, 03:47 PM
You may have to send a sample to them (http://forums.malwarebytes.org/index.php?showtopic=102160). To see if it is a rogue installer, or a false +. Or do this (http://forums.malwarebytes.org/index.php?showtopic=3228)

If you scanned the same files with bitdefender, what does that say?

Greven
21-06-2013, 04:01 PM
I find it very annoying that tracking cookies are portrayed as serious security risks by some anti-virus applications.

NZHawk
21-06-2013, 04:47 PM
Thank you.
Have to follow up on this Tues - have an extended weekend :)

1101
21-06-2013, 05:21 PM
I find it very annoying that tracking cookies are portrayed as serious security risks by some anti-virus applications.

Which is the reason we often get comments" AV-scanner'A' found nothing, yet Wizbang.AVScanner found 25 "serious threats" (ie cookies)!!!!! So AV-scanner'A' is useless.
:badpc:

wainuitech
21-06-2013, 07:09 PM
Which is the reason we often get comments" AV-scanner'A' found nothing, yet Wizbang.AVScanner found 25 "serious threats" (ie cookies)!!!!! So AV-scanner'A' is useless.
:badpc:
That depends on who is saying the AV is not that good. Personally I dont include cookies as part of the "infections" that's because I run two programs first, 1. Ccleaner and 2. TFC cleaner ( cleans out items ccleaner misses) So all cookies are removed beforehand.