Hijack This log.....HELP!!!!

hamsterboy · 01-08-2008 01:54PM #1

Hi All. My work machine is really in trouble and support here are less than useless.
I don't know it it'll help but I'm gonna post a hijackthis log.
Whats happening is my machine won't connect to some websites......gmail, facebook and a lot of others within the company that I need for work, but will connect to others......wiki, boards (

)etc. I'm also getting no end of spyware / adware pop-ups.
My machine is running Symantec Anti Virus and I have to use it (company policy)
I've scanned the machine using various spyware removal tools and it always finds a load of Trojans, Vundos mostly and says its removing them, then asks for a re-boot. When I try to reboot, the machine won't reboot normally and forces me to "Startup ion last known configuration that worked" which must be undoing all the removals cos its all back there when I scan the thing again...... :mad:
Anyway, here's the log if anybody knows anything about them

Logfile of HijackThis v1.99.1
Scan saved at 14:42:23, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
C:\PROGRA~1\sygate\ssa\syg_hp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Remote tools\msraLinkMonitor.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\msworld.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
O2 - BHO: (no name) - {484B72EF-F408-467B-95B4-036C81D89C47} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
O2 - BHO: {37e37533-f3b2-8e6a-9c94-c20bcfb3656b} - {b6563bfc-b02c-49c9-a6e8-2b3f33573e73} - C:\WINDOWS\system32\pykiny.dll (file missing)
O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSWorld] C:\WINDOWS\system32\msworld.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com
O15 - Trusted Zone: http://ie.config.eur.compaq.com
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
O15 - Trusted Zone: http://ie.config.jp.compaq.com
O15 - Trusted Zone: http://*.compaq.com
O15 - Trusted Zone: *.cpqcorp.net
O15 - Trusted Zone: http://*.dcu.org
O15 - Trusted Zone: http://ie.config.ecom.dec.com
O15 - Trusted Zone: http://*.dec.com
O15 - Trusted Zone: *.hp.com
O15 - Trusted Zone: http://*.hpe-learning.com
O15 - Trusted Zone: *.hpqcorp.net
O15 - Trusted Zone: *.hpshopping.com
O15 - Trusted Zone: http://ie.config.tandem.com
O15 - Trusted Zone: http://*.tandem.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Cheers

HB

MrVestek · 01-08-2008 01:58PM

Erm, are you sure that your IT department hasn't just limited access to certain sites?

ActorSeeksJob · 01-08-2008 02:13PM

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: (no name) - {484B72EF-F408-467B-95B4-036C81D89C47} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
O2 - BHO: {37e37533-f3b2-8e6a-9c94-c20bcfb3656b} - {b6563bfc-b02c-49c9-a6e8-2b3f33573e73} - C:\WINDOWS\system32\pykiny.dll (file missing)
O4 - HKLM\..\Run: [MSWorld] C:\WINDOWS\system32\msworld.exe
O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
[kill explorer]
C:\WINDOWS\system32\msworld.exe
purity 
EmptyTemp
[start explorer]
```
Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and do this

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

MrVestek · 01-08-2008 02:31PM

I stand by my original question, are you sure your IT department aren't just blocking access to certain sites?

ActorSeeksJob · 01-08-2008 03:07PM

His problem is because he has Vundo on the PC, not because of his IT Department

hamsterboy · 01-08-2008 04:01PM

Achilles wrote: »

I stand by my original question, are you sure your IT department aren't just blocking access to certain sites?

Sorry bout the delay getting back
No, no sites a limited in work, some of them are actually internal sites used for my job. Plus I can reach them in Safe Mode and when I remote into a computer 10 feet away.
ActorSeeksJob, thanks a mill for the no doubt expert response. I'll try it first thing Tuesday and post that log for ye

hamsterboy · 06-08-2008 07:29AM

Hey, sorry bout the delay but I pulled a sickie yesterday.......

So anyway, heres the logs

Deckard's System Scanner v20071014.68
Run by fortunep on 2008-08-06 08:22:20
Computer is in Normal Mode.

-- System Restore

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
37: 2008-08-06 07:22:43 UTC - RP64 - Deckard's System Scanner Restore Point
36: 2008-08-05 16:35:38 UTC - RP63 - System Checkpoint
35: 2008-08-04 15:23:39 UTC - RP62 - System Checkpoint
34: 2008-08-03 14:59:40 UTC - RP61 - System Checkpoint
33: 2008-08-02 13:47:40 UTC - RP60 - System Checkpoint

-- First Restore Point --
1: 2008-08-01 10:34:10 UTC - RP28 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as fortunep.exe)

Unable to find log (file not found); running clone.
-- HijackThis Clone

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-06 08:25:39
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\sygate\ssa\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\symantec antivirus\DefWatch.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Remote tools\msraLinkMonitor.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
C:\Program Files\symantec antivirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\symantec antivirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\symantec antivirus\VPTray.exe
C:\Program Files\Hewlett-Packard\PC COE\Ida.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\sygate\ssa\syg_hp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Jabber\Messenger\JabberMessenger.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\fortunep\Desktop\dss.exe
C:\Program Files\HijackThis\fortunep.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (file missing)
O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
O15 - Trusted Zone: http://compaq.com (HKCU)
O15 - Trusted Zone: https://compaq.com (HKCU)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKCU)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKCU)
O15 - Trusted Zone: *.cpqcorp.net (HKCU)
O15 - Trusted Zone: https://dcu.org (HKCU)
O15 - Trusted Zone: http://dcu.org (HKCU)
O15 - Trusted Zone: http://dec.com (HKCU)
O15 - Trusted Zone: https://dec.com (HKCU)
O15 - Trusted Zone: *.hp.com (HKCU)
O15 - Trusted Zone: https://hpe-learning.com (HKCU)
O15 - Trusted Zone: http://hpe-learning.com (HKCU)
O15 - Trusted Zone: *.hpqcorp.net (HKCU)
O15 - Trusted Zone: *.hpshopping.com (HKCU)
O15 - Trusted Zone: http://tandem.com (HKCU)
O15 - Trusted Zone: https://tandem.com (HKCU)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\symantec antivirus\DefWatch.exe
O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\Program Files\sygate\ssa\syg_hp.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\Liveupdate\LuComServer_3_0.EXE
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\sygate\ssa\Maga\Maga.exe
O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
O23 - Service: SavRoam - symantec - C:\Program Files\symantec antivirus\SavRoam.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\sygate\ssa\Smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\symantec antivirus\Rtvscan.exe

--
End of file - 15862 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\)

backup-20080806-081307-197 O4 - HKLM\..\Run: [MSWorld] C:\WINDOWS\system32\msworld.exe
backup-20080806-081307-208 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080806-081307-287 O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
backup-20080806-081307-383 O2 - BHO: {37e37533-f3b2-8e6a-9c94-c20bcfb3656b} - {b6563bfc-b02c-49c9-a6e8-2b3f33573e73} - C:\WINDOWS\system32\pykiny.dll (file missing)
backup-20080806-081307-432 O2 - BHO: (no name) - {484B72EF-F408-467B-95B4-036C81D89C47} - (no file)
backup-20080806-081307-486 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
backup-20080806-081307-988 O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
backup-20080806-081308-143 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

-- File Associations

.scr - scrfile - shell\open\command - "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
R3 RadiaMsi - c:\windows\system32\drivers\radiamsi.sys <Not Verified; Hewlett Packard; CM Agent>

S3 actccid (ActivCard USB Reader V2) - c:\windows\system32\drivers\actccid.sys <Not Verified; ActivCard; USB Reader V2>
S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

R2 acautoreg (ActivCard Gold Autoregister) - c:\program files\common files\activcard\acautoreg.exe <Not Verified; ActivIdentity; ActivCard Gold>
R2 Accoca (ActivCard Gold service) - c:\program files\common files\activcard\accoca.exe <Not Verified; ActivCard; ActivCard Gold>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 HPSygControl (HP Sygate Icon Control) - c:\progra~1\sygate\ssa\syg_hp.exe <Not Verified; Hewlett-Packard Company; Hewlett-Packard Company syg_hp>
R2 msralinkmonitor (MSRA Link Monitor) - "c:\program files\remote tools\msralinkmonitor.exe" <Not Verified; ; Quaranti Application>
R2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
R2 radexecd (HP OVCM Notify Daemon) - c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radexecd.exe <Not Verified; Hewlett-Packard; CM Agent>
R2 radsched (HP OVCM Scheduler Daemon) - c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radsched.exe <Not Verified; Hewlett-Packard; CM Agent>
R2 Radstgms (HP OVCM MSI Redirector) - c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radstgms.exe <Not Verified; Hewlett-Packard; CM Agent>
R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 magaService (Lan Discover Agent) - c:\program files\sygate\ssa\maga\maga.exe <Not Verified; Sygate Technologies, Inc.; Maga Application>
S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>
S3 Service_Desktop (Desktop) - c:\program files\free-soft\virtual desktop\desktop.exe (file missing)

-- Device Manager: Disabled

Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&76BB63B&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&76BB63B&0
Service: i8042prt

-- Scheduled Tasks

2008-08-06 08:19:32 388 --ah

C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2008-08-06 08:19:23 392 --ah

C:\WINDOWS\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2008-08-06 08:19:14 338 --ah

C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2008-08-06 08:19:13 346 --ah

C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2008-08-06 08:18:43 438 --ah

C:\WINDOWS\Tasks\IDA{884F3959-E5F7-11D1-9B15-080009F878E4}000.job
2008-08-06 08:18:40 266 --ah

C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

-- Files created between 2008-07-06 and 2008-08-06

2008-08-01 14:26:47 0 d

C:\Program Files\MSN Messenger
2008-08-01 14:05:44 162304 --a

C:\WINDOWS\system32\ztvunrar36.dll
2008-08-01 14:05:44 77312 --a

C:\WINDOWS\system32\ztvunace26.dll
2008-08-01 14:05:43 69632 --a

C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
2008-08-01 14:05:42 75264 --a

C:\WINDOWS\system32\unacev2.dll
2008-08-01 14:05:41 153088 --a

C:\WINDOWS\system32\UNRAR3.dll
2008-08-01 14:05:33 0 d

C:\Program Files\Trojan Remover
2008-08-01 14:05:33 0 d

C:\Documents and Settings\fortunep\Application Data\Simply Super Software
2008-08-01 14:05:33 0 d

C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-01 12:51:10 94720 --a

C:\WINDOWS\system32\gjawynbm.dll
2008-08-01 12:47:57 90112 --a

C:\WINDOWS\system32\cqbglqew.dll
2008-08-01 10:35:59 94720 --a

C:\WINDOWS\system32\jveyqwqs.dll
2008-08-01 10:35:52 90112 --a

C:\WINDOWS\system32\elunviut.dll
2008-08-01 08:46:32 0 d

C:\spoolerlogs
2008-07-31 15:57:46 0 d

C:\Batches
2008-07-31 15:39:22 118784 --a

C:\WINDOWS\system32\vrixleom.dll
2008-07-31 15:39:03 118784 --a

C:\WINDOWS\system32\jvheodov.dll
2008-07-31 15:38:44 118784 --a

C:\WINDOWS\system32\whgksdvn.dll
2008-07-31 15:38:25 118784 --a

C:\WINDOWS\system32\dsfrocex.dll
2008-07-31 15:38:06 118784 --a

C:\WINDOWS\system32\wrsmtvcb.dll
2008-07-31 15:37:47 118784 --a

C:\WINDOWS\system32\fhdeuily.dll
2008-07-31 15:37:29 118784 --a

C:\WINDOWS\system32\uqvtfohi.dll
2008-07-31 15:34:23 118784 --a

C:\WINDOWS\system32\omirdbom.dll
2008-07-31 15:34:03 118784 --a

C:\WINDOWS\system32\eqytwlmb.dll
2008-07-31 15:33:44 118784 --a

C:\WINDOWS\system32\hpfwvswk.dll
2008-07-31 15:33:25 118784 --a

C:\WINDOWS\system32\ojbuiqae.dll
2008-07-31 15:33:06 118784 --a

C:\WINDOWS\system32\enrvuayl.dll
2008-07-31 15:32:47 118784 --a

C:\WINDOWS\system32\ehnbhfce.dll
2008-07-31 15:32:25 118784 --a

C:\WINDOWS\system32\xgiqbrhv.dll
2008-07-31 15:32:23 118784 --a

C:\WINDOWS\system32\qvmkrvii.dll
2008-07-31 15:30:21 94208 --a

C:\WINDOWS\system32\wthgog.dll
2008-07-31 15:30:20 94208 --a

C:\WINDOWS\system32\nyehwmrb.dll
2008-07-31 14:47:08 0 d

C:\Mac Casper Scans
2008-07-31 09:20:38 6635520 --a

C:\Documents and Settings\fortunep\ntuser.dat
2008-07-23 10:41:23 0 d

C:\Omega
2008-07-23 10:39:59 0 d

C:\Excel Add Ins
2008-07-22 14:26:21 0 d

C:\SRD
2008-07-22 09:34:04 225280 --a

C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
2008-07-22 09:31:36 0 d

C:\Program Files\Outsim
2008-07-22 08:08:24 95232 --a

C:\WINDOWS\system32\mjfdei.dll
2008-07-22 08:08:24 95232 --a

C:\WINDOWS\system32\bojqefer.dll
2008-07-21 14:45:56 0 d

C:\Documents and Settings\fortunep\Application Data\vlc
2008-07-21 14:42:21 0 d

C:\Program Files\VideoLAN
2008-07-21 12:13:32 0 d

C:\Documents and Settings\fortunep\Application Data\cYo
2008-07-21 11:58:17 4512 --a

C:\peregrine.reg
2008-07-21 11:08:46 0 d

C:\Scans
2008-07-21 10:44:07 0 d

C:\Program Files\Mindjet
2008-07-17 08:26:15 0 d

C:\Program Files\OpenDrive
2008-07-16 10:42:01 284 --a

C:\Pj6preffile.dat
2008-07-15 09:36:11 0 d

C:\Program Files\GPL MPEG Decoder
2008-07-14 08:38:00 0 d

C:\Program Files\Solveig Multimedia
2008-07-09 12:36:58 43698 --a

C:\WINDOWS\system32\xvid-uninstall.exe

-- Find3M Report

2008-08-06 08:17:45 0 d

C:\Program Files\symantec antivirus
2008-08-01 08:49:16 0 d

C:\Program Files\Google
2008-08-01 08:42:16 0 d

C:\Program Files\Bonjour
2008-07-31 14:16:34 0 d

C:\Documents and Settings\fortunep\Application Data\messages
2008-07-31 08:32:31 0 d

C:\Program Files\ReadManiac
2008-07-30 16:32:13 0 d

C:\Program Files\Hewlett-Packard
2008-07-30 09:34:23 0 d

C:\Program Files\Common Files
2008-07-30 09:30:56 0 d

C:\Program Files\VstPlugins
2008-07-29 16:55:05 0 d

C:\Program Files\MediaMonkey
2008-07-29 16:53:43 0 d

C:\Program Files\Panda Security
2008-07-24 11:28:36 0 d

C:\Documents and Settings\fortunep\Application Data\MyPhoneExplorer
2008-07-16 16:51:25 0 d

C:\Documents and Settings\fortunep\Application Data\Adobe
2008-07-09 12:33:48 464 --a

C:\Documents and Settings\fortunep\Application Data\AutoGK.ini
2008-07-04 10:24:17 0 d

C:\Documents and Settings\fortunep\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-07-04 10:19:33 0 d

C:\Program Files\Common Files\Adobe AIR
2008-07-03 08:58:57 0 d

C:\Documents and Settings\fortunep\Application Data\Command & Conquer 3 Kane's Wrath
2008-06-27 09:36:11 0 d

C:\Program Files\Avanquest update
2008-06-27 09:36:07 0 d--h

C:\Program Files\InstallShield Installation Information
2008-06-27 08:20:51 0 d

C:\Program Files\Symantec
2008-06-26 12:16:01 0 d

C:\Documents and Settings\fortunep\Application Data\VirtuaWin
2008-06-26 09:02:29 0 dr-h

C:\Documents and Settings\fortunep\Application Data\SecuROM
2008-06-26 09:01:39 0 d

C:\Program Files\Common Files\InstallShield
2008-06-26 08:23:25 0 d

C:\Documents and Settings\fortunep\Application Data\Canneverbe_Limited
2008-06-26 08:21:45 0 d

C:\Program Files\CDBurnerXP
2008-06-24 16:01:22 0 d

C:\Program Files\Sony Ericsson
2008-06-24 10:51:45 0 d

C:\Program Files\SUPERAntiSpyware
2008-06-24 10:51:44 0 d

C:\Documents and Settings\fortunep\Application Data\SUPERAntiSpyware.com
2008-06-24 10:51:29 0 d

C:\Program Files\Common Files\Wise Installation Wizard
2008-06-24 10:45:50 0 d

C:\Documents and Settings\fortunep\Application Data\Malwarebytes
2008-06-24 10:45:48 0 d

C:\Program Files\Malwarebytes' Anti-Malware
2008-06-12 09:40:52 0 d

C:\Program Files\Citrix
2008-06-12 09:33:51 0 d

C:\Documents and Settings\fortunep\Application Data\ICAClient
2008-06-12 09:14:42 0 d

C:\Program Files\Virtual Earth 3D
2008-06-11 12:25:41 262144 --a

C:\WINDOWS\system32\default_user_class.dat
2008-06-11 09:32:51 696 --a

C:\DOCUME
2008-06-10 08:22:59 0 d

C:\Documents and Settings\fortunep\Application Data\Nero
2008-06-10 08:21:38 0 d

C:\Program Files\Common Files\Nero
2008-06-10 08:19:51 0 d

C:\Program Files\Nero
2008-05-29 09:35:36 86528 --a

C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-05-22 10:40:58 94 --a

C:\radkill.bat

-- Registry Dump

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COEMsgDisplay"="C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [11/04/2007 20:44]
"QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [26/06/2007 23:06]
"SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [05/08/2005 17:22]
"GetIT"="C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe" [04/12/2007 01:12]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/03/2006 19:02]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [27/05/2006 02:01]
"IDA"="C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE" [03/01/2008 23:54]
"RTHDCPL"="RTHDCPL.EXE" [11/10/2006 18:36 C:\WINDOWS\RTHDCPL.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/10/2006 11:11]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/10/2006 11:13]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/10/2006 11:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" [25/09/2007 21:23]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 22:48]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [01/03/2008 06:10]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 19:49]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 00:00]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [20/02/2007 13:06]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]
"Desktop Service"="C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe" []
"BVRPLiveUpdate"="C:\Program Files\Avanquest update\Engine\Setup.exe" []
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [30/07/2008 15:00]
"BM87b0e2d2"="C:\WINDOWS\system32\cqbglqew.dll" [01/08/2008 12:47]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [20/02/2008 17:19]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 15:35]
"Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [21/07/2008 11:38]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [24/09/2005 04:05:26]
Symantec NetBackup Desktop Agent.lnk - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [04/01/2008 06:50:04]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [08/06/2005 15:51:35]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableNT4Policy"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)
"NoMSAppLogo5ChannelNotify"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"=0 (0x0)
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoInternetIcon"=0 (0x0)
"NoDesktop"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoFind"=0 (0x0)
"NoRun"=0 (0x0)
"NoSetActiveDesktop"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoFolderOptions"=0 (0x0)
"NoRecentDocsMenu"=0 (0x0)
"NoRecentDocsHistory"=0 (0x0)
"ClearRecentDocsOnExit"=0 (0x0)
"NoLogoff"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoTrayContextMenu"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=NOITSCAN.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1957994488-842925246-40105171-690474\Scripts\Logon\0\0]
"Script"=NOITSCAN.bat

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

*Newly Created Service* - HPSYGCONTROL

-- End of Deckard's System Scanner: finished at 2008-08-06 08:26:48

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.

-- System Information

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 67%
Physical Memory (total/avail): 1015.35 MiB / 327.05 MiB
Pagefile Memory (total/avail): 2441.73 MiB / 1803.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.31 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 50.38 GiB free.
F: is Network (NTFS)
G: is Network (NTFS)
H: is Network (NTFS)
I: is Network (NTFS)
J: is Network (NTFS)
K: is Network (NTFS)
M: is Network (NTFS)
P: is Network (NTFS)
T: is Network (NTFS)
U: is CDROM (No Media)
V: is Network (NTFS)
W: is Network (NTFS)
X: is Network (NTFS)
Y: is Network (NTFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - WDC WD800JD-60LSA0 - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:

-- Security Center

AUOptions is set to notify before install.
AUState says computer has updates disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Sygate Security Agent v4.6 (Sygate Technologies, Inc.)
AV: Symantec AntiVirus Corporate Edition v10.1.0.396 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe:*:Enabled:radexecd"
"C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\raduishell.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\raduishell.exe:*:Enabled:raduishell"
"C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe:*:Enabled:radtray"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"="C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

-- Environment Variables

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\fortunep\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_13\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=FORTUNEP
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\fortunep
LOGONSERVER=\\SDCGCEU01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\PEREGR~1\ASSETC~1\rtany50;C:\WINDOWS\system32;C:\WINDOWS;\System32\Wbem;C:\Program Files\ActivCard\ActivCard Gold\resources;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_13\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\fortunep\LOCALS~1\Temp
TMP=C:\DOCUME~1\fortunep\LOCALS~1\Temp
USERDNSDOMAIN=EMEA.CPQCORP.NET
USERDOMAIN=EMEA
USERNAME=fortunep
USERPROFILE=C:\Documents and Settings\fortunep
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles

hpadmin (new local, admin)
fortunep (admin)

-- Add/Remove Programs

--> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivCard Gold --> MsiExec.exe /I{4C35ABDE-E901-4142-A973-94C4A16EDA6A}
ActivCard Initialization Utility --> MsiExec.exe /X{DEF41238-3F22-479D-B755-E5AFBA7332B8}
ActivIdentity Device Installer --> MsiExec.exe /I{90FE5BFC-C6C5-45D3-A7E3-463D707E2D44}
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-5A64-7E8A45000001}
Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001}
Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
Adobe Reader Korean Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-7E8A45000001}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AssetCenter version 3.60 us --> C:\Program Files\Peregrine\AssetCenter\setup.exe -u:'C:\Program Files\Peregrine\AssetCenter\setup.log' -i:'C:\Program Files\Peregrine\AssetCenter\setup.inf'
AudioConverter Studio 5.9 --> "C:\Program Files\AudioConverter Studio\unins000.exe"
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{E9459BCF-0982-498B-ABA7-26C34323493F}
Clarify2Span (Application Proxy) --> MsiExec.exe /X{F74AE6CD-35E7-4438-A7E3-3C19489DCC4C}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Cryptext (Remove Only) --> rundll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\ShellExt\Cryptext.inf
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
FastStone Image Viewer 3.5 --> C:\Program Files\FastStone Image Viewer\uninst.exe
FreeUndelete --> O:\Apps\FreeUndelete\GLF335.exe /handle:fru
Gadwin PrintScreen Professional --> C:\Program Files\Gadwin Systems\PrintScreenPro\Uninstall.exe
Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
High Definition Audio Driver Package - KB888111 -->
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
HP One Click --> MsiExec.exe /X{42AB4D8C-BD78-4662-8A22-AE6ACA053525}
Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 13 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150130}
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Script 5.7 --> "C:\WINDOWS\$NtUninstallscripten$\spuninst\spuninst.exe"
Mindjet MindManager Viewer 7 --> MsiExec.exe /X{E0CE343A-DCE3-49EC-8D21-D13185B1C24A}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MyPhoneExplorer --> C:\Program Files\MyPhoneExplorer\uninstall.exe
MySQL Server 5.0 --> MsiExec.exe /I{62392B8E-BD96-4232-8AD1-53D498590ACA}
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
PAL --> "C:\WINDOWS\IsUninst.exe" -y -f"C:\Program Files\PAL\Uninstl\DeIsL1.isu" -c"C:\Program Files\PAL\Uninstl\palunins.dll
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peregrine Desktop Inventory 8.0.2 --> MsiExec.exe /I{6BF66328-D689-4FDC-80EF-C10765B4AEB3}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
R-Studio 4.2 --> E:\Apps\R-STUDIO\Uninstall.exe
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
ScreenCapture --> MsiExec.exe /I{18F4CEF9-FDA5-4CE1-B700-84D78EB594BF}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
Sony Ericsson Drivers --> MsiExec.exe /I{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}
Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
Sony Ericsson PC Suite --> MsiExec.exe /I{05675D95-1567-4E00-A818-DB08064EA088}
Sony Ericsson PC Suite 3.209.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
Sony Ericsson Themes Creator 3.27 --> C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Sygate Security Agent 4.1 --> MsiExec.exe /I{3988A8A8-000F-4016-9C0C-7D235F1D978B}
Symantec AntiVirus --> MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
Symantec NetBackup Desktop Agent --> MsiExec.exe /I{D2BE4C7A-DDB0-4A2F-B3DD-534A891E6255}
Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Trojan Remover 6.7.1 --> "C:\Program Files\Trojan Remover\unins000.exe"
Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
USB Storage Driver --> DelUIDrv.exe
User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
WFM Client 5.4 P.05.08.220 --> C:\WINDOWS\IsUninst.exe -fC:\WFMClient5.4_P.05.08.220\Uninst.isu
WFM Client 6.0 P.08.01.030 --> C:\WINDOWS\IsUninst.exe -fC:\WFMClient6.0_P.08.01.030\Uninst.isu
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"

-- Application Event Log

Event Record #/Type23826 / Error
Event Submitted/Written: 08/06/2008 08:22:26 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application syncmldesktopserver.exe, version 5.2.0.12, faulting module unknown, version 0.0.0.0, fault address 0x00a9028f.
Processing media-specific event for [syncmldesktopserver.exe!ws!]

Event Record #/Type23822 / Success
Event Submitted/Written: 08/06/2008 08:21:38 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type23820 / Error
Event Submitted/Written: 08/06/2008 08:18:55 AM
Event ID/Source: 1004 / Application Error
Event Description:
Faulting application syg_hp.exe, version 1.8.1.2, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Error in creating result PEAP-TLV in response to received PEAP-TLV (syg_hp.exe!ld!)

Event Record #/Type23818 / Error
Event Submitted/Written: 08/06/2008 08:17:39 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application syg_hp.exe, version 1.8.1.2, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
Processing media-specific event for [syg_hp.exe!ws!]

Event Record #/Type23817 / Error
Event Submitted/Written: 08/06/2008 08:17:36 AM
Event ID/Source: 1030 / Userenv
Event Description:
Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.

-- Security Event Log

No Errors/Warnings found.

-- System Event Log

Event Record #/Type6093 / Error
Event Submitted/Written: 08/06/2008 08:22:30 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type6075 / Error
Event Submitted/Written: 08/06/2008 08:18:50 AM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The HP Sygate Icon Control service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type6062 / Error
Event Submitted/Written: 08/06/2008 08:17:16 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 16.49.34.221 for the Network Card with network address 001635A425CF has been
denied by the DHCP server 16.209.133.46 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type6054 / Warning
Event Submitted/Written: 08/06/2008 06:58:52 AM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Event Record #/Type6013 / Error
Event Submitted/Written: 08/01/2008 02:25:06 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

-- End of Deckard's System Scanner: finished at 2008-08-06 08:26:48

Cheers for lookin at these dude, you're a lifesaver

HB

ActorSeeksJob · 06-08-2008 12:17PM

Hello

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

[kill explorer]

C:\WINDOWS\system32\msworld.exe
C:\WINDOWS\system32\gjawynbm.dll
C:\WINDOWS\system32\cqbglqew.dll
C:\WINDOWS\system32\jveyqwqs.dll
C:\WINDOWS\system32\elunviut.dll
C:\WINDOWS\system32\vrixleom.dll
C:\WINDOWS\system32\jvheodov.dll
C:\WINDOWS\system32\whgksdvn.dll
C:\WINDOWS\system32\dsfrocex.dll
C:\WINDOWS\system32\wrsmtvcb.dll
C:\WINDOWS\system32\fhdeuily.dll
C:\WINDOWS\system32\uqvtfohi.dll
C:\WINDOWS\system32\omirdbom.dll
C:\WINDOWS\system32\eqytwlmb.dll
C:\WINDOWS\system32\hpfwvswk.dll
C:\WINDOWS\system32\ojbuiqae.dll
C:\WINDOWS\system32\enrvuayl.dll
C:\WINDOWS\system32\ehnbhfce.dll
C:\WINDOWS\system32\xgiqbrhv.dll
C:\WINDOWS\system32\qvmkrvii.dll
C:\WINDOWS\system32\wthgog.dll
C:\WINDOWS\system32\nyehwmrb.dll
C:\WINDOWS\system32\mjfdei.dll
C:\WINDOWS\system32\bojqefer.dll
purity 
EmptyTemp
[start explorer]

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Reboot and post a new DSS Log

hamsterboy · 06-08-2008 01:04PM

Hey,
thanks for all this help dude.
The problem seems to be gone. It didn't go according to you plan but how and ever................
When I ran OTMoveIt, it started to move the files but then it looked like it killed explorer cos the toolbar disappeared and then kinda hung, so I had to do a restart manually (this happened twice). It didn't create a log but it did have something in the MovedFiles folder, a file called jvheodov.dll.

Anyway, heres the new dss log

Deckard's System Scanner v20071014.68
Run by fortunep on 2008-08-06 13:59:58
Computer is in Normal Mode.

Percentage of Memory in Use: 80% (more than 75%).

-- HijackThis (run as fortunep.exe)

Logfile of HijackThis v1.99.1
Scan saved at 14:00:15, on 06/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SSA\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
C:\PROGRA~1\sygate\ssa\syg_hp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Remote tools\msraLinkMonitor.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\fortunep\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\fortunep.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
O2 - BHO: (no name) - {484B72EF-F408-467B-95B4-036C81D89C47} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com
O15 - Trusted Zone: http://ie.config.eur.compaq.com
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
O15 - Trusted Zone: http://ie.config.jp.compaq.com
O15 - Trusted Zone: http://*.compaq.com
O15 - Trusted Zone: *.cpqcorp.net
O15 - Trusted Zone: http://*.dcu.org
O15 - Trusted Zone: http://ie.config.ecom.dec.com
O15 - Trusted Zone: http://*.dec.com
O15 - Trusted Zone: *.hp.com
O15 - Trusted Zone: http://*.hpe-learning.com
O15 - Trusted Zone: *.hpqcorp.net
O15 - Trusted Zone: *.hpshopping.com
O15 - Trusted Zone: http://ie.config.tandem.com
O15 - Trusted Zone: http://*.tandem.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

-- Files created between 2008-07-06 and 2008-08-06

2008-08-06 12:06:22 0 d

C:\Documents and Settings\fortunep\tracing
2008-08-06 12:03:32 0 d

C:\Program Files\Microsoft Office Communicator
2008-08-01 14:26:47 0 d