Jump to content

h2otech1

Members
  • Posts

    13
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Raid- I updated mbam and ran both the full scan and then again the quick scan. Here are the logs, full first then the quick: Malwarebytes' Anti-Malware 1.31 Database version: 1460 Windows 5.1.2600 Service Pack 3 12/4/2008 3:42:06 PM mbam-log-2008-12-04 (15-42-06).txt Scan type: Full Scan (C:\|) Objects scanned: 147507 Time elapsed: 44 minute(s), 46 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce27cd53-6ffd-49c4-a72a-60b139e15e4b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nfhakpga (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ce27cd53-6ffd-49c4-a72a-60b139e15e4b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c760d34-e6a5-4111-bfe1-4ef0620b8eca} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{8c760d34-e6a5-4111-bfe1-4ef0620b8eca} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c760d34-e6a5-4111-bfe1-4ef0620b8eca} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\qsjatud.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\clusapim.dll (Trojan.Vundo.H) -> Delete on reboot. C:\Documents and Settings\HP_Owner\GoToAssist_chat2way__317_en.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.31 Database version: 1460 Windows 5.1.2600 Service Pack 3 12/4/2008 4:00:55 PM mbam-log-2008-12-04 (16-00-55).txt Scan type: Quick Scan Objects scanned: 70212 Time elapsed: 11 minute(s), 12 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 6 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce27cd53-6ffd-49c4-a72a-60b139e15e4b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nfhakpga (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ce27cd53-6ffd-49c4-a72a-60b139e15e4b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8c760d34-e6a5-4111-bfe1-4ef0620b8eca} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{8c760d34-e6a5-4111-bfe1-4ef0620b8eca} (Trojan.Vundo.H) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8c760d34-e6a5-4111-bfe1-4ef0620b8eca} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\qsjatud.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\clusapim.dll (Trojan.Vundo.H) -> Delete on reboot.
  2. Raid, here ya go, the log file from Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:48:19 PM, on 12/4/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon06.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Browser Mouse\MOffice.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Browser Mouse\MOUSE32A.EXE C:\HP\KBD\KBD.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {8C760D34-E6A5-4111-BFE1-4EF0620B8ECA} - C:\WINDOWS\system32\clusapim.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {CE27CD53-6FFD-49C4-A72A-60B139E15E4B} - c:\windows\system32\qsjatud.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] "C:\WINDOWS\SOUNDMAN.EXE" O4 - HKLM\..\Run: [AlcWzrd] "C:\WINDOWS\ALCWZRD.EXE" O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon06] "C:\WINDOWS\system32\hphmon06.exe" O4 - HKLM\..\Run: [imInstaller_IncrediMail] "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe" -startup -product IncrediMail O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe" O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE" O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] - O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [sFP] "C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE" /s O4 - HKCU\..\Run: [Weather] "C:\Program Files\AWS\WeatherBug\Weather.exe" 1 O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: nfhakpga - C:\WINDOWS\SYSTEM32\qsjatud.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 9744 bytes
  3. Raid- The PC seems to be running at normal now, the same as it was prior to recieving these bugs. Speed is ok, resources are ok. Here is the HiJack log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:34:49 AM, on 12/3/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon06.exe C:\windows\system\hpsysdrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Browser Mouse\MOffice.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Browser Mouse\MOUSE32A.EXE C:\WINDOWS\system32\drivers\KodakCCS.exe C:\HP\KBD\KBD.EXE c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AWS\WeatherBug\Weather.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\EJ23QHYF\HiJackThis[1].exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {8C760D34-E6A5-4111-BFE1-4EF0620B8ECA} - C:\WINDOWS\system32\clusapim.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: (no name) - {CE27CD53-6FFD-49C4-A72A-60B139E15E4B} - c:\windows\system32\qsjatud.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] "C:\WINDOWS\SOUNDMAN.EXE" O4 - HKLM\..\Run: [AlcWzrd] "C:\WINDOWS\ALCWZRD.EXE" O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\URGOKQQC\WAS5Scan[1].exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon06] "C:\WINDOWS\system32\hphmon06.exe" O4 - HKLM\..\Run: [imInstaller_IncrediMail] "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe" -startup -product IncrediMail O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe" O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE" O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] - O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe" O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe" O4 - HKCU\..\Run: [sFP] "C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE" /s O4 - HKCU\..\Run: [Weather] "C:\Program Files\AWS\WeatherBug\Weather.exe" 1 O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: nfhakpga - C:\WINDOWS\SYSTEM32\qsjatud.dll O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 10020 bytes
  4. Raid- Ok, finally got back to dealing with this. Here is the sysclean log file: /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2006-2007, Trend Micro, Inc. | | http://www.antivirus.com | \--------------------------------------------------------------/ 2008-12-02, 11:34:25, Auto-clean mode specified. 2008-12-02, 11:34:26, Initialized Rootkit Driver version 2.2.0.1004. 2008-12-02, 11:34:26, Running scanner "C:\MALWARE CLEANUP\TSC.BIN"... 2008-12-02, 11:35:16, Scanner "C:\MALWARE CLEANUP\TSC.BIN" has finished running. 2008-12-02, 11:35:16, TSC Log:
  5. Again............................ YOU ROCK!!!!!!!!!!!!!!! OK, did not get to this today for all seems OK. I will continue hopefully tomorrow morning????? TXgiving and all. I will continue w/ your advice and try to fully eradicate these l'll bastards!!!!!! If you don't hear from me, its because I'm off to the dezert for the weekend............. Happy Turkey Day, and again......................... THANK YOU!!!!!!!!!!!!!!!!!!!!!!!!
  6. Thanks Raid, I will tackle this later on today. After all the scans and cleaning, everthing seems to running good right now, at least at the level at was last week prior to all of this. Do you think we need to continue? Does every PC need zero viruses / trojans to run effeciently? If one exists that you cannot get rid of, will it propogate others to intrude? On a side note, I had just renewed norton about 4 weeks ago and it did nothing to catch any of this. Co-workers have suggested not using norton and instead use AVG. I uninstalled norton late yesterday and installed AVG. So, hopefully the risk will be more minimal than before??? Thank again!!!!!!!
  7. I tried to zip the clusapim file but I get an error message of file not found. I did the same w/ the qsjatud file and it seems like it zipped, but I don't know where to find the folder. Sorry, not real familiar w/ zipping. I then tried to upload the files using your supplied upload link and got a message that the clusapim was not found. Don't mean to be a pain in the A$$, but I am not that PC savy. Thank again, really!!!!!!!!!
  8. And the OTListIt's Extras Log File: Again, thanks for all of your help, cause I no idea what all this means!!!!!!!!! OTListIt Extras logfile created on: 11/25/2008 12:40:00 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\HP_Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.29 Mb Total Physical Memory | 492.91 Mb Available Physical Memory | 48.55% Memory free 2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.68% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 179.33 Gb Total Space | 158.95 Gb Free Space | 88.63% Space Free | Partition Type: NTFS Drive D: | 6.96 Gb Total Space | 1.84 Gb Free Space | 26.41% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-4F1261A8E5 Current User Name: HP_Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2006/10/30 09:36:32 | 15,338,560 | ---- | M] (Apple Computer, Inc.) -- %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2005/02/25 05:49:52 | 00,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink [2004/02/13 13:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater File not found -- C:\Documents and Settings\HP_Owner\My Documents\My PSP Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found -- C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\NHW8CZ33\incredimail_install[1].exe:*:Enabled:IncrediMail Installer File not found -- C:\Documents and Settings\HP_Owner\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer [2006/10/30 09:36:32 | 15,338,560 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes [2008/04/13 10:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008/08/21 12:59:55 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire [2008/11/15 06:29:22 | 00,016,896 | ---- | M] () -- C:\WINDOWS\system32\bw7nir4b.exe:*:Disabled:bw7nir4b ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306 "{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600 "{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN "{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1 "{28CFF19D-B92C-4109-A427-F75505E81688}" = cp_dwSharkTaleAlbums1 "{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005 "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36FCD82D-1CED-436d-B33C-874EEC666D68}" = cp_dwSharkTaleCards1 "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext "{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06 "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth "{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{446DBFFA-4088-48E3-8932-74316BA4CAE4}" = iTunes "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{4C04DF1B-6A39-4299-9DD1-1FA60000266E}" = HP Photosmart Cameras 4.0 "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC "{50D8FFDD-90CD-4859-841F-AA1961C7767A}" = QuickTime "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade "{55508A44-8225-47AB-9666-1F57A5B5CE2E}" = CP_PLSBusinessFlyers "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{64D5E9DE-7890-4FB0-8865-8B24BE1773F7}" = LightScribe 1.4.42.1 "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH "{6B350CA4-0031-0002-3757-34999AD85AEC}" = InterVideo WinDVD Creator "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{70DECFBF-9119-4434-B2D3-A3C283D15E45}" = WeatherBug "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1 "{725249C3-B94C-4141-8799-0D3BA43D0812}" = CameraDrivers "{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{7B98685A-4E21-4A4F-A2D6-DC557042BADA}" = HPIZplus450 "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT "{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003 "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects "{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen "{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2 "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config "{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP "{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series "{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO "{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B103C8A7-D1CC-4B1A-BD41-883F652E097D}" = muvee autoProducer 3.5 magicMoments - HPD "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR "{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel "{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = HP Organize "{D0420D64-8D33-4374-A2B2-9225C7925CA6}" = HP Image Zone Plus 4.5.3 "{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E2EFF20D-30BF-4907-B1FD-B7EBCED798D6}" = HPHDiscovery "{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR "{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers "{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update "{FEE5C812-51C7-4A6B-9DC0-4618AC9F6BD4}" = JD2 Tube Bend App. "Absolute Poker Basic" = Absolute Poker Basic "ActiveScan 2.0" = Panda ActiveScan 2.0 "Agere Systems Soft Modem" = Agere Systems PCI Soft Modem "BackWeb-309731 Uninstaller" = Updates from HP "Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe (remove only) "Browser Mouse" = Browser Mouse "Help and Support Additions" = Help and Support Additions "HijackThis" = HijackThis 2.0.2 "HP Photo & Imaging" = HP Image Zone 4.7 "HPExtendedCapabilities" = HP Extended Capabilities 4.7 "InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows "InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005 "LimeWire" = LimeWire 4.18.6 "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation) "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NAV" = Norton AntiVirus "Pdf995" = Pdf995 "PdfEdit995" = PdfEdit995 "Pro Media Director_is1" = Pro Media Director Version 1.1.1.1 "PS2" = PS2 "RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.12 "RealPlayer 6.0" = RealPlayer "ShockwaveFlash" = Adobe Flash Player 9 ActiveX "Sierra Utilities" = Sierra Utilities "TaxCut Basic 2006" = TaxCut Basic 2006 "TaxCut Standard 2005" = TaxCut Standard 2005 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/16/2008 3:30:29 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000 Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0009586f. Error - 11/19/2008 2:36:56 AM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x000100c8. Error - 11/20/2008 1:21:56 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x0c4f740d. Error - 11/21/2008 9:42:32 AM | Computer Name = YOUR-4F1261A8E5 | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Initialization of the COM subsystem failed. Error code: 0x80080005 Error - 11/23/2008 5:09:11 PM | Computer Name = YOUR-4F1261A8E5 | Source = ESENT | ID = 490 Description = wuauclt (2792) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 11/23/2008 5:09:21 PM | Computer Name = YOUR-4F1261A8E5 | Source = ESENT | ID = 490 Description = wuauclt (2792) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 11/23/2008 5:20:41 PM | Computer Name = YOUR-4F1261A8E5 | Source = ESENT | ID = 490 Description = wuauclt (1380) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 11/23/2008 5:20:51 PM | Computer Name = YOUR-4F1261A8E5 | Source = ESENT | ID = 490 Description = wuauclt (1380) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error - 11/24/2008 2:34:55 PM | Computer Name = YOUR-4F1261A8E5 | Source = Application Error | ID = 1000 Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x026823ac. Error - 11/25/2008 1:13:10 AM | Computer Name = YOUR-4F1261A8E5 | Source = pctsSvc.exe | ID = 0 Description = [ System Events ] Error - 11/24/2008 11:53:15 PM | Computer Name = YOUR-4F1261A8E5 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. Error - 11/24/2008 11:53:37 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IDSxpx86 Error - 11/25/2008 12:36:41 AM | Computer Name = YOUR-4F1261A8E5 | Source = sr | ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume. Error - 11/25/2008 12:37:00 AM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IDSxpx86 Error - 11/25/2008 12:44:05 AM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IDSxpx86 Error - 11/25/2008 1:16:38 AM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IDSxpx86 Error - 11/25/2008 1:29:00 AM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IDSxpx86 Error - 11/25/2008 1:52:09 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IDSxpx86 Error - 11/25/2008 2:41:47 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IDSxpx86 Error - 11/25/2008 2:45:35 PM | Computer Name = YOUR-4F1261A8E5 | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: IDSxpx86 < End of report >
  9. And here is the log file for OTListIt: OTListIt logfile created on: 11/25/2008 12:40:00 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\HP_Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1015.29 Mb Total Physical Memory | 492.91 Mb Available Physical Memory | 48.55% Memory free 2.39 Gb Paging File | 1.95 Gb Available in Paging File | 81.68% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 179.33 Gb Total Space | 158.95 Gb Free Space | 88.63% Space Free | Partition Type: NTFS Drive D: | 6.96 Gb Total Space | 1.84 Gb Free Space | 26.41% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-4F1261A8E5 Current User Name: HP_Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2004/11/02 00:59:42 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe [2005/03/04 11:01:56 | 00,088,209 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe [2005/02/25 05:39:16 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005/04/06 17:57:12 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE [2005/04/06 17:53:00 | 02,805,248 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE [2005/04/12 00:10:22 | 00,065,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [2004/06/07 03:42:30 | 00,659,456 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon06.exe [1998/05/07 01:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe [2006/12/07 17:25:19 | 00,958,464 | ---- | M] () -- C:\Program Files\Browser Mouse\MOffice.exe [2006/10/25 18:58:18 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe [2006/12/07 17:25:18 | 00,356,352 | ---- | M] () -- C:\Program Files\Browser Mouse\mouse32a.exe [2006/10/30 09:36:36 | 00,256,576 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe [2005/02/02 16:44:24 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008/02/22 03:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008/08/09 15:04:58 | 05,418,864 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2007/01/05 14:04:10 | 00,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2004/11/04 19:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004/08/11 01:22:40 | 00,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004/02/13 13:12:08 | 00,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2005/02/25 05:49:52 | 00,045,056 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004/05/24 11:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe [2005/07/24 22:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2008/11/04 20:24:52 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe [2008/02/08 12:01:34 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008/08/09 13:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2006/10/30 09:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe [2008/11/04 20:24:52 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe [2008/02/22 03:25:20 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe [2008/08/09 13:42:02 | 00,181,608 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe [2008/11/25 12:33:18 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt.exe ========== (O23) Win32 Services ========== [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2007/01/05 14:04:10 | 00,554,616 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running]) [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2006/10/30 09:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running]) [2004/05/24 11:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS [Auto | Running]) [2005/07/24 22:35:00 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running]) [2007/01/05 14:04:04 | 02,918,008 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped]) File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped]) [2007/11/28 19:51:10 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running]) [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) [2008/11/04 20:24:52 | 00,115,560 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe -- (Norton AntiVirus [Auto | Running]) [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2007/08/08 23:27:52 | 00,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped]) [2008/02/08 12:01:34 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [Auto | Running]) [2008/08/09 13:42:02 | 03,585,384 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Running]) [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2005/03/04 11:02:20 | 01,066,278 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem [On_Demand | Running]) [2008/11/04 20:25:03 | 00,255,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\BHDrvx86.sys -- (BHDrvx86 [system | Running]) [2008/11/20 09:22:32 | 00,362,544 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\cchpx86.sys -- (ccHP [system | Running]) [2004/05/20 07:21:10 | 00,036,918 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam [system | Running]) [2004/05/20 07:41:54 | 00,061,564 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint [On_Demand | Stopped]) [2004/06/02 12:19:00 | 00,038,705 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K [Auto | Running]) [2004/05/20 07:39:42 | 00,008,022 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps [On_Demand | Stopped]) [2004/05/20 07:45:20 | 00,068,950 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP [On_Demand | Stopped]) [2008/11/20 09:22:32 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [system | Running]) [2008/11/20 09:22:32 | 00,099,376 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running]) [2004/06/02 12:17:56 | 00,151,985 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit [system | Stopped]) [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running]) [2004/03/17 16:10:40 | 00,113,664 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService [On_Demand | Stopped]) [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2004/12/14 08:07:44 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Stopped]) [2004/12/14 08:07:44 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped]) [2004/12/14 08:07:44 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped]) [2004/11/02 01:27:20 | 00,773,565 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm [On_Demand | Running]) [2008/11/20 09:22:32 | 00,274,808 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20081120.006\IDSxpx86.sys -- (IDSxpx86 [system | Stopped]) [2005/04/15 17:05:42 | 02,564,032 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running]) [2003/09/10 23:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.) -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi [On_Demand | Running]) [2008/04/13 10:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped]) [2007/09/28 10:30:57 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped]) [2007/09/28 10:30:49 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped]) [2008/11/20 01:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081124.023\NAVENG.SYS -- (NAVENG [On_Demand | Running]) [2008/11/20 01:00:00 | 00,876,112 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081124.023\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running]) [2003/09/19 01:47:00 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc [On_Demand | Running]) [2005/12/12 17:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2 [On_Demand | Running]) [2004/08/03 20:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2005/02/25 05:38:09 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running]) [2002/10/04 02:04:10 | 00,046,976 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139 [On_Demand | Running]) [2007/04/03 12:59:30 | 00,083,208 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus [On_Demand | Stopped]) [2007/04/03 12:59:36 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdfl.sys -- (s616mdfl [On_Demand | Stopped]) [2007/04/03 12:59:38 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mdm.sys -- (s616mdm [On_Demand | Stopped]) [2007/04/03 12:59:40 | 00,100,360 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616mgmt.sys -- (s616mgmt [On_Demand | Stopped]) [2007/04/03 12:59:42 | 00,098,568 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616obex.sys -- (s616obex [On_Demand | Stopped]) [2007/04/03 12:59:42 | 00,099,080 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s616unic.sys -- (s616unic [On_Demand | Stopped]) [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2008/11/04 20:25:03 | 00,306,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\srtsp.sys -- (SRTSP [On_Demand | Running]) [2008/11/04 20:25:03 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\srtspx.sys -- (SRTSPX [system | Running]) [2008/08/09 13:42:12 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc [boot | Running]) [2008/08/09 13:42:14 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (SSHRMD [boot | Running]) [2008/08/09 13:42:14 | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (SSIDRV [boot | Running]) [2008/01/04 20:34:36 | 00,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD [On_Demand | Running]) [2008/11/20 09:22:34 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\symdns.sys -- (SYMDNS [On_Demand | Stopped]) [2008/11/04 20:25:03 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\SymEFA.sys -- (SymEFA [boot | Running]) [2008/11/20 09:22:44 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running]) [2008/11/20 09:22:35 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\symfw.sys -- (SYMFW [On_Demand | Stopped]) [2008/11/20 09:22:36 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\symids.sys -- (SYMIDS [On_Demand | Stopped]) [2008/11/20 09:22:36 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM [On_Demand | Stopped]) [2008/11/20 09:22:36 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP [On_Demand | Running]) [2006/06/14 19:42:59 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running]) [2008/11/20 09:22:36 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\symndis.sys -- (SYMNDIS [On_Demand | Stopped]) [2008/11/20 09:22:36 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\NAV\1001000.021\symredrv.sys -- (SYMREDRV [On_Demand | Stopped]) [2008/04/13 10:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP [On_Demand | Stopped]) [2004/08/03 20:00:00 | 00,023,424 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\zthhzhwv.sys -- (zthhzhwv [boot | Running]) ========== Internet Explorer ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...pdate&O1=b1 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55α=%s&S=1 HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ HKU\S-1-5-21-691311170-1838169275-933237389-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch HKU\S-1-5-21-691311170-1838169275-933237389-1009\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...pdate&O1=b1 HKU\S-1-5-21-691311170-1838169275-933237389-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm HKU\S-1-5-21-691311170-1838169275-933237389-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = HKU\S-1-5-21-691311170-1838169275-933237389-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop HKU\S-1-5-21-691311170-1838169275-933237389-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55α=%s&S=1 HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s HKU\S-1-5-21-691311170-1838169275-933237389-1009\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 HKU\S-1-5-21-691311170-1838169275-933237389-1009\S-1-5-21-691311170-1838169275-933237389-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1 O1 HOSTS File: (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\IPSBHO.dll (Symantec Corporation) O2 - BHO: (no name) - {8C760D34-E6A5-4111-BFE1-4EF0620B8ECA} - C:\WINDOWS\system32\clusapim.dll (Alcohol Soft Development Team) O2 - BHO: () - {CE27CD53-6FFD-49C4-A72A-60B139E15E4B} - c:\WINDOWS\system32\qsjatud.dll () O3 - HKLM\..\Toolbar: (no name) - - Reg Error: Key does not exist or could not be opened. File not found O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKCU\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKCU\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\.DEFAULT\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-18\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\..\Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.) O3 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - Reg Error: Key does not exist or could not be opened. File not found O3 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\..\Toolbar: (no name) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company) O3 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\..\Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key does not exist or could not be opened. File not found O4 - HKLM..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe" (Agere Systems) O4 - HKLM..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] "C:\WINDOWS\ALCWZRD.EXE" (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [ccApp] - File not found O4 - HKLM..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe" () O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe" (Windows ® Server 2003 DDK provider) O4 - HKLM..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" (Intel Corporation) O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard) O4 - HKLM..\Run: [HPHmon06] "C:\WINDOWS\system32\hphmon06.exe" (Hewlett-Packard) O4 - HKLM..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe" (Hewlett-Packard Company) O4 - HKLM..\Run: [imInstaller_IncrediMail] "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe" -startup -product IncrediMail File not found O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Computer, Inc.) O4 - HKLM..\Run: [KBD] "C:\HP\KBD\KBD.EXE" (Hewlett-Packard Company) O4 - HKLM..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\URGOKQQC\WAS5Scan[1].exe" File not found O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.) O4 - HKLM..\Run: [soundMan] "C:\WINDOWS\SOUNDMAN.EXE" (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray (Webroot Software, Inc.) O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.) O4 - HKLM..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation) O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) O4 - HKLM..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon File not found O4 - HKLM..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN File not found O4 - HKCU..\Run: [sFP] "C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE" /s File not found O4 - HKCU..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer Networking Limited) O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.) O4 - HKU\S-1-5-21-691311170-1838169275-933237389-1009..\Run: [sFP] "C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE" /s File not found O4 - HKU\S-1-5-21-691311170-1838169275-933237389-1009..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" (Safer Networking Limited) O4 - HKU\S-1-5-21-691311170-1838169275-933237389-1009..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 (AWS Convergence Technologies, Inc.) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] Narrator.exe (Microsoft Corporation) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (Hewlett-Packard) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Sites: 2 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKU\S-1-5-21-691311170-1838169275-933237389-1009\..Trusted Sites: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/download...ne_Inst_Win.cab (Reg Error: Key does not exist or could not be opened.) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://download.games.yahoo.com/games/web_...e/gpcontrol.cab (TikGames Online Control) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.) O18 - Protocol\Handler: - ipp - No CLSID value found O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp - No CLSID value found O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler: - ms-itss - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - See sections below for AppInitDlls and Winlogon settings ========== Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation) nfhakpga: "DllName" = qsjatud.dll -- C:\WINDOWS\system32\qsjatud.dll () ========== LSA *Authentication Packages* ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "Authentication Packages" = msv1_0,OWS\S >File not found -- ========== Safeboot Options ========== "AlternateShell" = cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] [2005/02/25 06:18:25 | 00,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] AUTOEXEC.BAT [] [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () -- D:\AUTOEXEC.BAT -- [ FAT32 ] Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] [2004/04/30 21:01:14 | 00,000,053 | -HS- | M] () -- D:\Autorun.inf -- [ FAT32 ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun] "" = Auto&Play [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command] "" = D:\setup.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\*.tmp files] [2008/11/25 12:33:18 | 00,418,304 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt.exe [2008/11/25 12:27:37 | 00,001,745 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk [2008/11/25 12:27:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2008/11/25 11:05:26 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2008/11/25 11:05:01 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security [2008/11/25 11:05:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2008/11/25 11:00:48 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\qouwge.sys [2008/11/25 10:07:41 | 00,000,944 | ---- | C] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk [2008/11/25 10:07:31 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2008/11/25 10:07:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/11/24 20:07:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 [2008/11/24 13:44:11 | 00,917,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX [2008/11/24 13:01:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\ARCHIVED EMAIL [2008/11/24 10:14:14 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2008/11/24 10:14:14 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2008/11/24 10:01:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\My Documents\BACKED UP FILES MY DOCUMENTS [2008/11/23 08:47:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Malwarebytes [2008/11/23 08:47:14 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/11/23 08:47:14 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/11/23 08:47:11 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/11/23 08:47:09 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/11/23 08:47:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/11/20 16:32:23 | 00,001,826 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk [2008/11/20 10:47:34 | 00,620,006 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\Cat.DB [2008/11/20 10:34:56 | 00,198,192 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symtdi.sys [2008/11/20 10:34:55 | 00,309,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.sys [2008/11/20 10:34:55 | 00,089,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symfw.sys [2008/11/20 10:34:55 | 00,040,496 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symndisv.sys [2008/11/20 10:34:55 | 00,037,424 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symndis.sys [2008/11/20 10:34:55 | 00,034,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symids.sys [2008/11/20 10:34:55 | 00,024,752 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symredrv.sys [2008/11/20 10:34:55 | 00,013,089 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.cat [2008/11/20 10:34:55 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.inf [2008/11/20 10:34:55 | 00,001,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.inf [2008/11/20 10:34:54 | 00,306,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.sys [2008/11/20 10:34:54 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.sys [2008/11/20 10:34:54 | 00,012,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symdns.sys [2008/11/20 10:34:54 | 00,008,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.cat [2008/11/20 10:34:54 | 00,008,390 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.cat [2008/11/20 10:34:54 | 00,008,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.cat [2008/11/20 10:34:54 | 00,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.inf [2008/11/20 10:34:54 | 00,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.inf [2008/11/20 10:34:52 | 00,255,536 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.sys [2008/11/20 10:34:52 | 00,008,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.CAT [2008/11/20 10:34:52 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.inf [2008/11/20 10:33:52 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\isolate.ini [2008/11/20 10:33:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1001000.021 [2008/11/20 09:22:47 | 00,035,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys [2008/11/20 09:22:44 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2008/11/20 09:22:44 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2008/11/20 09:22:44 | 00,010,635 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2008/11/20 09:22:44 | 00,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2008/11/20 09:22:37 | 00,002,091 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk [2008/11/20 09:22:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV [2008/11/20 09:22:04 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar [2008/11/20 09:21:42 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2008/11/19 14:24:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\Mozilla [2008/11/19 14:24:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\tdfjfgji [2008/11/19 14:24:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\HP_Owner\Application Data\tdfjfgji [2008/11/15 06:29:29 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bw7nir4b.exe [2008/11/15 06:28:56 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job [2008/11/15 06:28:31 | 00,098,816 | ---- | C] (Alcohol Soft Development Team) -- C:\WINDOWS\System32\clusapim.dll [2008/11/12 09:19:07 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2008/11/12 09:18:56 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll ========== Files - Modified Within 30 Days ========== [20 C:\WINDOWS\System32\*.tmp files] [1 C:\WINDOWS\*.tmp files] [2008/11/25 12:33:18 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Owner\Desktop\OTListIt.exe [2008/11/25 12:27:37 | 00,001,745 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\HijackThis.lnk [2008/11/25 11:00:48 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\qouwge.sys [2008/11/25 10:50:27 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2008/11/25 10:46:18 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/25 10:44:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/25 10:44:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/11/25 10:44:44 | 10,646,85568 | -HS- | M] () -- C:\hiberfil.sys [2008/11/25 10:39:39 | 05,890,576 | -H-- | M] () -- C:\Documents and Settings\HP_Owner\Local Settings\Application Data\IconCache.db [2008/11/25 10:07:41 | 00,000,944 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Spybot - Search & Destroy.lnk [2008/11/25 09:58:04 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Microsoft Office Word 2003.lnk [2008/11/24 20:54:28 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\EMAIL.lnk [2008/11/24 20:08:14 | 00,445,458 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/11/24 20:08:14 | 00,384,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/11/24 20:08:14 | 00,054,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/11/24 18:52:54 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job [2008/11/24 13:44:11 | 00,917,504 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\FLASH.OCX [2008/11/24 13:39:44 | 00,000,847 | ---- | M] () -- C:\WINDOWS\win.ini [2008/11/24 13:00:02 | 00,001,692 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L8426DC16FCF345DE92DE2F2DDAB65B37.job [2008/11/24 10:14:33 | 00,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008/11/24 10:14:14 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2008/11/24 10:14:14 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2008/11/22 09:18:00 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2008/11/21 10:21:40 | 00,122,880 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\WEEKLY POOL PRINTOUT.doc [2008/11/20 16:32:23 | 00,001,826 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bejeweled 2 Deluxe.lnk [2008/11/20 10:48:56 | 00,002,091 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk [2008/11/20 10:47:46 | 00,620,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\Cat.DB [2008/11/20 10:33:52 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\isolate.ini [2008/11/20 09:22:44 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS [2008/11/20 09:22:44 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL [2008/11/20 09:22:44 | 00,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT [2008/11/20 09:22:44 | 00,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF [2008/11/20 09:22:36 | 00,198,192 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symtdi.sys [2008/11/20 09:22:36 | 00,040,496 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symndisv.sys [2008/11/20 09:22:36 | 00,037,424 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symndis.sys [2008/11/20 09:22:36 | 00,035,888 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys [2008/11/20 09:22:36 | 00,034,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symids.sys [2008/11/20 09:22:36 | 00,024,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symredrv.sys [2008/11/20 09:22:35 | 00,089,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symfw.sys [2008/11/20 09:22:34 | 00,012,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\symdns.sys [2008/11/19 12:58:27 | 00,001,692 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_LFD35ABAF75F84190804C495313906639.job [2008/11/15 06:29:22 | 00,016,896 | ---- | M] () -- C:\WINDOWS\System32\bw7nir4b.exe [2008/11/13 05:13:29 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/11/07 20:40:40 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\HP_Owner\Desktop\Microsoft Office Excel 2003.lnk [2008/11/04 20:25:03 | 00,309,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.sys [2008/11/04 20:25:03 | 00,306,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.sys [2008/11/04 20:25:03 | 00,255,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.sys [2008/11/04 20:25:03 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.sys [2008/11/04 20:24:59 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.inf [2008/11/04 20:24:59 | 00,001,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.inf [2008/11/04 20:24:59 | 00,001,388 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.inf [2008/11/04 20:24:59 | 00,001,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.inf [2008/11/04 20:24:59 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.inf [2008/11/04 20:24:55 | 00,013,089 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymNet.cat [2008/11/04 20:24:55 | 00,008,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\SymEFA.cat [2008/11/04 20:24:55 | 00,008,390 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtspx.cat [2008/11/04 20:24:55 | 00,008,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\srtsp.cat [2008/11/04 20:24:55 | 00,008,382 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1001000.021\BHDrvx86.CAT [2008/11/03 16:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe < End of report >
  10. And the log file from HiJack: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:28:35 PM, on 11/25/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\hphmon06.exe C:\windows\system\hpsysdrv.exe C:\Program Files\Browser Mouse\MOffice.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Browser Mouse\MOUSE32A.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\HP\KBD\KBD.EXE C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\drivers\KodakCCS.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\IPSBHO.DLL O2 - BHO: (no name) - {8C760D34-E6A5-4111-BFE1-4EF0620B8ECA} - C:\WINDOWS\system32\clusapim.dll O2 - BHO: (no name) - {CE27CD53-6FFD-49C4-A72A-60B139E15E4B} - c:\windows\system32\qsjatud.dll O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe" O4 - HKLM\..\Run: [AGRSMMSG] "C:\WINDOWS\AGRSMMSG.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [soundMan] "C:\WINDOWS\SOUNDMAN.EXE" O4 - HKLM\..\Run: [AlcWzrd] "C:\WINDOWS\ALCWZRD.EXE" O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE" O4 - HKLM\..\Run: [NI.UWAS5LP_0001_0811] "C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\URGOKQQC\WAS5Scan[1].exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPHmon06] "C:\WINDOWS\system32\hphmon06.exe" O4 - HKLM\..\Run: [imInstaller_IncrediMail] "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe" -startup -product IncrediMail O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe" O4 - HKLM\..\Run: [HPHUPD06] "c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] "C:\WINDOWS\system32\HDAudPropShortcut.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] "C:\Program Files\Browser Mouse\MOffice.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE" O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN O4 - HKLM\..\Run: [Verizon Custom Uninstall Tracking] "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\InstallHelper.exe" /uninstalltrackingvendor=Verizon O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ccApp] - O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [sFP] "C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE" /s O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1 O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} (Rhapsody Player Engine) - http://forms.real.com/real/player/download...ne_Inst_Win.cab O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...e/gpcontrol.cab O20 - Winlogon Notify: nfhakpga - C:\WINDOWS\SYSTEM32\qsjatud.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.1.0.33\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 11280 bytes
  11. And here is the log from Panda Security: ;******************************************************************************* ******************************************************************************** * ******************* ANALYSIS: 2008-11-25 12:22:29 PROTECTIONS: 1 MALWARE: 5 SUSPECTS: 5 ;******************************************************************************* ******************************************************************************** * ******************* PROTECTIONS Description Version Active Updated ;=============================================================================== ================================================================================ = =================== Norton AntiVirus 16.0.0.125 Yes Yes ;=============================================================================== ================================================================================ = =================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=============================================================================== ================================================================================ = =================== 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Default User\Cookies\system@atdmt[2].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\HP_Owner\Local Settings\Temp\Cookies\hp_owner@ad.yieldmanager[1].txt 02077612 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP4\A0009168.exe 03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\drivers\qouwge.sys 04156665 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\WINDOWS\system32\clusapim.dll ;=============================================================================== ================================================================================ = =================== SUSPECTS Sent Location y ;=============================================================================== ================================================================================ = =================== No C:\hp\bin\KillIt.exe y No C:\hp\recovery\wizard\SWR_Wizard.exe y No C:\Program Files\Online Services\NetscapeOnline\NSsetup.exe y No C:\WINDOWS\Installer\167ae975.msi[unk_0100] y No C:\WINDOWS\system32\bw7nir4b.exe y ;=============================================================================== ================================================================================ = =================== VULNERABILITIES Id Severity Description y ;=============================================================================== ================================================================================ = =================== ;=============================================================================== ================================================================================ = ===================
  12. Thanks for the reply!!!! 1) Ran Spybot S&D. 2) Reinstalled MBAM, scanned and the log is found below. I will continue with your instructions and repost the other logs. Thank you!!!!! Malwarebytes' Anti-Malware 1.30 Database version: 1423 Windows 5.1.2600 Service Pack 3 11/25/2008 10:58:00 AM mbam-log-2008-11-25 (10-58-00).txt Scan type: Quick Scan Objects scanned: 57699 Time elapsed: 6 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce27cd53-6ffd-49c4-a72a-60b139e15e4b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nfhakpga (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ce27cd53-6ffd-49c4-a72a-60b139e15e4b} (Trojan.Vundo.H) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\qsjatud.dll (Trojan.Vundo.H) -> Delete on reboot.
  13. Hello, I hope this is the right place to post, and MB seems to be well versed and educated, so here is my problem (like others): Got infected w/ the Vundo & Agent so downloaded MBAM. Got rid of most but there are still 8 lingering bugs I cannot get rid of. Tried many times w/ MBAM, please help and thank you in advance. In looking at other posts, I beleive I need to tell you what OS I have and give you my MBAM log files so I hope this is enough: MS Window XP Home Edition Version 2002 Service Pack 3 Log Files--------------------------------------------------- Malwarebytes' Anti-Malware 1.30 Database version: 1419 Windows 5.1.2600 Service Pack 3 11/24/2008 8:35:05 PM mbam-log-2008-11-24 (20-35-05).txt Scan type: Quick Scan Objects scanned: 57578 Time elapsed: 4 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 3 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ce27cd53-6ffd-49c4-a72a-60b139e15e4b} (Trojan.Vundo.H) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nfhakpga (Trojan.Vundo.H) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{ce27cd53-6ffd-49c4-a72a-60b139e15e4b} (Trojan.Vundo.H) -> Delete on reboot. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\WINDOWS\system32\qsjatud.dll (Trojan.Vundo.H) -> Delete on reboot. I have tried to reboot immediately afterward, but cannot remove the 8. Thank you again for any help.... h2otech1
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.