Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Hijack This log.....HELP!!!!

  • 01-08-2008 1:54pm
    #1
    Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭


    Hi All. My work machine is really in trouble and support here are less than useless.
    I don't know it it'll help but I'm gonna post a hijackthis log.
    Whats happening is my machine won't connect to some websites......gmail, facebook and a lot of others within the company that I need for work, but will connect to others......wiki, boards ( :) )etc. I'm also getting no end of spyware / adware pop-ups.
    My machine is running Symantec Anti Virus and I have to use it (company policy)
    I've scanned the machine using various spyware removal tools and it always finds a load of Trojans, Vundos mostly and says its removing them, then asks for a re-boot. When I try to reboot, the machine won't reboot normally and forces me to "Startup ion last known configuration that worked" which must be undoing all the removals cos its all back there when I scan the thing again...... :mad:
    Anyway, here's the log if anybody knows anything about them

    Logfile of HijackThis v1.99.1
    Scan saved at 14:42:23, on 01/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SSA\smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ActivCard\acautoreg.exe
    C:\Program Files\Common Files\ActivCard\accoca.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
    C:\PROGRA~1\sygate\ssa\syg_hp.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Remote tools\msraLinkMonitor.exe
    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
    C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
    C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
    C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\WINDOWS\system32\msworld.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\mstsc.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
    O2 - BHO: (no name) - {484B72EF-F408-467B-95B4-036C81D89C47} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
    O2 - BHO: {37e37533-f3b2-8e6a-9c94-c20bcfb3656b} - {b6563bfc-b02c-49c9-a6e8-2b3f33573e73} - C:\WINDOWS\system32\pykiny.dll (file missing)
    O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
    O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
    O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [MSWorld] C:\WINDOWS\system32\msworld.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
    O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
    O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
    O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
    O15 - Trusted Zone: http://ie.config.asia.compaq.com
    O15 - Trusted Zone: http://ie.config.eur.compaq.com
    O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
    O15 - Trusted Zone: http://ie.config.jp.compaq.com
    O15 - Trusted Zone: http://*.compaq.com
    O15 - Trusted Zone: *.cpqcorp.net
    O15 - Trusted Zone: http://*.dcu.org
    O15 - Trusted Zone: http://ie.config.ecom.dec.com
    O15 - Trusted Zone: http://*.dec.com
    O15 - Trusted Zone: *.hp.com
    O15 - Trusted Zone: http://*.hpe-learning.com
    O15 - Trusted Zone: *.hpqcorp.net
    O15 - Trusted Zone: *.hpshopping.com
    O15 - Trusted Zone: http://ie.config.tandem.com
    O15 - Trusted Zone: http://*.tandem.com
    O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
    O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
    O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
    O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
    O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
    O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
    O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
    O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
    O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
    O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
    O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

    Cheers

    HB


Comments

  • Registered Users, Registered Users 2 Posts: 9,269 ✭✭✭MrVestek


    Erm, are you sure that your IT department hasn't just limited access to certain sites?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O2 - BHO: (no name) - {484B72EF-F408-467B-95B4-036C81D89C47} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
    O2 - BHO: {37e37533-f3b2-8e6a-9c94-c20bcfb3656b} - {b6563bfc-b02c-49c9-a6e8-2b3f33573e73} - C:\WINDOWS\system32\pykiny.dll (file missing)
    O4 - HKLM\..\Run: [MSWorld] C:\WINDOWS\system32\msworld.exe
    O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      [kill explorer]
      C:\WINDOWS\system32\msworld.exe
      purity 
      EmptyTemp
      [start explorer]
      
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.




    Reboot and do this

    Please download Deckard's System Scanner (DSS) and save it to your Desktop.
    • Close all other windows before proceeding.
    • Double-click on dss.exe and follow the prompts.
    • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
    • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


  • Registered Users, Registered Users 2 Posts: 9,269 ✭✭✭MrVestek


    I stand by my original question, are you sure your IT department aren't just blocking access to certain sites?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    His problem is because he has Vundo on the PC, not because of his IT Department


  • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


    Achilles wrote: »
    I stand by my original question, are you sure your IT department aren't just blocking access to certain sites?

    Sorry bout the delay getting back
    No, no sites a limited in work, some of them are actually internal sites used for my job. Plus I can reach them in Safe Mode and when I remote into a computer 10 feet away.
    ActorSeeksJob, thanks a mill for the no doubt expert response. I'll try it first thing Tuesday and post that log for ye


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


    Hey, sorry bout the delay but I pulled a sickie yesterday....... ;)
    So anyway, heres the logs

    Deckard's System Scanner v20071014.68
    Run by fortunep on 2008-08-06 08:22:20
    Computer is in Normal Mode.

    -- System Restore

    Successfully created a Deckard's System Scanner Restore Point.


    -- Last 5 Restore Point(s) --
    37: 2008-08-06 07:22:43 UTC - RP64 - Deckard's System Scanner Restore Point
    36: 2008-08-05 16:35:38 UTC - RP63 - System Checkpoint
    35: 2008-08-04 15:23:39 UTC - RP62 - System Checkpoint
    34: 2008-08-03 14:59:40 UTC - RP61 - System Checkpoint
    33: 2008-08-02 13:47:40 UTC - RP60 - System Checkpoint


    -- First Restore Point --
    1: 2008-08-01 10:34:10 UTC - RP28 - System Checkpoint


    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as fortunep.exe)

    Unable to find log (file not found); running clone.
    -- HijackThis Clone


    Emulating logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2008-08-06 08:25:39
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\sygate\ssa\Smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ActivCard\acautoreg.exe
    C:\Program Files\Common Files\ActivCard\accoca.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\symantec antivirus\DefWatch.exe
    C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Remote tools\msraLinkMonitor.exe
    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
    C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
    C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
    C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
    C:\Program Files\symantec antivirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\symantec antivirus\Rtvscan.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
    C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\symantec antivirus\VPTray.exe
    C:\Program Files\Hewlett-Packard\PC COE\Ida.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\sygate\ssa\syg_hp.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
    C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Jabber\Messenger\JabberMessenger.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\fortunep\Desktop\dss.exe
    C:\Program Files\HijackThis\fortunep.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
    O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
    O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
    O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (file missing)
    O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
    O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
    O15 - Trusted Zone: http://compaq.com (HKCU)
    O15 - Trusted Zone: https://compaq.com (HKCU)
    O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKCU)
    O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKCU)
    O15 - Trusted Zone: *.cpqcorp.net (HKCU)
    O15 - Trusted Zone: https://dcu.org (HKCU)
    O15 - Trusted Zone: http://dcu.org (HKCU)
    O15 - Trusted Zone: http://dec.com (HKCU)
    O15 - Trusted Zone: https://dec.com (HKCU)
    O15 - Trusted Zone: *.hp.com (HKCU)
    O15 - Trusted Zone: https://hpe-learning.com (HKCU)
    O15 - Trusted Zone: http://hpe-learning.com (HKCU)
    O15 - Trusted Zone: *.hpqcorp.net (HKCU)
    O15 - Trusted Zone: *.hpshopping.com (HKCU)
    O15 - Trusted Zone: http://tandem.com (HKCU)
    O15 - Trusted Zone: https://tandem.com (HKCU)
    O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
    O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
    O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
    O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
    O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
    O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
    O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
    O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
    O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\symantec antivirus\DefWatch.exe
    O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\Program Files\sygate\ssa\syg_hp.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\Liveupdate\LuComServer_3_0.EXE
    O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\sygate\ssa\Maga\Maga.exe
    O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
    O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt
    O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
    O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
    O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
    O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
    O23 - Service: SavRoam - symantec - C:\Program Files\symantec antivirus\SavRoam.exe
    O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe
    O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\sygate\ssa\Smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\symantec antivirus\Rtvscan.exe


    --
    End of file - 15862 bytes

    -- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\)

    backup-20080806-081307-197 O4 - HKLM\..\Run: [MSWorld] C:\WINDOWS\system32\msworld.exe
    backup-20080806-081307-208 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    backup-20080806-081307-287 O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
    backup-20080806-081307-383 O2 - BHO: {37e37533-f3b2-8e6a-9c94-c20bcfb3656b} - {b6563bfc-b02c-49c9-a6e8-2b3f33573e73} - C:\WINDOWS\system32\pykiny.dll (file missing)
    backup-20080806-081307-432 O2 - BHO: (no name) - {484B72EF-F408-467B-95B4-036C81D89C47} - (no file)
    backup-20080806-081307-486 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    backup-20080806-081307-988 O2 - BHO: (no name) - {911551E5-4B0F-4021-BD18-A24F9E558A94} - (no file)
    backup-20080806-081308-143 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    -- File Associations

    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
    R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
    R3 CLEDX (Team H2O CLEDX service) - c:\windows\system32\drivers\cledx.sys <Not Verified; Team H2O; CLEDX>
    R3 RadiaMsi - c:\windows\system32\drivers\radiamsi.sys <Not Verified; Hewlett Packard; CM Agent>

    S3 actccid (ActivCard USB Reader V2) - c:\windows\system32\drivers\actccid.sys <Not Verified; ActivCard; USB Reader V2>
    S3 ASPI (Advanced SCSI Programming Interface Driver) - c:\windows\system32\drivers\aspi32.sys <Not Verified; Adaptec; Adaptec's ASPI Layer>


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled

    R2 acautoreg (ActivCard Gold Autoregister) - c:\program files\common files\activcard\acautoreg.exe <Not Verified; ActivIdentity; ActivCard Gold>
    R2 Accoca (ActivCard Gold service) - c:\program files\common files\activcard\accoca.exe <Not Verified; ActivCard; ActivCard Gold>
    R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
    R2 HPSygControl (HP Sygate Icon Control) - c:\progra~1\sygate\ssa\syg_hp.exe <Not Verified; Hewlett-Packard Company; Hewlett-Packard Company syg_hp>
    R2 msralinkmonitor (MSRA Link Monitor) - "c:\program files\remote tools\msralinkmonitor.exe" <Not Verified; ; Quaranti Application>
    R2 MySQL - "c:\program files\mysql\mysql server 5.0\bin\mysqld-nt" --defaults-file="c:\program files\mysql\mysql server 5.0\my.ini" mysql (file missing)
    R2 Nero BackItUp Scheduler 3 - c:\program files\nero\nero8\nero backitup\nbservice.exe
    R2 radexecd (HP OVCM Notify Daemon) - c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radexecd.exe <Not Verified; Hewlett-Packard; CM Agent>
    R2 radsched (HP OVCM Scheduler Daemon) - c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radsched.exe <Not Verified; Hewlett-Packard; CM Agent>
    R2 Radstgms (HP OVCM MSI Redirector) - c:\progra~1\hewlet~1\pccoe3~1\ovcms~1\radstgms.exe <Not Verified; Hewlett-Packard; CM Agent>
    R2 UPHClean (User Profile Hive Cleanup) - c:\program files\uphclean\uphclean.exe <Not Verified; Microsoft Corporation; User Profile Hive Cleanup Service>

    S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
    S3 magaService (Lan Discover Agent) - c:\program files\sygate\ssa\maga\maga.exe <Not Verified; Sygate Technologies, Inc.; Maga Application>
    S3 PictureTaker - c:\windows\system32\pctkrnt.sys <Not Verified; LANovation; PictureTaker Software Family>
    S3 Service_Desktop (Desktop) - c:\program files\free-soft\virtual desktop\desktop.exe (file missing)


    -- Device Manager: Disabled

    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&76BB63B&0
    Manufacturer: (Standard keyboards)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&76BB63B&0
    Service: i8042prt


    -- Scheduled Tasks

    2008-08-06 08:19:32 388 --ah
    C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
    2008-08-06 08:19:23 392 --ah
    C:\WINDOWS\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
    2008-08-06 08:19:14 338 --ah
    C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
    2008-08-06 08:19:13 346 --ah
    C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
    2008-08-06 08:18:43 438 --ah
    C:\WINDOWS\Tasks\IDA{884F3959-E5F7-11D1-9B15-080009F878E4}000.job
    2008-08-06 08:18:40 266 --ah
    C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job


    -- Files created between 2008-07-06 and 2008-08-06

    2008-08-01 14:26:47 0 d
    C:\Program Files\MSN Messenger
    2008-08-01 14:05:44 162304 --a
    C:\WINDOWS\system32\ztvunrar36.dll
    2008-08-01 14:05:44 77312 --a
    C:\WINDOWS\system32\ztvunace26.dll
    2008-08-01 14:05:43 69632 --a
    C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2008-08-01 14:05:42 75264 --a
    C:\WINDOWS\system32\unacev2.dll
    2008-08-01 14:05:41 153088 --a
    C:\WINDOWS\system32\UNRAR3.dll
    2008-08-01 14:05:33 0 d
    C:\Program Files\Trojan Remover
    2008-08-01 14:05:33 0 d
    C:\Documents and Settings\fortunep\Application Data\Simply Super Software
    2008-08-01 14:05:33 0 d
    C:\Documents and Settings\All Users\Application Data\Simply Super Software
    2008-08-01 12:51:10 94720 --a
    C:\WINDOWS\system32\gjawynbm.dll
    2008-08-01 12:47:57 90112 --a
    C:\WINDOWS\system32\cqbglqew.dll
    2008-08-01 10:35:59 94720 --a
    C:\WINDOWS\system32\jveyqwqs.dll
    2008-08-01 10:35:52 90112 --a
    C:\WINDOWS\system32\elunviut.dll
    2008-08-01 08:46:32 0 d
    C:\spoolerlogs
    2008-07-31 15:57:46 0 d
    C:\Batches
    2008-07-31 15:39:22 118784 --a
    C:\WINDOWS\system32\vrixleom.dll
    2008-07-31 15:39:03 118784 --a
    C:\WINDOWS\system32\jvheodov.dll
    2008-07-31 15:38:44 118784 --a
    C:\WINDOWS\system32\whgksdvn.dll
    2008-07-31 15:38:25 118784 --a
    C:\WINDOWS\system32\dsfrocex.dll
    2008-07-31 15:38:06 118784 --a
    C:\WINDOWS\system32\wrsmtvcb.dll
    2008-07-31 15:37:47 118784 --a
    C:\WINDOWS\system32\fhdeuily.dll
    2008-07-31 15:37:29 118784 --a
    C:\WINDOWS\system32\uqvtfohi.dll
    2008-07-31 15:34:23 118784 --a
    C:\WINDOWS\system32\omirdbom.dll
    2008-07-31 15:34:03 118784 --a
    C:\WINDOWS\system32\eqytwlmb.dll
    2008-07-31 15:33:44 118784 --a
    C:\WINDOWS\system32\hpfwvswk.dll
    2008-07-31 15:33:25 118784 --a
    C:\WINDOWS\system32\ojbuiqae.dll
    2008-07-31 15:33:06 118784 --a
    C:\WINDOWS\system32\enrvuayl.dll
    2008-07-31 15:32:47 118784 --a
    C:\WINDOWS\system32\ehnbhfce.dll
    2008-07-31 15:32:25 118784 --a
    C:\WINDOWS\system32\xgiqbrhv.dll
    2008-07-31 15:32:23 118784 --a
    C:\WINDOWS\system32\qvmkrvii.dll
    2008-07-31 15:30:21 94208 --a
    C:\WINDOWS\system32\wthgog.dll
    2008-07-31 15:30:20 94208 --a
    C:\WINDOWS\system32\nyehwmrb.dll
    2008-07-31 14:47:08 0 d
    C:\Mac Casper Scans
    2008-07-31 09:20:38 6635520 --a
    C:\Documents and Settings\fortunep\ntuser.dat
    2008-07-23 10:41:23 0 d
    C:\Omega
    2008-07-23 10:39:59 0 d
    C:\Excel Add Ins
    2008-07-22 14:26:21 0 d
    C:\SRD
    2008-07-22 09:34:04 225280 --a
    C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
    2008-07-22 09:31:36 0 d
    C:\Program Files\Outsim
    2008-07-22 08:08:24 95232 --a
    C:\WINDOWS\system32\mjfdei.dll
    2008-07-22 08:08:24 95232 --a
    C:\WINDOWS\system32\bojqefer.dll
    2008-07-21 14:45:56 0 d
    C:\Documents and Settings\fortunep\Application Data\vlc
    2008-07-21 14:42:21 0 d
    C:\Program Files\VideoLAN
    2008-07-21 12:13:32 0 d
    C:\Documents and Settings\fortunep\Application Data\cYo
    2008-07-21 11:58:17 4512 --a
    C:\peregrine.reg
    2008-07-21 11:08:46 0 d
    C:\Scans
    2008-07-21 10:44:07 0 d
    C:\Program Files\Mindjet
    2008-07-17 08:26:15 0 d
    C:\Program Files\OpenDrive
    2008-07-16 10:42:01 284 --a
    C:\Pj6preffile.dat
    2008-07-15 09:36:11 0 d
    C:\Program Files\GPL MPEG Decoder
    2008-07-14 08:38:00 0 d
    C:\Program Files\Solveig Multimedia
    2008-07-09 12:36:58 43698 --a
    C:\WINDOWS\system32\xvid-uninstall.exe


    -- Find3M Report

    2008-08-06 08:17:45 0 d
    C:\Program Files\symantec antivirus
    2008-08-01 08:49:16 0 d
    C:\Program Files\Google
    2008-08-01 08:42:16 0 d
    C:\Program Files\Bonjour
    2008-07-31 14:16:34 0 d
    C:\Documents and Settings\fortunep\Application Data\messages
    2008-07-31 08:32:31 0 d
    C:\Program Files\ReadManiac
    2008-07-30 16:32:13 0 d
    C:\Program Files\Hewlett-Packard
    2008-07-30 09:34:23 0 d
    C:\Program Files\Common Files
    2008-07-30 09:30:56 0 d
    C:\Program Files\VstPlugins
    2008-07-29 16:55:05 0 d
    C:\Program Files\MediaMonkey
    2008-07-29 16:53:43 0 d
    C:\Program Files\Panda Security
    2008-07-24 11:28:36 0 d
    C:\Documents and Settings\fortunep\Application Data\MyPhoneExplorer
    2008-07-16 16:51:25 0 d
    C:\Documents and Settings\fortunep\Application Data\Adobe
    2008-07-09 12:33:48 464 --a
    C:\Documents and Settings\fortunep\Application Data\AutoGK.ini
    2008-07-04 10:24:17 0 d
    C:\Documents and Settings\fortunep\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2008-07-04 10:19:33 0 d
    C:\Program Files\Common Files\Adobe AIR
    2008-07-03 08:58:57 0 d
    C:\Documents and Settings\fortunep\Application Data\Command & Conquer 3 Kane's Wrath
    2008-06-27 09:36:11 0 d
    C:\Program Files\Avanquest update
    2008-06-27 09:36:07 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-06-27 08:20:51 0 d
    C:\Program Files\Symantec
    2008-06-26 12:16:01 0 d
    C:\Documents and Settings\fortunep\Application Data\VirtuaWin
    2008-06-26 09:02:29 0 dr-h
    C:\Documents and Settings\fortunep\Application Data\SecuROM
    2008-06-26 09:01:39 0 d
    C:\Program Files\Common Files\InstallShield
    2008-06-26 08:23:25 0 d
    C:\Documents and Settings\fortunep\Application Data\Canneverbe_Limited
    2008-06-26 08:21:45 0 d
    C:\Program Files\CDBurnerXP
    2008-06-24 16:01:22 0 d
    C:\Program Files\Sony Ericsson
    2008-06-24 10:51:45 0 d
    C:\Program Files\SUPERAntiSpyware
    2008-06-24 10:51:44 0 d
    C:\Documents and Settings\fortunep\Application Data\SUPERAntiSpyware.com
    2008-06-24 10:51:29 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-24 10:45:50 0 d
    C:\Documents and Settings\fortunep\Application Data\Malwarebytes
    2008-06-24 10:45:48 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-12 09:40:52 0 d
    C:\Program Files\Citrix
    2008-06-12 09:33:51 0 d
    C:\Documents and Settings\fortunep\Application Data\ICAClient
    2008-06-12 09:14:42 0 d
    C:\Program Files\Virtual Earth 3D
    2008-06-11 12:25:41 262144 --a
    C:\WINDOWS\system32\default_user_class.dat
    2008-06-11 09:32:51 696 --a
    C:\DOCUME
    2008-06-10 08:22:59 0 d
    C:\Documents and Settings\fortunep\Application Data\Nero
    2008-06-10 08:21:38 0 d
    C:\Program Files\Common Files\Nero
    2008-06-10 08:19:51 0 d
    C:\Program Files\Nero
    2008-05-29 09:35:36 86528 --a
    C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-05-22 10:40:58 94 --a
    C:\radkill.bat


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COEMsgDisplay"="C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [11/04/2007 20:44]
    "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [26/06/2007 23:06]
    "SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [05/08/2005 17:22]
    "GetIT"="C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe" [04/12/2007 01:12]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/03/2006 19:02]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [27/05/2006 02:01]
    "IDA"="C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE" [03/01/2008 23:54]
    "RTHDCPL"="RTHDCPL.EXE" [11/10/2006 18:36 C:\WINDOWS\RTHDCPL.EXE]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/10/2006 11:11]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/10/2006 11:13]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/10/2006 11:10]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" [25/09/2007 21:23]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 22:48]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [01/03/2008 06:10]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 19:49]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 00:00]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [20/02/2007 13:06]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]
    "Desktop Service"="C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe" []
    "BVRPLiveUpdate"="C:\Program Files\Avanquest update\Engine\Setup.exe" []
    "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [30/07/2008 15:00]
    "BM87b0e2d2"="C:\WINDOWS\system32\cqbglqew.dll" [01/08/2008 12:47]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [20/02/2008 17:19]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 15:35]
    "Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [21/07/2008 11:38]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [24/09/2005 04:05:26]
    Symantec NetBackup Desktop Agent.lnk - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [04/01/2008 06:50:04]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [08/06/2005 15:51:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"=0 (0x0)
    "SynchronousUserGroupPolicy"=0 (0x0)
    "DisableNT4Policy"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"=0 (0x0)
    "NoMSAppLogo5ChannelNotify"=1 (0x1)
    "NoToolbarCustomize"=0 (0x0)
    "NoBandCustomize"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"=0 (0x0)
    "Btn_Back"=0 (0x0)
    "Btn_Forward"=0 (0x0)
    "Btn_Stop"=0 (0x0)
    "Btn_Refresh"=0 (0x0)
    "Btn_Home"=0 (0x0)
    "Btn_Search"=0 (0x0)
    "Btn_History"=0 (0x0)
    "Btn_Favorites"=0 (0x0)
    "Btn_Media"=0 (0x0)
    "Btn_Folders"=0 (0x0)
    "Btn_Fullscreen"=0 (0x0)
    "Btn_Tools"=0 (0x0)
    "Btn_MailNews"=0 (0x0)
    "Btn_Size"=0 (0x0)
    "Btn_Print"=0 (0x0)
    "Btn_Edit"=0 (0x0)
    "Btn_Discussions"=0 (0x0)
    "Btn_Cut"=0 (0x0)
    "Btn_Copy"=0 (0x0)
    "Btn_Paste"=0 (0x0)
    "Btn_Encoding"=0 (0x0)
    "Btn_PrintPreview"=0 (0x0)
    "NoActiveDesktop"=0 (0x0)
    "NoActiveDesktopChanges"=0 (0x0)
    "NoInternetIcon"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoFavoritesMenu"=0 (0x0)
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoSetActiveDesktop"=0 (0x0)
    "NoChangeStartMenu"=0 (0x0)
    "NoFolderOptions"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "NoRecentDocsHistory"=0 (0x0)
    "ClearRecentDocsOnExit"=0 (0x0)
    "NoLogoff"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoSetTaskbar"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
    "Script"=NOITSCAN.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1957994488-842925246-40105171-690474\Scripts\Logon\0\0]
    "Script"=NOITSCAN.bat

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

    *Newly Created Service* - HPSYGCONTROL



    -- End of Deckard's System Scanner: finished at 2008-08-06 08:26:48

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.

    -- System Information

    Microsoft Windows XP Professional (build 2600) SP 2.0
    Architecture: X86; Language: English

    CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
    CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
    Percentage of Memory in Use: 67%
    Physical Memory (total/avail): 1015.35 MiB / 327.05 MiB
    Pagefile Memory (total/avail): 2441.73 MiB / 1803.95 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1915.31 MiB

    C: is Fixed (NTFS) - 74.52 GiB total, 50.38 GiB free.
    F: is Network (NTFS)
    G: is Network (NTFS)
    H: is Network (NTFS)
    I: is Network (NTFS)
    J: is Network (NTFS)
    K: is Network (NTFS)
    M: is Network (NTFS)
    P: is Network (NTFS)
    T: is Network (NTFS)
    U: is CDROM (No Media)
    V: is Network (NTFS)
    W: is Network (NTFS)
    X: is Network (NTFS)
    Y: is Network (NTFS)
    Z: is Network (NTFS)

    \\.\PHYSICALDRIVE0 - WDC WD800JD-60LSA0 - 74.53 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



    -- Security Center

    AUOptions is set to notify before install.
    AUState says computer has updates disabled.
    Windows Internal Firewall is disabled.

    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.

    FW: Sygate Security Agent v4.6 (Sygate Technologies, Inc.)
    AV: Symantec AntiVirus Corporate Edition v10.1.0.396 (Symantec Corporation)

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe:*:Enabled:radexecd"
    "C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\raduishell.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\raduishell.exe:*:Enabled:raduishell"
    "C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe:*:Enabled:radtray"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"="C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


    -- Environment Variables

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\fortunep\Application Data
    CLASSPATH=.;C:\Program Files\Java\jre1.5.0_13\lib\ext\QTJava.zip
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Common Files
    COMPUTERNAME=FORTUNEP
    ComSpec=C:\WINDOWS\system32\cmd.exe
    DEFAULT_CA_NR=CA8
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\fortunep
    LOGONSERVER=\\SDCGCEU01
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\PROGRA~1\PEREGR~1\ASSETC~1\rtany50;C:\WINDOWS\system32;C:\WINDOWS;\System32\Wbem;C:\Program Files\ActivCard\ActivCard Gold\resources;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Teleca Shared
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0403
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    QTJAVA=C:\Program Files\Java\jre1.5.0_13\lib\ext\QTJava.zip
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\fortunep\LOCALS~1\Temp
    TMP=C:\DOCUME~1\fortunep\LOCALS~1\Temp
    USERDNSDOMAIN=EMEA.CPQCORP.NET
    USERDOMAIN=EMEA
    USERNAME=fortunep
    USERPROFILE=C:\Documents and Settings\fortunep
    windir=C:\WINDOWS
    __COMPAT_LAYER=EnableNXShowUI


    -- User Profiles

    hpadmin (new local, admin)
    fortunep (admin)


    -- Add/Remove Programs

    --> C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ActivCard Gold --> MsiExec.exe /I{4C35ABDE-E901-4142-A973-94C4A16EDA6A}
    ActivCard Initialization Utility --> MsiExec.exe /X{DEF41238-3F22-479D-B755-E5AFBA7332B8}
    ActivIdentity Device Installer --> MsiExec.exe /I{90FE5BFC-C6C5-45D3-A7E3-463D707E2D44}
    Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
    Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
    Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
    Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
    Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
    Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
    Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
    Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
    Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
    Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
    Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
    Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
    Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
    Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
    Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
    Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
    Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
    Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
    Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
    Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
    Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
    Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
    Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe Reader Chinese Simplified Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2447-5A64-7E8A45000001}
    Adobe Reader Chinese Traditional Fonts --> MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001}
    Adobe Reader Japanese Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
    Adobe Reader Korean Fonts --> MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-7E8A45000001}
    Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
    Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
    Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
    Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
    Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
    Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
    Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
    AssetCenter version 3.60 us --> C:\Program Files\Peregrine\AssetCenter\setup.exe -u:'C:\Program Files\Peregrine\AssetCenter\setup.log' -i:'C:\Program Files\Peregrine\AssetCenter\setup.inf'
    AudioConverter Studio 5.9 --> "C:\Program Files\AudioConverter Studio\unins000.exe"
    Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
    AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
    CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"
    Citrix Presentation Server Client - Web Only --> MsiExec.exe /X{E9459BCF-0982-498B-ABA7-26C34323493F}
    Clarify2Span (Application Proxy) --> MsiExec.exe /X{F74AE6CD-35E7-4438-A7E3-3C19489DCC4C}
    Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Cryptext (Remove Only) --> rundll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\ShellExt\Cryptext.inf
    DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    FastStone Image Viewer 3.5 --> C:\Program Files\FastStone Image Viewer\uninst.exe
    FreeUndelete --> O:\Apps\FreeUndelete\GLF335.exe /handle:fru
    Gadwin PrintScreen Professional --> C:\Program Files\Gadwin Systems\PrintScreenPro\Uninstall.exe
    Google Gmail Notifier --> "C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
    GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
    High Definition Audio Driver Package - KB888111 -->
    HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
    HP One Click --> MsiExec.exe /X{42AB4D8C-BD78-4662-8A22-AE6ACA053525}
    Intel(R) Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
    InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
    J2SE Runtime Environment 5.0 Update 13 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150130}
    LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
    Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office FrontPage 2003 --> MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Professional Plus 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
    Microsoft Office Professional Plus 2007 --> MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Windows Script 5.7 --> "C:\WINDOWS\$NtUninstallscripten$\spuninst\spuninst.exe"
    Mindjet MindManager Viewer 7 --> MsiExec.exe /X{E0CE343A-DCE3-49EC-8D21-D13185B1C24A}
    Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    MyPhoneExplorer --> C:\Program Files\MyPhoneExplorer\uninstall.exe
    MySQL Server 5.0 --> MsiExec.exe /I{62392B8E-BD96-4232-8AD1-53D498590ACA}
    Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
    neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    PAL --> "C:\WINDOWS\IsUninst.exe" -y -f"C:\Program Files\PAL\Uninstl\DeIsL1.isu" -c"C:\Program Files\PAL\Uninstl\palunins.dll
    PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
    Peregrine Desktop Inventory 8.0.2 --> MsiExec.exe /I{6BF66328-D689-4FDC-80EF-C10765B4AEB3}
    QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
    R-Studio 4.2 --> E:\Apps\R-STUDIO\Uninstall.exe
    Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
    ScreenCapture --> MsiExec.exe /I{18F4CEF9-FDA5-4CE1-B700-84D78EB594BF}
    Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
    Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
    Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
    Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
    Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
    Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
    Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
    Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
    Sony Ericsson Device Data --> MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}
    Sony Ericsson Drivers --> MsiExec.exe /I{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}
    Sony Ericsson PC Suite --> C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall
    Sony Ericsson PC Suite --> MsiExec.exe /I{05675D95-1567-4E00-A818-DB08064EA088}
    Sony Ericsson PC Suite 3.209.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
    Sony Ericsson Themes Creator 3.27 --> C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
    SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Sygate Security Agent 4.1 --> MsiExec.exe /I{3988A8A8-000F-4016-9C0C-7D235F1D978B}
    Symantec AntiVirus --> MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}
    Symantec NetBackup Desktop Agent --> MsiExec.exe /I{D2BE4C7A-DDB0-4A2F-B3DD-534A891E6255}
    Syncrosoft's License Control --> C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
    SyncroSoft Emu (Remove only) --> C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
    Trojan Remover 6.7.1 --> "C:\Program Files\Trojan Remover\unins000.exe"
    Unlocker 1.8.6 --> C:\Program Files\Unlocker\uninst.exe
    Update Service --> C:\Program Files\Sony Ericsson\Update Service\uninst.exe
    USB Storage Driver --> DelUIDrv.exe
    User Profile Hive Cleanup Service --> MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
    VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    Virtual Earth 3D (Beta) --> MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
    WFM Client 5.4 P.05.08.220 --> C:\WINDOWS\IsUninst.exe -fC:\WFMClient5.4_P.05.08.220\Uninst.isu
    WFM Client 6.0 P.08.01.030 --> C:\WINDOWS\IsUninst.exe -fC:\WFMClient6.0_P.08.01.030\Uninst.isu
    Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
    WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
    XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"


    -- Application Event Log

    Event Record #/Type23826 / Error
    Event Submitted/Written: 08/06/2008 08:22:26 AM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application syncmldesktopserver.exe, version 5.2.0.12, faulting module unknown, version 0.0.0.0, fault address 0x00a9028f.
    Processing media-specific event for [syncmldesktopserver.exe!ws!]

    Event Record #/Type23822 / Success
    Event Submitted/Written: 08/06/2008 08:21:38 AM
    Event ID/Source: 12001 / usnjsvc
    Event Description:
    The Messenger Sharing USN Journal Reader service started successfully.

    Event Record #/Type23820 / Error
    Event Submitted/Written: 08/06/2008 08:18:55 AM
    Event ID/Source: 1004 / Application Error
    Event Description:
    Faulting application syg_hp.exe, version 1.8.1.2, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
    Error in creating result PEAP-TLV in response to received PEAP-TLV (syg_hp.exe!ld!)

    Event Record #/Type23818 / Error
    Event Submitted/Written: 08/06/2008 08:17:39 AM
    Event ID/Source: 1000 / Application Error
    Event Description:
    Faulting application syg_hp.exe, version 1.8.1.2, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.
    Processing media-specific event for [syg_hp.exe!ws!]

    Event Record #/Type23817 / Error
    Event Submitted/Written: 08/06/2008 08:17:36 AM
    Event ID/Source: 1030 / Userenv
    Event Description:
    Windows cannot query for the list of Group Policy objects. A message that describes the reason for this was previously logged by the policy engine.



    -- Security Event Log

    No Errors/Warnings found.


    -- System Event Log

    Event Record #/Type6093 / Error
    Event Submitted/Written: 08/06/2008 08:22:30 AM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The Computer Browser service terminated with the following error:
    %%1460

    Event Record #/Type6075 / Error
    Event Submitted/Written: 08/06/2008 08:18:50 AM
    Event ID/Source: 7034 / Service Control Manager
    Event Description:
    The HP Sygate Icon Control service terminated unexpectedly. It has done this 1 time(s).

    Event Record #/Type6062 / Error
    Event Submitted/Written: 08/06/2008 08:17:16 AM
    Event ID/Source: 1002 / Dhcp
    Event Description:
    The IP address lease 16.49.34.221 for the Network Card with network address 001635A425CF has been
    denied by the DHCP server 16.209.133.46 (The DHCP Server sent a DHCPNACK message).

    Event Record #/Type6054 / Warning
    Event Submitted/Written: 08/06/2008 06:58:52 AM
    Event ID/Source: 36 / W32Time
    Event Description:
    The time service has not been able to synchronize the system time
    for 49152 seconds because none of the time providers has been able to
    provide a usable time stamp. The system clock is unsynchronized.

    Event Record #/Type6013 / Error
    Event Submitted/Written: 08/01/2008 02:25:06 PM
    Event ID/Source: 7023 / Service Control Manager
    Event Description:
    The Computer Browser service terminated with the following error:
    %%1460



    -- End of Deckard's System Scanner: finished at 2008-08-06 08:26:48

    Cheers for lookin at these dude, you're a lifesaver

    HB


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Hello

    1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

    O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s


    2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




    Please download the OTMoveIt2 by OldTimer.
    • Save it to your desktop.
    • Please double-click OTMoveIt2.exe to run it.
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      [kill explorer]
      
      C:\WINDOWS\system32\msworld.exe
      C:\WINDOWS\system32\gjawynbm.dll
      C:\WINDOWS\system32\cqbglqew.dll
      C:\WINDOWS\system32\jveyqwqs.dll
      C:\WINDOWS\system32\elunviut.dll
      C:\WINDOWS\system32\vrixleom.dll
      C:\WINDOWS\system32\jvheodov.dll
      C:\WINDOWS\system32\whgksdvn.dll
      C:\WINDOWS\system32\dsfrocex.dll
      C:\WINDOWS\system32\wrsmtvcb.dll
      C:\WINDOWS\system32\fhdeuily.dll
      C:\WINDOWS\system32\uqvtfohi.dll
      C:\WINDOWS\system32\omirdbom.dll
      C:\WINDOWS\system32\eqytwlmb.dll
      C:\WINDOWS\system32\hpfwvswk.dll
      C:\WINDOWS\system32\ojbuiqae.dll
      C:\WINDOWS\system32\enrvuayl.dll
      C:\WINDOWS\system32\ehnbhfce.dll
      C:\WINDOWS\system32\xgiqbrhv.dll
      C:\WINDOWS\system32\qvmkrvii.dll
      C:\WINDOWS\system32\wthgog.dll
      C:\WINDOWS\system32\nyehwmrb.dll
      C:\WINDOWS\system32\mjfdei.dll
      C:\WINDOWS\system32\bojqefer.dll
      purity 
      EmptyTemp
      [start explorer]
      
    • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt2
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



    Reboot and post a new DSS Log


  • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


    Hey,
    thanks for all this help dude.
    The problem seems to be gone. It didn't go according to you plan but how and ever................
    When I ran OTMoveIt, it started to move the files but then it looked like it killed explorer cos the toolbar disappeared and then kinda hung, so I had to do a restart manually (this happened twice). It didn't create a log but it did have something in the MovedFiles folder, a file called jvheodov.dll.

    Anyway, heres the new dss log :)

    Deckard's System Scanner v20071014.68
    Run by fortunep on 2008-08-06 13:59:58
    Computer is in Normal Mode.

    Percentage of Memory in Use: 80% (more than 75%).


    -- HijackThis (run as fortunep.exe)

    Logfile of HijackThis v1.99.1
    Scan saved at 14:00:15, on 06/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SSA\smc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ActivCard\acautoreg.exe
    C:\Program Files\Common Files\ActivCard\accoca.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
    C:\PROGRA~1\sygate\ssa\syg_hp.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Remote tools\msraLinkMonitor.exe
    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
    C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
    C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
    C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\Microsoft Office Communicator\communicator.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\fortunep\Desktop\dss.exe
    C:\PROGRA~1\HIJACK~1\fortunep.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60327
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
    O2 - BHO: (no name) - {484B72EF-F408-467B-95B4-036C81D89C47} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
    O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
    O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
    O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
    O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\cqbglqew.dll",s
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
    O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
    O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
    O15 - Trusted Zone: http://ie.config.asia.compaq.com
    O15 - Trusted Zone: http://ie.config.eur.compaq.com
    O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
    O15 - Trusted Zone: http://ie.config.jp.compaq.com
    O15 - Trusted Zone: http://*.compaq.com
    O15 - Trusted Zone: *.cpqcorp.net
    O15 - Trusted Zone: http://*.dcu.org
    O15 - Trusted Zone: http://ie.config.ecom.dec.com
    O15 - Trusted Zone: http://*.dec.com
    O15 - Trusted Zone: *.hp.com
    O15 - Trusted Zone: http://*.hpe-learning.com
    O15 - Trusted Zone: *.hpqcorp.net
    O15 - Trusted Zone: *.hpshopping.com
    O15 - Trusted Zone: http://ie.config.tandem.com
    O15 - Trusted Zone: http://*.tandem.com
    O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
    O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
    O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
    O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
    O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
    O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
    O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
    O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
    O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
    O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
    O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
    O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
    O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe


    -- Files created between 2008-07-06 and 2008-08-06

    2008-08-06 12:06:22 0 d
    C:\Documents and Settings\fortunep\tracing
    2008-08-06 12:03:32 0 d
    C:\Program Files\Microsoft Office Communicator
    2008-08-01 14:26:47 0 d
    C:\Program Files\MSN Messenger
    2008-08-01 14:05:44 162304 --a
    C:\WINDOWS\system32\ztvunrar36.dll
    2008-08-01 14:05:44 77312 --a
    C:\WINDOWS\system32\ztvunace26.dll
    2008-08-01 14:05:43 69632 --a
    C:\WINDOWS\system32\ztvcabinet.dll <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) 2000 Operating System>
    2008-08-01 14:05:42 75264 --a
    C:\WINDOWS\system32\unacev2.dll
    2008-08-01 14:05:41 153088 --a
    C:\WINDOWS\system32\UNRAR3.dll
    2008-08-01 14:05:33 0 d
    C:\Program Files\Trojan Remover
    2008-08-01 14:05:33 0 d
    C:\Documents and Settings\fortunep\Application Data\Simply Super Software
    2008-08-01 14:05:33 0 d
    C:\Documents and Settings\All Users\Application Data\Simply Super Software
    2008-08-01 08:46:32 0 d
    C:\spoolerlogs
    2008-07-31 15:57:46 0 d
    C:\Batches
    2008-07-31 15:38:44 118784 --a
    C:\WINDOWS\system32\whgksdvn.dll
    2008-07-31 15:38:25 118784 --a
    C:\WINDOWS\system32\dsfrocex.dll
    2008-07-31 15:38:06 118784 --a
    C:\WINDOWS\system32\wrsmtvcb.dll
    2008-07-31 15:37:47 118784 --a
    C:\WINDOWS\system32\fhdeuily.dll
    2008-07-31 15:37:29 118784 --a
    C:\WINDOWS\system32\uqvtfohi.dll
    2008-07-31 15:34:23 118784 --a
    C:\WINDOWS\system32\omirdbom.dll
    2008-07-31 15:34:03 118784 --a
    C:\WINDOWS\system32\eqytwlmb.dll
    2008-07-31 15:33:44 118784 --a
    C:\WINDOWS\system32\hpfwvswk.dll
    2008-07-31 15:33:25 118784 --a
    C:\WINDOWS\system32\ojbuiqae.dll
    2008-07-31 15:33:06 118784 --a
    C:\WINDOWS\system32\enrvuayl.dll
    2008-07-31 15:32:47 118784 --a
    C:\WINDOWS\system32\ehnbhfce.dll
    2008-07-31 15:32:25 118784 --a
    C:\WINDOWS\system32\xgiqbrhv.dll
    2008-07-31 15:32:23 118784 --a
    C:\WINDOWS\system32\qvmkrvii.dll
    2008-07-31 15:30:21 94208 --a
    C:\WINDOWS\system32\wthgog.dll
    2008-07-31 15:30:20 94208 --a
    C:\WINDOWS\system32\nyehwmrb.dll
    2008-07-31 14:47:08 0 d
    C:\Mac Casper Scans
    2008-07-31 09:20:38 6635520 --a
    C:\Documents and Settings\fortunep\ntuser.dat
    2008-07-23 10:41:23 0 d
    C:\Omega
    2008-07-23 10:39:59 0 d
    C:\Excel Add Ins
    2008-07-22 14:26:21 0 d
    C:\SRD
    2008-07-22 09:34:04 225280 --a
    C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
    2008-07-22 09:31:36 0 d
    C:\Program Files\Outsim
    2008-07-22 08:08:24 95232 --a
    C:\WINDOWS\system32\mjfdei.dll
    2008-07-22 08:08:24 95232 --a
    C:\WINDOWS\system32\bojqefer.dll
    2008-07-21 14:45:56 0 d
    C:\Documents and Settings\fortunep\Application Data\vlc
    2008-07-21 14:42:21 0 d
    C:\Program Files\VideoLAN
    2008-07-21 12:13:32 0 d
    C:\Documents and Settings\fortunep\Application Data\cYo
    2008-07-21 11:58:17 4512 --a
    C:\peregrine.reg
    2008-07-21 11:08:46 0 d
    C:\Scans
    2008-07-21 10:44:07 0 d
    C:\Program Files\Mindjet
    2008-07-17 08:26:15 0 d
    C:\Program Files\OpenDrive
    2008-07-16 10:42:01 284 --a
    C:\Pj6preffile.dat
    2008-07-15 09:36:11 0 d
    C:\Program Files\GPL MPEG Decoder
    2008-07-14 08:38:00 0 d
    C:\Program Files\Solveig Multimedia
    2008-07-09 12:36:58 43698 --a
    C:\WINDOWS\system32\xvid-uninstall.exe


    -- Find3M Report

    2008-08-06 13:49:05 0 d
    C:\Program Files\symantec antivirus
    2008-08-01 08:49:16 0 d
    C:\Program Files\Google
    2008-08-01 08:42:16 0 d
    C:\Program Files\Bonjour
    2008-07-31 14:16:34 0 d
    C:\Documents and Settings\fortunep\Application Data\messages
    2008-07-31 08:32:31 0 d
    C:\Program Files\ReadManiac
    2008-07-30 16:32:13 0 d
    C:\Program Files\Hewlett-Packard
    2008-07-30 09:34:23 0 d
    C:\Program Files\Common Files
    2008-07-30 09:30:56 0 d
    C:\Program Files\VstPlugins
    2008-07-29 16:55:05 0 d
    C:\Program Files\MediaMonkey
    2008-07-29 16:53:43 0 d
    C:\Program Files\Panda Security
    2008-07-24 11:28:36 0 d
    C:\Documents and Settings\fortunep\Application Data\MyPhoneExplorer
    2008-07-16 16:51:25 0 d
    C:\Documents and Settings\fortunep\Application Data\Adobe
    2008-07-09 12:33:48 464 --a
    C:\Documents and Settings\fortunep\Application Data\AutoGK.ini
    2008-07-04 10:24:17 0 d
    C:\Documents and Settings\fortunep\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2008-07-04 10:19:33 0 d
    C:\Program Files\Common Files\Adobe AIR
    2008-07-03 08:58:57 0 d
    C:\Documents and Settings\fortunep\Application Data\Command & Conquer 3 Kane's Wrath
    2008-06-27 09:36:11 0 d
    C:\Program Files\Avanquest update
    2008-06-27 09:36:07 0 d--h
    C:\Program Files\InstallShield Installation Information
    2008-06-27 08:20:51 0 d
    C:\Program Files\Symantec
    2008-06-26 12:16:01 0 d
    C:\Documents and Settings\fortunep\Application Data\VirtuaWin
    2008-06-26 09:02:29 0 dr-h
    C:\Documents and Settings\fortunep\Application Data\SecuROM
    2008-06-26 09:01:39 0 d
    C:\Program Files\Common Files\InstallShield
    2008-06-26 08:23:25 0 d
    C:\Documents and Settings\fortunep\Application Data\Canneverbe_Limited
    2008-06-26 08:21:45 0 d
    C:\Program Files\CDBurnerXP
    2008-06-24 16:01:22 0 d
    C:\Program Files\Sony Ericsson
    2008-06-24 10:51:45 0 d
    C:\Program Files\SUPERAntiSpyware
    2008-06-24 10:51:44 0 d
    C:\Documents and Settings\fortunep\Application Data\SUPERAntiSpyware.com
    2008-06-24 10:51:29 0 d
    C:\Program Files\Common Files\Wise Installation Wizard
    2008-06-24 10:45:50 0 d
    C:\Documents and Settings\fortunep\Application Data\Malwarebytes
    2008-06-24 10:45:48 0 d
    C:\Program Files\Malwarebytes' Anti-Malware
    2008-06-12 09:40:52 0 d
    C:\Program Files\Citrix
    2008-06-12 09:33:51 0 d
    C:\Documents and Settings\fortunep\Application Data\ICAClient
    2008-06-12 09:14:42 0 d
    C:\Program Files\Virtual Earth 3D
    2008-06-11 12:25:41 262144 --a
    C:\WINDOWS\system32\default_user_class.dat
    2008-06-11 09:32:51 696 --a
    C:\DOCUME
    2008-06-10 08:22:59 0 d
    C:\Documents and Settings\fortunep\Application Data\Nero
    2008-06-10 08:21:38 0 d
    C:\Program Files\Common Files\Nero
    2008-06-10 08:19:51 0 d
    C:\Program Files\Nero
    2008-05-29 09:35:36 86528 --a
    C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
    2008-05-22 10:40:58 94 --a
    C:\radkill.bat


    -- Registry Dump

    *Note* empty entries & legit default entries are not shown


    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{484B72EF-F408-467B-95B4-036C81D89C47}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COEMsgDisplay"="C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [11/04/2007 20:44]
    "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [26/06/2007 23:06]
    "SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [05/08/2005 17:22]
    "GetIT"="C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe" [04/12/2007 01:12]
    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/03/2006 19:02]
    "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [27/05/2006 02:01]
    "IDA"="C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE" [03/01/2008 23:54]
    "RTHDCPL"="RTHDCPL.EXE" [11/10/2006 18:36 C:\WINDOWS\RTHDCPL.EXE]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [06/10/2006 11:11]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [06/10/2006 11:13]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [06/10/2006 11:10]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" [25/09/2007 21:23]
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 22:48]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 23:37]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [01/03/2008 06:10]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 19:49]
    "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [23/10/2005 00:00]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [20/02/2007 13:06]
    "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51]
    "Desktop Service"="C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe" []
    "BVRPLiveUpdate"="C:\Program Files\Avanquest update\Engine\Setup.exe" []
    "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [30/07/2008 15:00]
    "Communicator"="C:\Program Files\Microsoft Office Communicator\communicator.exe" [06/08/2008 12:03]
    "BM87b0e2d2"="C:\WINDOWS\system32\cqbglqew.dll" []

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 01:56]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [20/02/2008 17:19]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [20/09/2007 15:35]
    "Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [21/07/2008 11:38]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [24/09/2005 04:05:26]
    Symantec NetBackup Desktop Agent.lnk - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [04/01/2008 06:50:04]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [08/06/2005 15:51:35]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"=0 (0x0)
    "SynchronousUserGroupPolicy"=0 (0x0)
    "DisableNT4Policy"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "NoDispBackgroundPage"=0 (0x0)
    "NoDispScrSavPage"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"=0 (0x0)
    "NoMSAppLogo5ChannelNotify"=1 (0x1)
    "NoToolbarCustomize"=0 (0x0)
    "NoBandCustomize"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoWindowsUpdate"=0 (0x0)
    "Btn_Back"=0 (0x0)
    "Btn_Forward"=0 (0x0)
    "Btn_Stop"=0 (0x0)
    "Btn_Refresh"=0 (0x0)
    "Btn_Home"=0 (0x0)
    "Btn_Search"=0 (0x0)
    "Btn_History"=0 (0x0)
    "Btn_Favorites"=0 (0x0)
    "Btn_Media"=0 (0x0)
    "Btn_Folders"=0 (0x0)
    "Btn_Fullscreen"=0 (0x0)
    "Btn_Tools"=0 (0x0)
    "Btn_MailNews"=0 (0x0)
    "Btn_Size"=0 (0x0)
    "Btn_Print"=0 (0x0)
    "Btn_Edit"=0 (0x0)
    "Btn_Discussions"=0 (0x0)
    "Btn_Cut"=0 (0x0)
    "Btn_Copy"=0 (0x0)
    "Btn_Paste"=0 (0x0)
    "Btn_Encoding"=0 (0x0)
    "Btn_PrintPreview"=0 (0x0)
    "NoActiveDesktop"=0 (0x0)
    "NoActiveDesktopChanges"=0 (0x0)
    "NoInternetIcon"=0 (0x0)
    "NoDesktop"=0 (0x0)
    "NoFavoritesMenu"=0 (0x0)
    "NoFind"=0 (0x0)
    "NoRun"=0 (0x0)
    "NoSetActiveDesktop"=0 (0x0)
    "NoChangeStartMenu"=0 (0x0)
    "NoFolderOptions"=0 (0x0)
    "NoRecentDocsMenu"=0 (0x0)
    "NoRecentDocsHistory"=0 (0x0)
    "ClearRecentDocsOnExit"=0 (0x0)
    "NoLogoff"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoSetTaskbar"=0 (0x0)
    "NoTrayContextMenu"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [13/05/2008 10:13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
    "Script"=NOITSCAN.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1957994488-842925246-40105171-690474\Scripts\Logon\0\0]
    "Script"=NOITSCAN.bat

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




    -- End of Deckard's System Scanner: finished at 2008-08-06 14:00:38

    Cheers again dude, am sending bucketloads of good karma you direction :)

    HB


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    This will do the job, seems some of it returned

    Please visit this web page for instructions for downloading and running ComboFix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    This includes installing the Windows XP Recovery Console in case you have not installed it yet.

    For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

    Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

    Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.


  • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


    Hey Again
    Have those logs, havin trouble posting with them in the text.....weird I know but I've attached them here so I hope they have good news.
    Cheers again for the assistance dude

    HB


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    See if you can post these normally

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the quotebox below into it:
    File::
    C:\WINDOWS\system32\nufvpuvl.dll.vir
    C:\WINDOWS\system32\pmnnLFyy.dll.vir
    C:\WINDOWS\system32\qOihfCsT.dll.vir

    Folder::

    Registry::

    Driver::

    Save this as CFScript.txt, in the same location as ComboFix.exe


    CFScriptB-4.gif

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




    Please do an online scan with Kaspersky WebScanner

    Make sure you are using Internet Explorer for this. Click on Kaspersky Online Scanner and click Accept

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make that the following are selected:
      • Scan using the following Anti-Virus database:
        Extended (if available otherwise Standard)
      • Scan Options:
        Scan Archives
        Scan Mail Bases


        [*]Click OK
        [*]Now under select a target to scan:
          Select
        My Computer

        [*]This will program will start and scan your system.
        [*]The scan will take a while so be patient and let it run.
        [*]Once the scan is complete it will display if your system has been infected.
        • Now click on the Save as Text button:
        [*]Save the file to your desktop.
        [*]Copy and paste that information in your next post.



        Also post a new HijackThis log


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Hi Again
        Ok have the ComboFix bit done but the Online Scanner is givin me probs.
        It keeps giving an error "The Kaspersky Online Scanner License has expired"
        This pops up as it's downloading the latest database and hangs the process :(
        Any idea whats going on ActorSeeksJob? :)

        Cheers

        HB


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Go to Start > Control Panel > ADd or Remove Programs > Remove Kaspersky Online Scanner

        Reboot and try it again

        If it fails do this

        Please download Malwarebytes' Anti-Malware from Here or Here

        Double Click mbam-setup.exe to install the application.
        • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
        • If an update is found, it will download and install the latest version.
        • Once the program has loaded, select "Perform Quick Scan", then click Scan.
        • The scan may take some time to finish,so please be patient.
        • When the scan is complete, click OK, then Show Results to view the results.
        • Make sure that everything is checked, and click Remove Selected.
        • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
        • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
        • Copy&Paste the entire report in your next reply.
        Extra Note:
        If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Okey Dokey
        Here's the log file form MBAM, couldn't get the online scanner to work at all......odd...

        Malwarebytes' Anti-Malware 1.18
        Database version: 884

        15:45:46 2008-08-07
        mbam-log-8-7-2008 (15-45-46).txt

        Scan type: Quick Scan
        Objects scanned: 44831
        Time elapsed: 22 minute(s), 1 second(s)

        Memory Processes Infected: 1
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 2
        Files Infected: 17

        Memory Processes Infected:
        C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> Unloaded process successfully.

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

        Files Infected:
        C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
        C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
        C:\Program Files\VAV\vav.ooo (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
        C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
        C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
        C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
        C:\Documents and Settings\fortunep\Desktop\Vista Antivirus 2008.lnk (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

        Cheers Dude
        If ye need anything else let me know

        HB


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        And heres the HiJack This log and the ComboFix log.....

        Logfile of HijackThis v1.99.1
        Scan saved at 15:50, on 2008-08-07
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sygate\SSA\smc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\ActivCard\acautoreg.exe
        C:\Program Files\Common Files\ActivCard\accoca.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        C:\PROGRA~1\sygate\ssa\syg_hp.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Remote tools\msraLinkMonitor.exe
        C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\Program Files\CDBurnerXP\NMSAccessU.exe
        C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\UPHClean\uphclean.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\Program Files\Unlocker\UnlockerAssistant.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
        C:\Program Files\Microsoft Office Communicator\communicator.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
        C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
        C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        C:\Program Files\Common Files\Teleca Shared\Generic.exe
        C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Symantec AntiVirus\SavRoam.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Symantec AntiVirus\vptray.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        C:\WINDOWS\system32\mstsc.exe
        C:\Program Files\Windows Media Player\wmplayer.exe
        C:\WINDOWS\system32\msiexec.exe
        C:\Program Files\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O2 - BHO: QXK Olive - {86A223EE-081B-4CF9-98FB-52514CE4A8E1} - C:\WINDOWS\wnlmdakqenv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
        O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
        O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
        O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
        O4 - HKLM\..\Run: [\Win85.exe] C:\Windows\system32\Win85.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
        O4 - HKCU\..\Run: [\Win85.exe] C:\Windows\system32\Win85.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = ?
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
        O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com
        O15 - Trusted Zone: http://ie.config.eur.compaq.com
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
        O15 - Trusted Zone: http://ie.config.jp.compaq.com
        O15 - Trusted Zone: http://*.compaq.com
        O15 - Trusted Zone: *.cpqcorp.net
        O15 - Trusted Zone: http://*.dcu.org
        O15 - Trusted Zone: http://ie.config.ecom.dec.com
        O15 - Trusted Zone: http://*.dec.com
        O15 - Trusted Zone: *.hp.com
        O15 - Trusted Zone: http://*.hpe-learning.com
        O15 - Trusted Zone: *.hpqcorp.net
        O15 - Trusted Zone: *.hpshopping.com
        O15 - Trusted Zone: http://ie.config.tandem.com
        O15 - Trusted Zone: http://*.tandem.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
        O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
        O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
        O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
        O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
        O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
        O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
        O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
        O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
        O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
        O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
        O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe




        ComboFix 08-08-06.02 - fortunep 2008-08-07 12:34:51.3 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.191 [GMT 1:00]
        Running from: C:\Documents and Settings\fortunep\Desktop\ComboFix.exe
        Command switches used :: C:\Documents and Settings\fortunep\Desktop\CFScript.txt
        * Created a new restore point

        FILE ::
        C:\WINDOWS\system32\nufvpuvl.dll.vir
        C:\WINDOWS\system32\pmnnLFyy.dll.vir
        C:\WINDOWS\system32\qOihfCsT.dll.vir
        .

        ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\WINDOWS\system32\nufvpuvl.dll.vir
        C:\WINDOWS\system32\pmnnLFyy.dll.vir
        C:\WINDOWS\system32\qOihfCsT.dll.vir

        .
        ((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
        .

        2008-08-07 09:10 . 2006-01-31 19:29 107,696 --a
        C:\WINDOWS\system32\drivers\SYMEVENT.SYS
        2008-08-07 09:10 . 2006-01-31 19:29 87,808 --a
        C:\WINDOWS\system32\S32EVNT1.DLL
        2008-08-06 12:06 . 2008-08-07 09:06 <DIR> d
        C:\Documents and Settings\fortunep\tracing
        2008-08-06 12:03 . 2008-08-06 12:03 <DIR> d
        C:\Program Files\Microsoft Office Communicator
        2008-08-06 08:22 . 2008-08-06 08:22 <DIR> d
        C:\Deckard
        2008-08-06 08:14 . 2008-08-06 08:14 <DIR> d
        C:\_OTMoveIt
        2008-08-01 14:26 . 2008-08-01 14:26 <DIR> d
        C:\Program Files\MSN Messenger
        2008-08-01 08:46 . 2008-08-01 08:46 <DIR> d
        C:\spoolerlogs
        2008-07-31 15:57 . 2008-07-31 15:57 <DIR> d
        C:\Batches
        2008-07-31 14:47 . 2008-07-31 15:06 <DIR> d
        C:\Mac Casper Scans
        2008-07-30 09:06 . 2008-07-30 09:05 185,856 --a
        C:\WINDOWS\system32\framedyn.dll
        2008-07-30 09:05 . 2008-07-30 09:05 185,856 --a
        C:\framedyn.dll
        2008-07-23 10:41 . 2008-07-23 13:34 <DIR> d
        C:\Omega
        2008-07-23 10:39 . 2008-08-06 16:24 <DIR> d
        C:\Excel Add Ins
        2008-07-22 14:26 . 2008-07-22 14:26 <DIR> d
        C:\SRD
        2008-07-22 09:34 . 2006-06-20 09:56 225,280 --a
        C:\WINDOWS\system32\rewire.dll
        2008-07-22 09:33 . 2002-07-07 23:14 1,294,336 --a
        C:\WINDOWS\system32\vorbis.acm
        2008-07-22 09:31 . 2008-07-22 09:31 <DIR> d
        C:\Program Files\Outsim
        2008-07-22 08:55 . 2008-07-22 08:55 162 --ah
        C:\~$S Software Recognition Database Creation Guide V1 1.doc
        2008-07-21 14:45 . 2008-07-21 14:45 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\vlc
        2008-07-21 14:42 . 2008-07-30 09:34 <DIR> d
        C:\Program Files\VideoLAN
        2008-07-21 12:13 . 2008-07-21 12:13 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\cYo
        2008-07-21 11:58 . 2008-07-21 11:58 4,512 --a
        C:\peregrine.reg
        2008-07-21 11:08 . 2008-07-21 11:09 <DIR> d
        C:\Scans
        2008-07-21 10:44 . 2008-07-21 10:44 <DIR> d
        C:\Program Files\Mindjet
        2008-07-21 10:44 . 2008-07-21 10:44 106 --a
        C:\WINDOWS\Library.ini
        2008-07-17 08:26 . 2008-07-29 16:23 <DIR> d
        C:\Program Files\OpenDrive
        2008-07-16 10:42 . 2008-07-16 10:43 284 --a
        C:\Pj6preffile.dat
        2008-07-16 08:50 . 2008-07-16 08:50 0 --a
        C:\20070608_0242.JPG
        2008-07-15 16:37 . 2008-07-15 16:37 520,047 --a
        C:\Soft Jul 31 LMS .jpg
        2008-07-15 16:36 . 2008-07-15 16:36 308,054 --a
        C:\bbq.bmp
        2008-07-15 09:36 . 2008-07-15 09:36 <DIR> d
        C:\Program Files\GPL MPEG Decoder
        2008-07-14 08:38 . 2008-07-30 09:34 <DIR> d
        C:\Program Files\Solveig Multimedia
        2008-07-09 12:36 . 2008-07-09 12:36 43,698 --a
        C:\WINDOWS\system32\xvid-uninstall.exe

        .
        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-08-07 11:44
        d
        w C:\Program Files\symantec antivirus
        2008-08-07 08:15
        d
        w C:\Program Files\Common Files\Symantec Shared
        2008-08-07 08:10
        d
        w C:\Program Files\Symantec
        2008-08-07 08:10
        d
        w C:\Documents and Settings\All Users\Application Data\Symantec
        2008-08-01 13:20
        d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
        2008-08-01 07:49
        d
        w C:\Program Files\Google
        2008-08-01 07:42
        d
        w C:\Program Files\Bonjour
        2008-07-31 15:35
        d
        w C:\Documents and Settings\All Users\Application Data\Microsoft Help
        2008-07-31 13:16
        d
        w C:\Documents and Settings\fortunep\Application Data\messages
        2008-07-31 07:32
        d
        w C:\Program Files\ReadManiac
        2008-07-30 15:32
        d
        w C:\Program Files\Hewlett-Packard
        2008-07-30 10:14
        d
        w C:\Documents and Settings\All Users\Application Data\WLInstaller
        2008-07-30 08:30
        d
        w C:\Program Files\VstPlugins
        2008-07-29 15:55
        d
        w C:\Program Files\MediaMonkey
        2008-07-29 15:53
        d
        w C:\Program Files\Panda Security
        2008-07-24 10:28
        d
        w C:\Documents and Settings\fortunep\Application Data\MyPhoneExplorer
        2008-07-04 09:24
        d
        w C:\Documents and Settings\fortunep\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
        2008-07-04 09:19
        d
        w C:\Program Files\Common Files\Adobe AIR
        2008-07-03 07:58
        d
        w C:\Documents and Settings\fortunep\Application Data\Command & Conquer 3 Kane's Wrath
        2008-06-27 08:36
        d--h--w C:\Program Files\InstallShield Installation Information
        2008-06-27 08:36
        d
        w C:\Program Files\Avanquest update
        2008-06-26 11:16
        d
        w C:\Documents and Settings\fortunep\Application Data\VirtuaWin
        2008-06-26 08:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
        2008-06-26 08:02
        d--h--r C:\Documents and Settings\fortunep\Application Data\SecuROM
        2008-06-26 08:01
        d
        w C:\Program Files\Common Files\InstallShield
        2008-06-26 07:23
        d
        w C:\Documents and Settings\fortunep\Application Data\Canneverbe_Limited
        2008-06-26 07:21
        d
        w C:\Program Files\CDBurnerXP
        2008-06-24 15:01
        d
        w C:\Program Files\Sony Ericsson
        2008-06-24 09:52
        d
        w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
        2008-06-24 09:51
        d
        w C:\Program Files\SUPERAntiSpyware
        2008-06-24 09:51
        d
        w C:\Program Files\Common Files\Wise Installation Wizard
        2008-06-24 09:51
        d
        w C:\Documents and Settings\fortunep\Application Data\SUPERAntiSpyware.com
        2008-06-24 09:45
        d
        w C:\Program Files\Malwarebytes' Anti-Malware
        2008-06-24 09:45
        d
        w C:\Documents and Settings\fortunep\Application Data\Malwarebytes
        2008-06-24 09:45
        d
        w C:\Documents and Settings\All Users\Application Data\Malwarebytes
        2008-06-24 07:40
        d
        w C:\Documents and Settings\All Users\Application Data\direct_print_uninstall
        2008-06-19 16:48 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
        2008-06-19 16:47 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
        2008-06-12 08:40
        d
        w C:\Program Files\Citrix
        2008-06-12 08:33
        d
        w C:\Documents and Settings\fortunep\Application Data\ICAClient
        2008-06-12 08:14
        d
        w C:\Program Files\Virtual Earth 3D
        2008-06-10 07:22
        d
        w C:\Documents and Settings\fortunep\Application Data\Nero
        2008-06-10 07:21
        d
        w C:\Program Files\Common Files\Nero
        2008-06-10 07:19
        d
        w C:\Program Files\Nero
        2008-06-10 07:19
        d
        w C:\Documents and Settings\All Users\Application Data\Nero
        2008-05-29 08:35 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
        2008-05-23 09:40 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
        2008-05-22 09:40 94 ----a-w C:\radkill.bat
        2007-08-15 22:16 13,459 ----a-w C:\WINDOWS\system32\config\systemprofile\createprof.vbs
        2007-08-15 22:16 13,459 ----a-w C:\Documents and Settings\hpadmin\createprof.vbs
        2007-08-15 22:16 13,459 ----a-w C:\Documents and Settings\fortunep\createprof.vbs
        2007-08-15 22:16 13,459 ----a-w C:\Documents and Settings\Default User\createprof.vbs
        2007-08-07 17:32 2,354 ----a-w C:\WINDOWS\system32\config\systemprofile\enablecoe.vbs
        2007-08-07 17:32 2,354 ----a-w C:\Documents and Settings\hpadmin\enablecoe.vbs
        2004-07-23 21:44 1,431,144 ----a-w C:\WINDOWS\inf\SET69.tmp
        2008-02-07 20:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
        2008-02-07 20:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
        2008-02-07 20:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
        2008-02-07 20:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
        2008-02-07 20:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
        2008-02-07 20:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
        2008-02-07 20:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
        2007-03-16 16:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
        2007-03-16 16:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
        2007-03-16 16:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
        2007-07-20 11:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
        2008-02-07 20:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
        .

        ((((((((((((((((((((((((((((( snapshot@2008-08-07_ 8.35.54.64 )))))))))))))))))))))))))))))))))))))))))
        .
        - 2008-08-06 15:12:35 25,214 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\ARPPRODUCTICON.exe
        + 2008-08-07 08:11:06 25,214 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\ARPPRODUCTICON.exe
        - 2008-08-06 15:12:34 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
        + 2008-08-07 08:11:06 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
        - 2008-08-06 15:12:35 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
        + 2008-08-07 08:11:06 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\NewShortcut1.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
        .
        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
        "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
        "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
        "Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2008-07-21 11:38 516096]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "COEMsgDisplay"="C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 20:44 26624]
        "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2007-06-26 23:06 225280]
        "SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2005-08-05 17:22 2582240]
        "GetIT"="C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe" [2007-12-04 01:12 286720]
        "IDA"="C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE" [2008-01-03 23:54 176128]
        "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 11:11 98304]
        "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 11:13 114688]
        "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 11:10 94208]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" [2007-09-25 21:23 75256]
        "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
        "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
        "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 06:10 15872]
        "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352]
        "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
        "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06 741376]
        "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
        "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
        "Communicator"="C:\Program Files\Microsoft Office Communicator\communicator.exe" [2008-08-06 12:03 5720072]
        "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 19:02 53408]
        "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-27 02:01 124656]
        "RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 16267776 C:\WINDOWS\RTHDCPL.EXE]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
        Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 04:05:26 29696]
        Symantec NetBackup Desktop Agent.lnk - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [2008-01-04 06:50:04 7304568]
        WinZip Quick Pick.lnk - c:\WINDOWS\Installer\{9FDF923E-DB53-41E4-8CE6-8DEB8301C12E}\Icon_WZQKPICK.EXE [2008-08-06 15:10:57 65536]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "SynchronousMachineGroupPolicy"= 0 (0x0)
        "SynchronousUserGroupPolicy"= 0 (0x0)
        "DisableNT4Policy"= 1 (0x1)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
        "NoMSAppLogo5ChannelNotify"= 1 (0x1)
        "NoBandCustomize"= 0 (0x0)

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "Btn_Back"= 0 (0x0)
        "Btn_Forward"= 0 (0x0)
        "Btn_Stop"= 0 (0x0)
        "Btn_Refresh"= 0 (0x0)
        "Btn_Home"= 0 (0x0)
        "Btn_Search"= 0 (0x0)
        "Btn_History"= 0 (0x0)
        "Btn_Favorites"= 0 (0x0)
        "Btn_Media"= 0 (0x0)
        "Btn_Folders"= 0 (0x0)
        "Btn_Fullscreen"= 0 (0x0)
        "Btn_Tools"= 0 (0x0)
        "Btn_MailNews"= 0 (0x0)
        "Btn_Size"= 0 (0x0)
        "Btn_Print"= 0 (0x0)
        "Btn_Edit"= 0 (0x0)
        "Btn_Discussions"= 0 (0x0)
        "Btn_Cut"= 0 (0x0)
        "Btn_Copy"= 0 (0x0)
        "Btn_Paste"= 0 (0x0)
        "Btn_Encoding"= 0 (0x0)
        "Btn_PrintPreview"= 0 (0x0)
        "NoFavoritesMenu"= 0 (0x0)
        "NoLogoff"= 0 (0x0)

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
        "Script"=NOITSCAN.bat

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1957994488-842925246-40105171-690474\Scripts\Logon\0\0]
        "Script"=NOITSCAN.bat

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusDisableNotify"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)
        "DisableNotifications"= 1 (0x1)
        "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\MSN Messenger\\livecall.exe"=

        R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys [2007-04-06 11:46]
        R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys [2007-06-26 23:06]
        R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys [2007-04-06 11:46]
        R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys [2007-06-26 23:06]
        R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]
        S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys [2007-06-26 23:06]
        S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
        S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-05-23 10:40]

        *Newly Created Service* - CATCHME
        *Newly Created Service* - CCEVTMGR
        *Newly Created Service* - CCSETMGR
        *Newly Created Service* - DEFWATCH
        *Newly Created Service* - ERASERUTILDRV10741
        *Newly Created Service* - NAVENG
        *Newly Created Service* - NAVEX15
        *Newly Created Service* - SAVROAM
        *Newly Created Service* - SAVRT
        *Newly Created Service* - SAVRTPEL
        *Newly Created Service* - SPBBCDRV
        *Newly Created Service* - SPBBCSVC
        *Newly Created Service* - SYMANTEC_ANTIVIRUS
        *Newly Created Service* - SYMREDRV
        .
        Contents of the 'Scheduled Tasks' folder

        2008-08-07 C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-07 C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
        - C:\Program Files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-23 23:27]

        2008-08-07 C:\WINDOWS\Tasks\IDA{884F3959-E5F7-11D1-9B15-080009F878E4}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-07 C:\WINDOWS\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]
        .
        **************************************************************************

        catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-08-07 12:48:24
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden autostart entries ...

        scanning hidden files ...

        scan completed successfully
        hidden files: 0

        **************************************************************************

        [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
        "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

        [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\vsdatant]
        "ImagePath"=""
        .
        Completion time: 2008-08-07 13:06:59
        ComboFix-quarantined-files.txt 2008-08-07 12:06:00
        ComboFix2.txt 2008-08-07 07:36:46

        Pre-Run: 53,223,088,128 bytes free
        Post-Run: 53,197,623,296 bytes free

        277


        Cheers


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Hello

        1. Close any open browsers.

        2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

        3. Open notepad and copy/paste the text in the quotebox below into it:
        File::

        Folder::

        Registry::
        O2 - BHO: QXK Olive - {86A223EE-081B-4CF9-98FB-52514CE4A8E1} - C:\WINDOWS\wnlmdakqenv.dll
        O4 - HKLM\..\Run: [\Win85.exe] C:\Windows\system32\Win85.exe
        O4 - HKCU\..\Run: [\Win85.exe] C:\Windows\system32\Win85.exe

        Driver::

        Save this as CFScript.txt, in the same location as ComboFix.exe


        CFScriptB-4.gif

        Refering to the picture above, drag CFScript into ComboFix.exe

        When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



        Also post a new HijackThis log


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Stranger and Stranger
        I did all the above steps and all that happened was that ComboFix hung and gave me the attached error. I just rebooted. No log file was created :(


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Post a new HijackThis log


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Heres that HijackThis log
        The machine is workin better than ever BTW, you certainly know your stuff :).
        BTW, every time I run ComboFix it screws up my antivirus and I have to uninstall and reinstall it.
        It's annoyin but not the end of the world


        Logfile of HijackThis v1.99.1
        Scan saved at 08:43, on 2008-08-08
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v7.00 (7.00.6000.16640)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sygate\SSA\smc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\ActivCard\acautoreg.exe
        C:\Program Files\Common Files\ActivCard\accoca.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        C:\PROGRA~1\sygate\ssa\syg_hp.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Remote tools\msraLinkMonitor.exe
        C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\Program Files\CDBurnerXP\NMSAccessU.exe
        C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\UPHClean\uphclean.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\Program Files\Unlocker\UnlockerAssistant.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
        C:\Program Files\Microsoft Office Communicator\communicator.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
        C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
        C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Common Files\Teleca Shared\Generic.exe
        C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Symantec AntiVirus\SavRoam.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Symantec AntiVirus\vptray.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\Program Files\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
        O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
        O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
        O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
        O4 - HKLM\..\Run: [\Win85.exe] C:\Windows\system32\Win85.exe
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
        O4 - HKCU\..\Run: [\Win85.exe] C:\Windows\system32\Win85.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = ?
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
        O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com
        O15 - Trusted Zone: http://ie.config.eur.compaq.com
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
        O15 - Trusted Zone: http://ie.config.jp.compaq.com
        O15 - Trusted Zone: http://*.compaq.com
        O15 - Trusted Zone: *.cpqcorp.net
        O15 - Trusted Zone: http://*.dcu.org
        O15 - Trusted Zone: http://ie.config.ecom.dec.com
        O15 - Trusted Zone: http://*.dec.com
        O15 - Trusted Zone: *.hp.com
        O15 - Trusted Zone: http://*.hpe-learning.com
        O15 - Trusted Zone: *.hpqcorp.net
        O15 - Trusted Zone: *.hpshopping.com
        O15 - Trusted Zone: http://ie.config.tandem.com
        O15 - Trusted Zone: http://*.tandem.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
        O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
        O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
        O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
        O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
        O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
        O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
        O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
        O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
        O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
        O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
        O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

        Cheers Again


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Hello

        1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

        O4 - HKLM\..\Run: [\Win85.exe] C:\Windows\system32\Win85.exe
        O4 - HKCU\..\Run: [\Win85.exe] C:\Windows\system32\Win85.exe


        2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.




        Please download the OTMoveIt2 by OldTimer.
        • Save it to your desktop.
        • Please double-click OTMoveIt2.exe to run it.
        • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
          [kill explorer]
          C:\Windows\system32\Win85.exe
          purity 
          EmptyTemp
          [start explorer]
          
        • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
        • Click the red Moveit! button.
        • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
        • Close OTMoveIt2
        If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



        Reboot and do this


        Please download Deckard's System Scanner (DSS) and save it to your Desktop.
        • Close all other windows before proceeding.
        • Double-click on dss.exe and follow the prompts.
        • If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
        • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.


      • Advertisement
      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Hi Again
        The MoveIt Log:

        Explorer killed successfully
        File/Folder C:\Windows\system32\Win85.exe not found.
        < purity >
        < EmptyTemp >
        File delete failed. C:\DOCUME~1\fortunep\LOCALS~1\Temp\ExchangePerflog_8484fa31c1ca4b4bcfcccd43.dat scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\fortunep\LOCALS~1\Temp\Perflib_Perfdata_318.dat scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DF56EC.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DF5764.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DFB1F9.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DFD0E1.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DFEC44.tmp scheduled to be deleted on reboot.
        File delete failed. C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DFECBA.tmp scheduled to be deleted on reboot.
        File delete failed. C:\WINDOWS\temp\ib2 scheduled to be deleted on reboot.
        File delete failed. C:\WINDOWS\temp\ib3 scheduled to be deleted on reboot.
        File delete failed. C:\WINDOWS\temp\ib4 scheduled to be deleted on reboot.
        File delete failed. C:\WINDOWS\temp\ib5 scheduled to be deleted on reboot.
        File delete failed. C:\WINDOWS\temp\ib6 scheduled to be deleted on reboot.
        Temp folders emptied.
        IE temp folders emptied.
        Explorer started successfully

        OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08082008_121945

        Files moved on Reboot...
        C:\DOCUME~1\fortunep\LOCALS~1\Temp\ExchangePerflog_8484fa31c1ca4b4bcfcccd43.dat moved successfully.
        File C:\DOCUME~1\fortunep\LOCALS~1\Temp\Perflib_Perfdata_318.dat not found!
        File C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DF56EC.tmp not found!
        File C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DF5764.tmp not found!
        C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DFB1F9.tmp moved successfully.
        File C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DFD0E1.tmp not found!
        File C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DFEC44.tmp not found!
        File C:\DOCUME~1\fortunep\LOCALS~1\Temp\~DFECBA.tmp not found!
        File move failed. C:\WINDOWS\temp\ib2 scheduled to be moved on reboot.
        File move failed. C:\WINDOWS\temp\ib3 scheduled to be moved on reboot.
        File move failed. C:\WINDOWS\temp\ib4 scheduled to be moved on reboot.
        File move failed. C:\WINDOWS\temp\ib5 scheduled to be moved on reboot.
        File move failed. C:\WINDOWS\temp\ib6 scheduled to be moved on reboot.



        The DSS Main Log
        Deckard's System Scanner v20071014.68
        Run by fortunep on 2008-08-08 13:30:02
        Computer is in Normal Mode.



        -- HijackThis (run as fortunep.exe)

        Unable to find log (file not found); running clone.
        -- HijackThis Clone


        Emulating logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 2008-08-08 13:31:05
        Platform: Windows XP Service Pack 2 (5.01.2600)
        MSIE: Internet Explorer (7.00.6000.16640)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\system32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\sygate\ssa\Smc.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\ActivCard\acautoreg.exe
        C:\Program Files\Common Files\ActivCard\accoca.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\symantec antivirus\DefWatch.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        C:\Program Files\sygate\ssa\syg_hp.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Remote tools\msraLinkMonitor.exe
        C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\Program Files\CDBurnerXP\NMSAccessU.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
        C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
        C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
        C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
        C:\Program Files\symantec antivirus\SavRoam.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\symantec antivirus\Rtvscan.exe
        C:\Program Files\UPHClean\uphclean.exe
        C:\WINDOWS\explorer.exe
        C:\WINDOWS\NOTEPAD.EXE
        C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        C:\Program Files\Hewlett-Packard\PC COE\Ida.exe
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\Program Files\Unlocker\UnlockerAssistant.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
        C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
        C:\Program Files\Microsoft Office Communicator\communicator.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\symantec antivirus\VPTray.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
        C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
        C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
        C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Teleca Shared\Generic.exe
        C:\Documents and Settings\fortunep\Desktop\Tools\dss.exe
        C:\Program Files\HijackThis\fortunep.exe
        C:\WINDOWS\system32\taskmgr.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
        O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
        O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
        O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
        O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = ?
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
        O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (file missing)
        O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
        O15 - Trusted Zone: http://compaq.com (HKCU)
        O15 - Trusted Zone: https://compaq.com (HKCU)
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKCU)
        O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKCU)
        O15 - Trusted Zone: *.cpqcorp.net (HKCU)
        O15 - Trusted Zone: https://dcu.org (HKCU)
        O15 - Trusted Zone: http://dcu.org (HKCU)
        O15 - Trusted Zone: http://dec.com (HKCU)
        O15 - Trusted Zone: https://dec.com (HKCU)
        O15 - Trusted Zone: *.hp.com (HKCU)
        O15 - Trusted Zone: https://hpe-learning.com (HKCU)
        O15 - Trusted Zone: http://hpe-learning.com (HKCU)
        O15 - Trusted Zone: *.hpqcorp.net (HKCU)
        O15 - Trusted Zone: *.hpshopping.com (HKCU)
        O15 - Trusted Zone: http://tandem.com (HKCU)
        O15 - Trusted Zone: https://tandem.com (HKCU)
        O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
        O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
        O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
        O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
        O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
        O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
        O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
        O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
        O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
        O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
        O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
        O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\symantec antivirus\DefWatch.exe
        O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\Program Files\sygate\ssa\syg_hp.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\Liveupdate\LuComServer_3_0.EXE
        O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\sygate\ssa\Maga\Maga.exe
        O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
        O23 - Service: MySQL - Unknown owner - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt
        O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
        O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
        O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
        O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
        O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
        O23 - Service: SavRoam - symantec - C:\Program Files\symantec antivirus\SavRoam.exe
        O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe
        O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\sygate\ssa\Smc.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\symantec antivirus\Rtvscan.exe


        --
        End of file - 15116 bytes

        -- Files created between 2008-07-08 and 2008-08-08

        2008-08-07 16:30:24 53248 --a
        C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
        2008-08-07 13:56:23 0 d
        C:\WINDOWS\system32\Kaspersky Lab
        2008-08-07 13:56:23 0 d
        C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
        2008-08-07 13:50:14 0 d
        C:\Documents and Settings\NetworkService\Application Data\Sun
        2008-08-06 15:04:54 0 dr
        C:\Documents and Settings\NetworkService\Favorites
        2008-08-06 14:54:56 68096 --a
        C:\WINDOWS\zip.exe
        2008-08-06 14:54:56 49152 --a
        C:\WINDOWS\VFind.exe
        2008-08-06 14:54:56 161792 --a
        C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
        2008-08-06 14:54:56 98816 --a
        C:\WINDOWS\sed.exe
        2008-08-06 14:54:56 80412 --a
        C:\WINDOWS\grep.exe
        2008-08-06 14:54:56 89504 --a
        C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
        2008-08-06 14:54:55 212480 --a
        C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
        2008-08-06 14:54:55 136704 --a
        C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
        2008-08-06 12:06:22 0 d
        C:\Documents and Settings\fortunep\tracing
        2008-08-06 12:03:32 0 d
        C:\Program Files\Microsoft Office Communicator
        2008-08-01 14:26:47 0 d
        C:\Program Files\MSN Messenger
        2008-08-01 08:46:32 0 d
        C:\spoolerlogs
        2008-07-31 15:57:46 0 d
        C:\Batches
        2008-07-31 14:47:08 0 d
        C:\Mac Casper Scans
        2008-07-31 09:20:38 6635520 --a
        C:\Documents and Settings\fortunep\ntuser.dat
        2008-07-23 10:41:23 0 d
        C:\Omega
        2008-07-23 10:39:59 0 d
        C:\Excel Add Ins
        2008-07-22 14:26:21 0 d
        C:\SRD
        2008-07-22 09:34:04 225280 --a
        C:\WINDOWS\system32\rewire.dll <Not Verified; Propellerhead Software AB; ReWire>
        2008-07-22 09:31:36 0 d
        C:\Program Files\Outsim
        2008-07-21 14:45:56 0 d
        C:\Documents and Settings\fortunep\Application Data\vlc
        2008-07-21 14:42:21 0 d
        C:\Program Files\VideoLAN
        2008-07-21 12:13:32 0 d
        C:\Documents and Settings\fortunep\Application Data\cYo
        2008-07-21 11:58:17 4512 --a
        C:\peregrine.reg
        2008-07-21 11:08:46 0 d
        C:\Scans
        2008-07-21 10:44:07 0 d
        C:\Program Files\Mindjet
        2008-07-17 08:26:15 0 d
        C:\Program Files\OpenDrive
        2008-07-16 10:42:01 284 --a
        C:\Pj6preffile.dat
        2008-07-15 09:36:11 0 d
        C:\Program Files\GPL MPEG Decoder
        2008-07-14 08:38:00 0 d
        C:\Program Files\Solveig Multimedia
        2008-07-09 12:36:58 43698 --a
        C:\WINDOWS\system32\xvid-uninstall.exe


        -- Find3M Report

        2008-08-08 12:23:50 0 d
        C:\Program Files\symantec antivirus
        2008-08-08 08:32:26 0 d
        C:\Program Files\Common Files\Symantec Shared
        2008-08-08 08:29:29 0 d
        C:\Program Files\Symantec
        2008-08-07 16:28:26 0 d
        C:\Program Files\Common Files
        2008-08-01 08:49:16 0 d
        C:\Program Files\Google
        2008-08-01 08:42:16 0 d
        C:\Program Files\Bonjour
        2008-07-31 14:16:34 0 d
        C:\Documents and Settings\fortunep\Application Data\messages
        2008-07-31 08:32:31 0 d
        C:\Program Files\ReadManiac
        2008-07-30 16:32:13 0 d
        C:\Program Files\Hewlett-Packard
        2008-07-30 09:30:56 0 d
        C:\Program Files\VstPlugins
        2008-07-29 16:55:05 0 d
        C:\Program Files\MediaMonkey
        2008-07-29 16:53:43 0 d
        C:\Program Files\Panda Security
        2008-07-24 11:28:36 0 d
        C:\Documents and Settings\fortunep\Application Data\MyPhoneExplorer
        2008-07-16 16:51:25 0 d
        C:\Documents and Settings\fortunep\Application Data\Adobe
        2008-07-09 12:33:48 464 --a
        C:\Documents and Settings\fortunep\Application Data\AutoGK.ini
        2008-07-04 10:24:17 0 d
        C:\Documents and Settings\fortunep\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
        2008-07-04 10:19:33 0 d
        C:\Program Files\Common Files\Adobe AIR
        2008-07-03 08:58:57 0 d
        C:\Documents and Settings\fortunep\Application Data\Command & Conquer 3 Kane's Wrath
        2008-06-27 09:36:11 0 d
        C:\Program Files\Avanquest update
        2008-06-27 09:36:07 0 d--h
        C:\Program Files\InstallShield Installation Information
        2008-06-26 12:16:01 0 d
        C:\Documents and Settings\fortunep\Application Data\VirtuaWin
        2008-06-26 09:02:29 0 dr-h
        C:\Documents and Settings\fortunep\Application Data\SecuROM
        2008-06-26 09:01:39 0 d
        C:\Program Files\Common Files\InstallShield
        2008-06-26 08:23:25 0 d
        C:\Documents and Settings\fortunep\Application Data\Canneverbe_Limited
        2008-06-26 08:21:45 0 d
        C:\Program Files\CDBurnerXP
        2008-06-24 16:01:22 0 d
        C:\Program Files\Sony Ericsson
        2008-06-24 10:51:45 0 d
        C:\Program Files\SUPERAntiSpyware
        2008-06-24 10:51:44 0 d
        C:\Documents and Settings\fortunep\Application Data\SUPERAntiSpyware.com
        2008-06-24 10:51:29 0 d
        C:\Program Files\Common Files\Wise Installation Wizard
        2008-06-24 10:45:50 0 d
        C:\Documents and Settings\fortunep\Application Data\Malwarebytes
        2008-06-24 10:45:48 0 d
        C:\Program Files\Malwarebytes' Anti-Malware
        2008-06-12 09:40:52 0 d
        C:\Program Files\Citrix
        2008-06-12 09:33:51 0 d
        C:\Documents and Settings\fortunep\Application Data\ICAClient
        2008-06-12 09:14:42 0 d
        C:\Program Files\Virtual Earth 3D
        2008-06-11 12:25:41 262144 --a
        C:\WINDOWS\system32\default_user_class.dat
        2008-06-11 09:32:51 696 --a
        C:\DOCUME
        2008-06-10 08:22:59 0 d
        C:\Documents and Settings\fortunep\Application Data\Nero
        2008-06-10 08:21:38 0 d
        C:\Program Files\Common Files\Nero
        2008-06-10 08:19:51 0 d
        C:\Program Files\Nero
        2008-05-29 09:35:36 86528 --a
        C:\WINDOWS\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
        2008-05-22 10:40:58 94 --a
        C:\radkill.bat


        -- Registry Dump

        *Note* empty entries & legit default entries are not shown


        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "COEMsgDisplay"="C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 20:44]
        "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2007-06-26 23:06]
        "SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2005-08-05 17:22]
        "GetIT"="C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe" [2007-12-04 01:12]
        "IDA"="C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE" [2008-01-03 23:54]
        "RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 C:\WINDOWS\RTHDCPL.EXE]
        "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 11:11]
        "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 11:13]
        "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 11:10]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" [2007-09-25 21:23]
        "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48]
        "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37]
        "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 06:10]
        "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49]
        "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00]
        "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06]
        "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57]
        "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51]
        "Communicator"="C:\Program Files\Microsoft Office Communicator\communicator.exe" [2008-08-06 12:03]
        "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 19:02]
        "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-27 02:01]

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
        "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19]
        "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35]
        "Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2008-07-21 11:38]

        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
        Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 04:05:26]
        Symantec NetBackup Desktop Agent.lnk - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [2008-01-04 06:50:04]
        WinZip Quick Pick.lnk - c:\WINDOWS\Installer\{9FDF923E-DB53-41E4-8CE6-8DEB8301C12E}\Icon_WZQKPICK.EXE [2008-08-06 15:10:57]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "SynchronousMachineGroupPolicy"=0 (0x0)
        "SynchronousUserGroupPolicy"=0 (0x0)
        "DisableNT4Policy"=1 (0x1)
        "DisableRegistryTools"=0 (0x0)
        "HideLegacyLogonScripts"=0 (0x0)
        "HideLogoffScripts"=0 (0x0)
        "RunLogonScriptSync"=1 (0x1)
        "RunStartupScriptSync"=0 (0x0)
        "HideStartupScripts"=0 (0x0)

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
        "HideLegacyLogonScripts"=0 (0x0)
        "HideLogoffScripts"=0 (0x0)
        "RunLogonScriptSync"=1 (0x1)
        "RunStartupScriptSync"=0 (0x0)
        "HideStartupScripts"=0 (0x0)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
        "NoMSAppLogo5ChannelNotify"=1 (0x1)
        "NoBandCustomize"=0 (0x0)

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "Btn_Back"=0 (0x0)
        "Btn_Forward"=0 (0x0)
        "Btn_Stop"=0 (0x0)
        "Btn_Refresh"=0 (0x0)
        "Btn_Home"=0 (0x0)
        "Btn_Search"=0 (0x0)
        "Btn_History"=0 (0x0)
        "Btn_Favorites"=0 (0x0)
        "Btn_Media"=0 (0x0)
        "Btn_Folders"=0 (0x0)
        "Btn_Fullscreen"=0 (0x0)
        "Btn_Tools"=0 (0x0)
        "Btn_MailNews"=0 (0x0)
        "Btn_Size"=0 (0x0)
        "Btn_Print"=0 (0x0)
        "Btn_Edit"=0 (0x0)
        "Btn_Discussions"=0 (0x0)
        "Btn_Cut"=0 (0x0)
        "Btn_Copy"=0 (0x0)
        "Btn_Paste"=0 (0x0)
        "Btn_Encoding"=0 (0x0)
        "Btn_PrintPreview"=0 (0x0)
        "NoFavoritesMenu"=0 (0x0)
        "NoChangeStartMenu"=0 (0x0)
        "NoRecentDocsMenu"=0 (0x0)
        "NoRecentDocsHistory"=0 (0x0)
        "ClearRecentDocsOnExit"=0 (0x0)
        "NoLogoff"=0 (0x0)
        "NoSetTaskbar"=0 (0x0)

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
        "Script"=NOITSCAN.bat

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1957994488-842925246-40105171-690474\Scripts\Logon\0\0]
        "Script"=NOITSCAN.bat

        [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]
        @=&quot;Service"




        -- End of Deckard's System Scanner: finished at 2008-08-08 13:31:39

        No extra.txt created :(
        Cheers once again

        HB


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Your logs are clean

        Follow these steps to uninstall Combofix and tools used in the removal of malware
        • Click START then RUN
        • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
          CF_Cleanup.png


        • Make sure you have an Internet Connection.
        • Double-click OTMoveIt2.exe to run it.
        • Click on the CleanUp! button
        • A list of tool components used in the Cleanup of malware will be downloaded.
        • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
        • Click Yes to beging the Cleanup process and remove these components, including this application.
        • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


        Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
        http://www.adobe.com/products/acrobat/readstep2.html



        You now need to update your Java and remove your older versions.

        Please follow these steps to remove older version Java components.

        * Click Start > Control Panel.
        * Click Add/Remove Programs.
        * Check any item with Java Runtime Environment (JRE) in the name.
        * Click the Remove or Change/Remove button.

        Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
        here




        Below I have included a number of recommendations for how to protect your computer against malware infections.

        * Keep Windows updated by regularly checking their website at :
        http://windowsupdate.microsoft.com/
        This will ensure your computer has always the latest security updates available installed on your computer.

        * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

        SpywareBlaster protects against bad ActiveX
        IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
        Have a look at this tutorial for IE-Spyad here

        * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

        Make Internet Explorer more secure
        • Click Start > Run
        • Type Inetcpl.cpl & click OK
        • Click on the Security tab
        • Click Reset all zones to default level
        • Make sure the Internet Zone is selected & Click Custom level
        • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
        • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

        * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

        * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
        secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
        blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
        Here

        * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
        Here

        Thank you for your patience, and performing all of the procedures requested.


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Thats incredible work you do.....I'm amazed at the time and effort you put in on this.
        Thanks again for everything.....
        May all the enemies' children be given drumkits and red bull!!!

        HB


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Hey
        I was on a weeks holidays, they let a noob use my machine while I was away for training and guess what!!!!!
        Vundo is back!!
        Feck it anyway.
        I did a hijackthis scan but Deckards scanner is not available for download ATM, causing some kind of prob.
        Anyway, heres the HijackThis log......sorry to have you look at this stuff again dude :(

        Logfile of HijackThis v1.99.1
        Scan saved at 09:31, on 2008-08-22
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.17184)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sygate\SSA\smc.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\ActivCard\acautoreg.exe
        C:\Program Files\Common Files\ActivCard\accoca.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        C:\PROGRA~1\sygate\ssa\syg_hp.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Remote tools\msraLinkMonitor.exe
        C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\Program Files\CDBurnerXP\NMSAccessU.exe
        C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        C:\Program Files\Symantec AntiVirus\SavRoam.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\UPHClean\uphclean.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\Program Files\Unlocker\UnlockerAssistant.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
        C:\Program Files\Microsoft Office Communicator\communicator.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\VPTray.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
        C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
        C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        C:\Program Files\Common Files\Teleca Shared\Generic.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
        O3 - Toolbar: vwsrfton - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - C:\WINDOWS\vwsrfton.dll (file missing)
        O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
        O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
        O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
        O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
        O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
        O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\xquobpcv.dll",s
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
        O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = ?
        O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
        O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com
        O15 - Trusted Zone: http://ie.config.eur.compaq.com
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
        O15 - Trusted Zone: http://ie.config.jp.compaq.com
        O15 - Trusted Zone: http://*.compaq.com
        O15 - Trusted Zone: *.cpqcorp.net
        O15 - Trusted Zone: http://*.dcu.org
        O15 - Trusted Zone: http://ie.config.ecom.dec.com
        O15 - Trusted Zone: http://*.dec.com
        O15 - Trusted Zone: *.hp.com
        O15 - Trusted Zone: http://*.hpe-learning.com
        O15 - Trusted Zone: *.hpqcorp.net
        O15 - Trusted Zone: *.hpshopping.com
        O15 - Trusted Zone: http://ie.config.tandem.com
        O15 - Trusted Zone: http://*.tandem.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
        O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
        O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
        O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
        O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
        O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - AppInit_DLLs: tqkfcj.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O21 - SSODL: wbqxfpgl - {ACFD3320-5F38-418E-8F84-69A8A08630C4} - C:\WINDOWS\wbqxfpgl.dll (file missing)
        O21 - SSODL: tpabfelq - {2C8489CA-81E4-4D7A-A5BF-D3830753E2F0} - C:\WINDOWS\tpabfelq.dll (file missing)
        O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
        O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
        O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
        O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
        O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
        O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

        Cheers

        HB


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Disregard the last post guys, managed to sort it meself :)
        Thanks anyway :)

        HB


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Well looks like I was wrong and the vundo infection remains.
        Here's a fresh HiJackThis log :)
        Any help would be great

        Logfile of HijackThis v1.99.1
        Scan saved at 11:38, on 2008-08-27
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.17184)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sygate\SSA\smc.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\ActivCard\acautoreg.exe
        C:\Program Files\Common Files\ActivCard\accoca.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        C:\PROGRA~1\sygate\ssa\syg_hp.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Remote tools\msraLinkMonitor.exe
        C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\Program Files\CDBurnerXP\NMSAccessU.exe
        C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        C:\Program Files\Symantec AntiVirus\SavRoam.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\Symantec AntiVirus\Rtvscan.exe
        C:\Program Files\UPHClean\uphclean.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\Program Files\Unlocker\UnlockerAssistant.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
        C:\Program Files\Microsoft Office Communicator\communicator.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\PROGRA~1\SYMANT~1\VPTray.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
        C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
        C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
        C:\Program Files\DAEMON Tools Lite\daemon.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        C:\Program Files\MSN Messenger\usnsvc.exe
        C:\Program Files\CCleaner\CCleaner.exe
        C:\Program Files\Common Files\Teleca Shared\Generic.exe
        C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
        C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
        C:\WINDOWS\system32\rundll32.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=105563
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
        O3 - Toolbar: vwsrfton - {ABA69CF4-20FB-42CE-BB6D-B6171D64B8EC} - C:\WINDOWS\vwsrfton.dll (file missing)
        O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
        O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
        O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
        O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
        O4 - HKLM\..\Run: [BM87b0e2d2] Rundll32.exe "C:\WINDOWS\system32\aaurklyr.dll",s
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
        O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = ?
        O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
        O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O11 - Options group: [INTERNATIONAL] International*
        O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com
        O15 - Trusted Zone: http://ie.config.eur.compaq.com
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
        O15 - Trusted Zone: http://ie.config.jp.compaq.com
        O15 - Trusted Zone: http://*.compaq.com
        O15 - Trusted Zone: *.cpqcorp.net
        O15 - Trusted Zone: http://*.dcu.org
        O15 - Trusted Zone: http://ie.config.ecom.dec.com
        O15 - Trusted Zone: http://*.dec.com
        O15 - Trusted Zone: *.hp.com
        O15 - Trusted Zone: http://*.hpe-learning.com
        O15 - Trusted Zone: *.hpqcorp.net
        O15 - Trusted Zone: *.hpshopping.com
        O15 - Trusted Zone: http://ie.config.tandem.com
        O15 - Trusted Zone: http://*.tandem.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
        O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
        O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
        O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
        O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
        O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - AppInit_DLLs: mqydib.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O21 - SSODL: wbqxfpgl - {ACFD3320-5F38-418E-8F84-69A8A08630C4} - C:\WINDOWS\wbqxfpgl.dll (file missing)
        O21 - SSODL: tpabfelq - {2C8489CA-81E4-4D7A-A5BF-D3830753E2F0} - C:\WINDOWS\tpabfelq.dll (file missing)
        O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
        O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
        O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
        O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
        O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
        O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

        Cheers
        HB


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Delete ComboFix.exe and the folders C:\ComboFix and C:\qoobox

        Re-download it and run it again


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Hi
        Heres the ComboFix log and a fresh HijackThis

        ComboFix 08-08-26.03 - fortunep 2008-08-27 14:25:17.5 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.197 [GMT 1:00]
        Running from: C:\Documents and Settings\fortunep\Desktop\ComboFix.exe
        * Created a new restore point
        .

        ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
        .

        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
        C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
        C:\WINDOWS\BM87b0e2d2.txt
        C:\WINDOWS\BM87b0e2d2.xml
        C:\WINDOWS\pskt.ini
        C:\WINDOWS\system32\adjufjgd.exe
        C:\WINDOWS\system32\agmqanip.dll
        C:\WINDOWS\system32\aicdyaul.exe
        C:\WINDOWS\system32\bmybtcny.dll
        C:\WINDOWS\system32\bulnqhpc.dll
        C:\WINDOWS\system32\buzmhx.dll
        C:\WINDOWS\system32\cftiqyxc.ini
        C:\WINDOWS\system32\cinksixu.dll
        C:\WINDOWS\system32\cjuopj.dll
        C:\WINDOWS\system32\cpobuwbh.dll
        C:\WINDOWS\system32\cqqednqs.exe
        C:\WINDOWS\system32\dbuviqdk.exe
        C:\WINDOWS\system32\dfjgjdvv.dll
        C:\WINDOWS\system32\dhkfgtcy.exe
        C:\WINDOWS\system32\dqdusgsx.dll
        C:\WINDOWS\system32\dtivexbg.dll
        C:\WINDOWS\system32\elsxltrg.exe
        C:\WINDOWS\system32\ewahcsku.dll
        C:\WINDOWS\system32\fuoqfipr.ini
        C:\WINDOWS\system32\hdapju.dll
        C:\WINDOWS\system32\hitmeevc.exe
        C:\WINDOWS\system32\hOXaHRqr.ini2
        C:\WINDOWS\system32\hqwuigmp.dll
        C:\WINDOWS\system32\iyeijdrq.dll
        C:\WINDOWS\system32\kcydff.dll
        C:\WINDOWS\system32\khcbwvtk.exe
        C:\WINDOWS\system32\kyeero(2).dll
        C:\WINDOWS\system32\lpujjpvy.dll
        C:\WINDOWS\system32\lvfnldwt.dll
        C:\WINDOWS\system32\mqydib.dll
        C:\WINDOWS\system32\narcigbe.dll
        C:\WINDOWS\system32\nkqazy.dll
        C:\WINDOWS\system32\okyhjudr.exe
        C:\WINDOWS\system32\otcagcag.dll
        C:\WINDOWS\system32\pghfnwfe.dll
        C:\WINDOWS\system32\pinaqmga.ini
        C:\WINDOWS\system32\PWwwxyay.ini
        C:\WINDOWS\system32\PWwwxyay.ini2
        C:\WINDOWS\system32\qwbewe.dll
        C:\WINDOWS\system32\rdlybcrf.dll
        C:\WINDOWS\system32\rQHARLby.dll
        C:\WINDOWS\system32\sdrfwjdr.dll
        C:\WINDOWS\system32\shhqee.dll
        C:\WINDOWS\system32\sirmqlpo.exe
        C:\WINDOWS\system32\sthiohcu.dll
        C:\WINDOWS\system32\szvqbg.dll
        C:\WINDOWS\system32\txwdgaem.dll
        C:\WINDOWS\system32\unqcrsrd.exe
        C:\WINDOWS\system32\vjhpql.dll
        C:\WINDOWS\system32\voapyb.dll
        C:\WINDOWS\system32\vppxtnlv.exe
        C:\WINDOWS\system32\vqpnff.dll
        C:\WINDOWS\system32\wygluxry.dll
        C:\WINDOWS\system32\wzluqf.dll
        C:\WINDOWS\system32\xnwpapsb.dll
        C:\WINDOWS\system32\xpgdtikd.dll
        C:\WINDOWS\system32\xwecyrdc.dll
        C:\WINDOWS\system32\yayxwwWP.dll
        C:\WINDOWS\system32\ytrjddrp.dll

        BITS: Possible infected sites

        http://g4w1846.americas.hpqcorp.net
        .
        ((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
        .

        2008-08-25 16:24 . 2008-08-25 16:24 <DIR> d
        C:\Program Files\CCleaner
        2008-08-25 08:55 . 2008-08-25 08:55 <DIR> d
        C:\Program Files\CDisplay
        2008-08-25 08:11 . 2008-08-25 08:11 <DIR> d
        C:\Program Files\Pcsx2
        2008-08-22 10:51 . 2008-08-22 10:51 <DIR> d
        C:\_OTMoveIt
        2008-08-22 09:12 . 2008-08-22 09:12 <DIR> d
        C:\Program Files\Xilisoft
        2008-08-22 09:06 . 2008-08-22 09:11 <DIR> d
        C:\Program Files\SpywareGuard
        2008-08-22 09:00 . 2008-08-22 09:11 <DIR> d
        C:\ie-spyad
        2008-08-22 08:55 . 2008-08-26 10:36 <DIR> d
        C:\Program Files\SpywareBlaster
        2008-08-21 16:11 . 2008-08-21 16:11 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\Xilisoft Corporation
        2008-08-21 14:39 . 2008-08-21 14:41 <DIR> d--h-c--- C:\WINDOWS\ie8
        2008-08-21 08:22 . 2008-08-21 08:23 <DIR> d
        C:\Program Files\ASAP Utilities
        2008-08-21 08:22 . 2008-08-21 08:22 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\ASAP Utilities
        2008-08-20 14:59 . 2008-08-20 14:59 <DIR> d
        C:\Program Files\FreeUndelete
        2008-08-20 11:09 . 2008-08-20 11:09 618 --a
        C:\WINDOWS\eReg.dat
        2008-08-20 11:02 . 2008-08-20 11:02 <DIR> d
        C:\Program Files\EA Games
        2008-08-20 08:42 . 2008-08-25 12:21 <DIR> d
        C:\Program Files\DAEMON Tools Toolbar
        2008-08-20 08:42 . 2008-08-20 08:42 <DIR> d
        C:\Program Files\DAEMON Tools Lite
        2008-08-20 08:33 . 2008-08-20 08:33 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\DAEMON Tools
        2008-08-20 08:33 . 2008-08-20 08:33 717,296 --a
        C:\WINDOWS\system32\drivers\sptd.sys
        2008-08-19 16:00 . 2008-08-19 16:00 <DIR> d
        C:\Program Files\Mp3tag
        2008-08-19 16:00 . 2008-08-19 16:09 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\Mp3tag
        2008-08-15 12:32 . 2008-08-21 15:56 414 --a
        C:\WINDOWS\crackpdf.INI
        2008-08-15 12:31 . 2008-08-15 12:31 <DIR> d
        C:\Program Files\PDF Password Cracker Pro v3.0
        2008-08-14 16:22 . 2008-08-14 16:24 <DIR> d
        C:\Program Files\MusicBrainz Picard
        2008-08-14 10:51 . 2008-08-14 10:52 <DIR> d
        C:\Program Files\Microsoft Software Inventory Analyzer
        2008-08-14 10:50 . 2008-08-14 10:50 <DIR> d
        C:\Program Files\DivX
        2008-08-11 08:47 . 2008-08-11 08:47 <DIR> d
        C:\Documents and Settings\All Users\Application Data\Applications
        2008-08-08 14:55 . 2008-08-19 13:49 <DIR> d
        C:\Parts
        2008-08-08 08:29 . 2006-01-31 19:29 107,696 --a
        C:\WINDOWS\system32\drivers\SYMEVENT.SYS
        2008-08-08 08:29 . 2006-01-31 19:29 87,808 --a
        C:\WINDOWS\system32\S32EVNT1.DLL
        2008-08-07 14:37 . 2008-08-07 14:37 99 --a
        C:\NASTY GIRLS.url
        2008-08-07 13:56 . 2008-08-07 13:56 <DIR> d
        C:\WINDOWS\system32\Kaspersky Lab
        2008-08-07 13:56 . 2008-08-07 13:56 <DIR> d
        C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
        2008-08-06 12:06 . 2008-08-27 14:05 <DIR> d
        C:\Documents and Settings\fortunep\tracing
        2008-08-06 12:03 . 2008-08-06 12:03 <DIR> d
        C:\Program Files\Microsoft Office Communicator
        2008-08-01 14:26 . 2008-08-01 14:26 <DIR> d
        C:\Program Files\MSN Messenger
        2008-08-01 08:46 . 2008-08-01 08:46 <DIR> d
        C:\spoolerlogs
        2008-07-31 15:57 . 2008-07-31 15:57 <DIR> d
        C:\Batches
        2008-07-31 14:47 . 2008-07-31 15:06 <DIR> d
        C:\Mac Casper Scans
        2008-07-30 09:06 . 2008-07-30 09:05 185,856 --a
        C:\WINDOWS\system32\framedyn.dll
        2008-07-30 09:05 . 2008-07-30 09:05 185,856 --a
        C:\framedyn.dll

        .
        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-08-27 13:41
        d
        w C:\Program Files\symantec antivirus
        2008-08-27 13:06
        d
        w C:\Program Files\SUPERAntiSpyware
        2008-08-27 10:22
        d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
        2008-08-26 15:50
        d
        w C:\Documents and Settings\fortunep\Application Data\MyPhoneExplorer
        2008-08-22 10:38
        d--h--w C:\Program Files\InstallShield Installation Information
        2008-08-21 08:07
        d
        w C:\Documents and Settings\All Users\Application Data\Microsoft Help
        2008-08-13 15:27
        d
        w C:\Program Files\Common Files\Symantec Shared
        2008-08-08 07:29
        d
        w C:\Program Files\Symantec
        2008-08-08 07:29
        d
        w C:\Documents and Settings\All Users\Application Data\Symantec
        2008-08-01 07:49
        d
        w C:\Program Files\Google
        2008-08-01 07:42
        d
        w C:\Program Files\Bonjour
        2008-07-31 13:16
        d
        w C:\Documents and Settings\fortunep\Application Data\messages
        2008-07-31 07:32
        d
        w C:\Program Files\ReadManiac
        2008-07-30 15:32
        d
        w C:\Program Files\Hewlett-Packard
        2008-07-30 10:14
        d
        w C:\Documents and Settings\All Users\Application Data\WLInstaller
        2008-07-30 08:34
        d
        w C:\Program Files\VideoLAN
        2008-07-30 08:34
        d
        w C:\Program Files\Solveig Multimedia
        2008-07-30 08:30
        d
        w C:\Program Files\VstPlugins
        2008-07-29 15:55
        d
        w C:\Program Files\MediaMonkey
        2008-07-29 15:53
        d
        w C:\Program Files\Panda Security
        2008-07-29 15:23
        d
        w C:\Program Files\OpenDrive
        2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
        2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
        2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
        2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
        2008-07-23 16:47 634,880 ----a-w C:\WINDOWS\system32\nsx941.tmp
        2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
        2008-07-22 08:31
        d
        w C:\Program Files\Outsim
        2008-07-21 13:45
        d
        w C:\Documents and Settings\fortunep\Application Data\vlc
        2008-07-21 11:13
        d
        w C:\Documents and Settings\fortunep\Application Data\cYo
        2008-07-21 10:58 4,512 ----a-w C:\peregrine.reg
        2008-07-21 09:44
        d
        w C:\Program Files\Mindjet
        2008-07-16 09:43 284 ----a-w C:\Pj6preffile.dat
        2008-07-15 08:36
        d
        w C:\Program Files\GPL MPEG Decoder
        2008-07-14 19:03 58,594 ----a-w C:\WINDOWS\system32\mpt.exe
        2008-07-09 11:36 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
        2008-07-04 09:24
        d
        w C:\Documents and Settings\fortunep\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
        2008-07-04 09:19
        d
        w C:\Program Files\Common Files\Adobe AIR
        2008-07-03 07:58
        d
        w C:\Documents and Settings\fortunep\Application Data\Command & Conquer 3 Kane's Wrath
        2008-06-27 08:36
        d
        w C:\Program Files\Avanquest update
        2008-06-26 08:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
        2007-08-15 22:16 13,459 ----a-w C:\WINDOWS\system32\config\systemprofile\createprof.vbs
        2007-08-15 22:16 13,459 ----a-w C:\Documents and Settings\hpadmin\createprof.vbs
        2007-08-15 22:16 13,459 ----a-w C:\Documents and Settings\fortunep\createprof.vbs
        2007-08-15 22:16 13,459 ----a-w C:\Documents and Settings\Default User\createprof.vbs
        2007-08-07 17:32 2,354 ----a-w C:\WINDOWS\system32\config\systemprofile\enablecoe.vbs
        2007-08-07 17:32 2,354 ----a-w C:\Documents and Settings\hpadmin\enablecoe.vbs
        2004-07-23 21:44 1,431,144 ----a-w C:\WINDOWS\inf\SET69.tmp
        2008-02-07 20:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
        2008-02-07 20:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
        2008-02-07 20:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
        2008-02-07 20:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
        2008-02-07 20:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
        2008-02-07 20:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
        2008-02-07 20:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
        2007-03-16 16:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
        2007-03-16 16:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
        2007-03-16 16:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
        2007-07-20 11:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
        2008-02-07 20:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
        .

        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
        "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
        "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
        "Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2008-07-21 11:38 516096]
        "mpt"="c:\WINDOWS\system32\mpt.exe" [2008-07-14 20:03 58594]
        "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 13:11 490952]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
        "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-27 14:06 1576176]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "COEMsgDisplay"="C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 20:44 26624]
        "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2007-06-26 23:06 225280]
        "SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2005-08-05 17:22 2582240]
        "GetIT"="C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe" [2007-12-04 01:12 286720]
        "IDA"="C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE" [2008-01-03 23:54 176128]
        "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 11:11 98304]
        "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 11:13 114688]
        "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 11:10 94208]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" [2007-09-25 21:23 75256]
        "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
        "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
        "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 06:10 15872]
        "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352]
        "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
        "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06 741376]
        "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
        "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
        "Communicator"="C:\Program Files\Microsoft Office Communicator\communicator.exe" [2008-08-06 12:03 5720072]
        "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 19:02 53408]
        "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-05-27 02:01 124656]
        "RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 16267776 C:\WINDOWS\RTHDCPL.EXE]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
        Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 04:05:26 29696]
        Symantec NetBackup Desktop Agent.lnk - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [2008-01-04 06:50:04 7304568]
        WinZip Quick Pick.lnk - c:\WINDOWS\Installer\{9FDF923E-DB53-41E4-8CE6-8DEB8301C12E}\Icon_WZQKPICK.EXE [2008-08-06 15:10:57 65536]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "SynchronousMachineGroupPolicy"= 0 (0x0)
        "SynchronousUserGroupPolicy"= 0 (0x0)
        "DisableNT4Policy"= 1 (0x1)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
        "NoMSAppLogo5ChannelNotify"= 1 (0x1)
        "NoBandCustomize"= 0 (0x0)

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "Btn_Back"= 0 (0x0)
        "Btn_Forward"= 0 (0x0)
        "Btn_Stop"= 0 (0x0)
        "Btn_Refresh"= 0 (0x0)
        "Btn_Home"= 0 (0x0)
        "Btn_Search"= 0 (0x0)
        "Btn_History"= 0 (0x0)
        "Btn_Favorites"= 0 (0x0)
        "Btn_Media"= 0 (0x0)
        "Btn_Folders"= 0 (0x0)
        "Btn_Fullscreen"= 0 (0x0)
        "Btn_Tools"= 0 (0x0)
        "Btn_MailNews"= 0 (0x0)
        "Btn_Size"= 0 (0x0)
        "Btn_Print"= 0 (0x0)
        "Btn_Edit"= 0 (0x0)
        "Btn_Discussions"= 0 (0x0)
        "Btn_Cut"= 0 (0x0)
        "Btn_Copy"= 0 (0x0)
        "Btn_Paste"= 0 (0x0)
        "Btn_Encoding"= 0 (0x0)
        "Btn_PrintPreview"= 0 (0x0)
        "NoFavoritesMenu"= 0 (0x0)
        "NoLogoff"= 0 (0x0)
        "NoBandCustomize"= 0 (0x0)
        "NoMovingBands"= 0 (0x0)
        "NoCloseDragDropBands"= 0 (0x0)

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2008-08-27 14:06 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "AppInit_DLLs"=voapyb.dll

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
        "Script"=NOITSCAN.bat

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1957994488-842925246-40105171-690474\Scripts\Logon\0\0]
        "Script"=NOITSCAN.bat

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusDisableNotify"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)
        "DisableNotifications"= 1 (0x1)
        "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\MSN Messenger\\livecall.exe"=

        R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe [2007-06-26 23:06]
        R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe [2007-06-26 23:06]
        R2 DLOChangeJournalSvc;Symantec NetBackup Desktop Agent Change Journal Reader;C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe [2008-01-04 04:57]
        R2 HPSygControl;HP Sygate Icon Control;C:\PROGRA~1\sygate\ssa\syg_hp.exe [2006-01-25 22:25]
        R2 msralinkmonitor;MSRA Link Monitor;C:\Program Files\Remote tools\msraLinkMonitor.exe [2007-08-28 15:28]
        R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34]
        R2 radexecd;HP OVCM Notify Daemon;C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe [2007-02-20 13:59]
        R2 radsched;HP OVCM Scheduler Daemon;C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe [2007-03-22 17:19]
        R2 Radstgms;HP OVCM MSI Redirector;C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe [2007-03-20 12:03]
        R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys [2007-04-06 11:46]
        R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys [2007-06-26 23:06]
        R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys [2007-04-06 11:46]
        R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys [2007-06-26 23:06]
        R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]
        R3 RadiaMsi;RadiaMsi;C:\WINDOWS\system32\DRIVERS\radiamsi.sys [2007-08-03 10:31]
        S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys [2007-06-26 23:06]
        S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
        S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-05-23 10:40]
        S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe [2005-08-05 17:18]
        S3 Service_Desktop;Desktop;C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe []

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e23a198-6e8b-11dd-93f9-0280370f0300}]
        \Shell\AutoRun\command - D:\autorun.exe
        .
        Contents of the 'Scheduled Tasks' folder

        2008-08-27 C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-27 C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-27 C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-27 C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
        - C:\Program Files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-23 23:27]

        2008-08-27 C:\WINDOWS\Tasks\IDA{884F3959-E5F7-11D1-9B15-080009F878E4}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-27 C:\WINDOWS\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]
        .
        - - - - ORPHANS REMOVED - - - -

        BHO-{AE8C78B0-AA5D-40AF-A073-E4EF90779229} - C:\Documents and Settings\fortunep\Local Settings\Temporary Internet Files\Content.IE5\1YFMNEVB\3077htsbdjyf[1].dll
        HKLM-Run-BM87b0e2d2 - C:\WINDOWS\system32\xwecyrdc.dll
        HKLM-Run-8483d14e - C:\WINDOWS\system32\agmqanip.dll


        .
        Supplementary Scan
        .
        FireFox -: Profile - C:\Documents and Settings\fortunep\Application Data\Mozilla\Firefox\Profiles\rs1j7ob8.default\
        FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.ie
        FF -: plugin - C:\Documents and Settings\fortunep\Application Data\Mozilla\Firefox\Profiles\rs1j7ob8.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
        FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
        FF -: plugin - C:\Program Files\Java\jre1.5.0_13\bin\NPJava11.dll
        FF -: plugin - C:\Program Files\Java\jre1.5.0_13\bin\NPJava12.dll
        FF -: plugin - C:\Program Files\Java\jre1.5.0_13\bin\NPJava13.dll
        FF -: plugin - C:\Program Files\Java\jre1.5.0_13\bin\NPJava14.dll
        FF -: plugin - C:\Program Files\Java\jre1.5.0_13\bin\NPJava32.dll
        FF -: plugin - C:\Program Files\Java\jre1.5.0_13\bin\NPJPI150_13.dll
        FF -: plugin - C:\Program Files\Java\jre1.5.0_13\bin\NPOJI610.dll
        FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
        FF -: plugin - C:\Program Files\Virtual Earth 3D\npVE3D.dll
        .

        **************************************************************************

        catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-08-27 14:43:32
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden autostart entries ...

        scanning hidden files ...

        scan completed successfully
        hidden files: 0

        **************************************************************************

        [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
        "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

        [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
        "ImagePath"=""
        .
        DLLs Loaded Under Running Processes

        PROCESS: C:\WINDOWS\explorer.exe
        -> C:\Program Files\Unlocker\UnlockerHook.dll
        .
        Other Running Processes
        .
        C:\Program Files\sygate\ssa\Smc.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\WINDOWS\system32\scardsvr.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\symantec antivirus\DefWatch.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
        C:\Program Files\symantec antivirus\SavRoam.exe
        C:\Program Files\UPHClean\uphclean.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Teleca Shared\Generic.exe
        C:\WINDOWS\system32\msiexec.exe
        C:\WINDOWS\system32\verclsid.exe
        .
        **************************************************************************
        .
        Completion time: 2008-08-27 14:52:22 - machine was rebooted
        ComboFix-quarantined-files.txt 2008-08-27 13:52:15

        Pre-Run: 29,947,600,896 bytes free
        Post-Run: 29,883,686,912 bytes free

        386

        Logfile of HijackThis v1.99.1
        Scan saved at 14:56, on 2008-08-27
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.17184)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sygate\SSA\smc.exe
        C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\ActivCard\acautoreg.exe
        C:\Program Files\Common Files\ActivCard\accoca.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Symantec AntiVirus\DefWatch.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        C:\PROGRA~1\sygate\ssa\syg_hp.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Remote tools\msraLinkMonitor.exe
        C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\Program Files\CDBurnerXP\NMSAccessU.exe
        C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        C:\Program Files\Symantec AntiVirus\SavRoam.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\UPHClean\uphclean.exe
        C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\Program Files\Unlocker\UnlockerAssistant.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
        C:\Program Files\Microsoft Office Communicator\communicator.exe
        C:\Program Files\Common Files\Symantec Shared\ccApp.exe
        C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
        C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
        C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
        C:\Program Files\DAEMON Tools Lite\daemon.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Teleca Shared\Generic.exe
        C:\WINDOWS\system32\msiexec.exe
        C:\WINDOWS\explorer.exe
        C:\WINDOWS\system32\notepad.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
        O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
        O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
        O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
        O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
        O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = ?
        O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
        O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O11 - Options group: [INTERNATIONAL] International*
        O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com
        O15 - Trusted Zone: http://ie.config.eur.compaq.com
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
        O15 - Trusted Zone: http://ie.config.jp.compaq.com
        O15 - Trusted Zone: http://*.compaq.com
        O15 - Trusted Zone: *.cpqcorp.net
        O15 - Trusted Zone: http://*.dcu.org
        O15 - Trusted Zone: http://ie.config.ecom.dec.com
        O15 - Trusted Zone: http://*.dec.com
        O15 - Trusted Zone: *.hp.com
        O15 - Trusted Zone: http://*.hpe-learning.com
        O15 - Trusted Zone: *.hpqcorp.net
        O15 - Trusted Zone: *.hpshopping.com
        O15 - Trusted Zone: http://ie.config.tandem.com
        O15 - Trusted Zone: http://*.tandem.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
        O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
        O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
        O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
        O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
        O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - AppInit_DLLs: voapyb.dll
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
        O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
        O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
        O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
        O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
        O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
        O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
        O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
        O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
        O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
        O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe
        O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
        O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
        O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

        Thanks Again Dude

        HB


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Hello

        1. Close any open browsers.

        2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

        3. Open notepad and copy/paste the text in the quotebox below into it:
        File::
        D:\autorun.exe

        Folder::

        Registry::
        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
        "AppInit_DLLs"=""
        [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e23a198-6e8b-11dd-93f9-0280370f0300}]

        Driver::

        Save this as CFScript.txt, in the same location as ComboFix.exe


        CFScriptB-4.gif

        Refering to the picture above, drag CFScript into ComboFix.exe

        When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.





        Please download Malwarebytes' Anti-Malware from Here or Here

        Double Click mbam-setup.exe to install the application.
        • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
        • If an update is found, it will download and install the latest version.
        • Once the program has loaded, select "Perform Quick Scan", then click Scan.
        • The scan may take some time to finish,so please be patient.
        • When the scan is complete, click OK, then Show Results to view the results.
        • Make sure that everything is checked, and click Remove Selected.
        • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
        • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
        • Copy&Paste the entire report in your next reply.
        Extra Note:
        If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



        Also post a new HJT log


      • Advertisement
      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Ok dude, here ye go

        ComboFix log

        ComboFix 08-08-26.03 - fortunep 2008-08-27 16:15:37.6 - NTFSx86
        Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.325 [GMT 1:00]
        Running from: C:\Documents and Settings\fortunep\Desktop\ComboFix.exe
        Command switches used :: C:\Documents and Settings\fortunep\Desktop\CFScript.txt
        * Created a new restore point

        FILE ::
        D:\autorun.exe
        .
        /wow section - STAGE 46
        The process cannot access the file because it is being used by another process.
        The process cannot access the file because it is being used by another process.
        The process cannot access the file because it is being used by another process.
        The process cannot access the file because it is being used by another process.
        The process cannot access the file because it is being used by another process.


        ((((((((((((((((((((((((( Files Created from 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))
        .

        2008-08-25 16:24 . 2008-08-25 16:24 <DIR> d
        C:\Program Files\CCleaner
        2008-08-25 08:55 . 2008-08-25 08:55 <DIR> d
        C:\Program Files\CDisplay
        2008-08-25 08:11 . 2008-08-25 08:11 <DIR> d
        C:\Program Files\Pcsx2
        2008-08-22 10:51 . 2008-08-22 10:51 <DIR> d
        C:\_OTMoveIt
        2008-08-22 09:12 . 2008-08-22 09:12 <DIR> d
        C:\Program Files\Xilisoft
        2008-08-22 09:06 . 2008-08-22 09:11 <DIR> d
        C:\Program Files\SpywareGuard
        2008-08-22 09:00 . 2008-08-22 09:11 <DIR> d
        C:\ie-spyad
        2008-08-22 08:55 . 2008-08-26 10:36 <DIR> d
        C:\Program Files\SpywareBlaster
        2008-08-21 16:11 . 2008-08-21 16:11 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\Xilisoft Corporation
        2008-08-21 14:39 . 2008-08-21 14:41 <DIR> d--h-c--- C:\WINDOWS\ie8
        2008-08-21 08:22 . 2008-08-21 08:23 <DIR> d
        C:\Program Files\ASAP Utilities
        2008-08-21 08:22 . 2008-08-21 08:22 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\ASAP Utilities
        2008-08-20 14:59 . 2008-08-20 14:59 <DIR> d
        C:\Program Files\FreeUndelete
        2008-08-20 11:09 . 2008-08-20 11:09 618 --a
        C:\WINDOWS\eReg.dat
        2008-08-20 11:02 . 2008-08-20 11:02 <DIR> d
        C:\Program Files\EA Games
        2008-08-20 08:42 . 2008-08-25 12:21 <DIR> d
        C:\Program Files\DAEMON Tools Toolbar
        2008-08-20 08:42 . 2008-08-20 08:42 <DIR> d
        C:\Program Files\DAEMON Tools Lite
        2008-08-20 08:33 . 2008-08-20 08:33 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\DAEMON Tools
        2008-08-20 08:33 . 2008-08-20 08:33 717,296 --a
        C:\WINDOWS\system32\drivers\sptd.sys
        2008-08-19 16:00 . 2008-08-19 16:00 <DIR> d
        C:\Program Files\Mp3tag
        2008-08-19 16:00 . 2008-08-19 16:09 <DIR> d
        C:\Documents and Settings\fortunep\Application Data\Mp3tag
        2008-08-15 12:32 . 2008-08-21 15:56 414 --a
        C:\WINDOWS\crackpdf.INI
        2008-08-15 12:31 . 2008-08-15 12:31 <DIR> d
        C:\Program Files\PDF Password Cracker Pro v3.0
        2008-08-14 16:22 . 2008-08-14 16:24 <DIR> d
        C:\Program Files\MusicBrainz Picard
        2008-08-14 10:51 . 2008-08-14 10:52 <DIR> d
        C:\Program Files\Microsoft Software Inventory Analyzer
        2008-08-14 10:50 . 2008-08-14 10:50 <DIR> d
        C:\Program Files\DivX
        2008-08-11 08:47 . 2008-08-11 08:47 <DIR> d
        C:\Documents and Settings\All Users\Application Data\Applications
        2008-08-08 14:55 . 2008-08-19 13:49 <DIR> d
        C:\Parts
        2008-08-07 14:37 . 2008-08-07 14:37 99 --a
        C:\NASTY GIRLS.url
        2008-08-07 13:56 . 2008-08-07 13:56 <DIR> d
        C:\WINDOWS\system32\Kaspersky Lab
        2008-08-07 13:56 . 2008-08-07 13:56 <DIR> d
        C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
        2008-08-06 12:06 . 2008-08-27 14:45 <DIR> d
        C:\Documents and Settings\fortunep\tracing
        2008-08-06 12:03 . 2008-08-06 12:03 <DIR> d
        C:\Program Files\Microsoft Office Communicator
        2008-08-01 14:26 . 2008-08-01 14:26 <DIR> d
        C:\Program Files\MSN Messenger
        2008-08-01 08:46 . 2008-08-01 08:46 <DIR> d
        C:\spoolerlogs
        2008-07-31 15:57 . 2008-07-31 15:57 <DIR> d
        C:\Batches
        2008-07-31 14:47 . 2008-07-31 15:06 <DIR> d
        C:\Mac Casper Scans
        2008-07-30 09:06 . 2008-07-30 09:05 185,856 --a
        C:\WINDOWS\system32\framedyn.dll
        2008-07-30 09:05 . 2008-07-30 09:05 185,856 --a
        C:\framedyn.dll

        .
        (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2008-08-27 15:11
        d
        w C:\Program Files\symantec antivirus
        2008-08-27 15:11
        d
        w C:\Program Files\Symantec
        2008-08-27 15:11
        d
        w C:\Program Files\Common Files\Symantec Shared
        2008-08-27 15:11
        d
        w C:\Documents and Settings\All Users\Application Data\Symantec
        2008-08-27 13:06
        d
        w C:\Program Files\SUPERAntiSpyware
        2008-08-27 10:22
        d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
        2008-08-26 15:50
        d
        w C:\Documents and Settings\fortunep\Application Data\MyPhoneExplorer
        2008-08-22 10:38
        d--h--w C:\Program Files\InstallShield Installation Information
        2008-08-21 08:07
        d
        w C:\Documents and Settings\All Users\Application Data\Microsoft Help
        2008-08-01 07:49
        d
        w C:\Program Files\Google
        2008-08-01 07:42
        d
        w C:\Program Files\Bonjour
        2008-07-31 13:16
        d
        w C:\Documents and Settings\fortunep\Application Data\messages
        2008-07-31 07:32
        d
        w C:\Program Files\ReadManiac
        2008-07-30 15:32
        d
        w C:\Program Files\Hewlett-Packard
        2008-07-30 10:14
        d
        w C:\Documents and Settings\All Users\Application Data\WLInstaller
        2008-07-30 08:34
        d
        w C:\Program Files\VideoLAN
        2008-07-30 08:34
        d
        w C:\Program Files\Solveig Multimedia
        2008-07-30 08:30
        d
        w C:\Program Files\VstPlugins
        2008-07-29 15:55
        d
        w C:\Program Files\MediaMonkey
        2008-07-29 15:53
        d
        w C:\Program Files\Panda Security
        2008-07-29 15:23
        d
        w C:\Program Files\OpenDrive
        2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
        2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
        2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
        2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
        2008-07-23 16:47 634,880 ----a-w C:\WINDOWS\system32\nsx941.tmp
        2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
        2008-07-22 08:31
        d
        w C:\Program Files\Outsim
        2008-07-21 13:45
        d
        w C:\Documents and Settings\fortunep\Application Data\vlc
        2008-07-21 11:13
        d
        w C:\Documents and Settings\fortunep\Application Data\cYo
        2008-07-21 10:58 4,512 ----a-w C:\peregrine.reg
        2008-07-21 09:44
        d
        w C:\Program Files\Mindjet
        2008-07-16 09:43 284 ----a-w C:\Pj6preffile.dat
        2008-07-15 08:36
        d
        w C:\Program Files\GPL MPEG Decoder
        2008-07-14 19:03 58,594 ----a-w C:\WINDOWS\system32\mpt.exe
        2008-07-09 11:36 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
        2008-07-04 09:24
        d
        w C:\Documents and Settings\fortunep\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
        2008-07-04 09:19
        d
        w C:\Program Files\Common Files\Adobe AIR
        2008-07-03 07:58
        d
        w C:\Documents and Settings\fortunep\Application Data\Command & Conquer 3 Kane's Wrath
        2008-06-27 08:36
        d
        w C:\Program Files\Avanquest update
        2008-06-26 08:02 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
        2007-08-15 22:16 13,459 ----a-w C:\WINDOWS\system32\config\systemprofile\createprof.vbs
        2007-08-15 22:16 13,459 ----a-w C:\Documents and Settings\hpadmin\createprof.vbs
        2007-08-15 22:16 13,459 ----a-w C:\Documents and Settings\fortunep\createprof.vbs
        2007-08-15 22:16 13,459 ----a-w C:\Documents and Settings\Default User\createprof.vbs
        2007-08-07 17:32 2,354 ----a-w C:\WINDOWS\system32\config\systemprofile\enablecoe.vbs
        2007-08-07 17:32 2,354 ----a-w C:\Documents and Settings\hpadmin\enablecoe.vbs
        2004-07-23 21:44 1,431,144 ----a-w C:\WINDOWS\inf\SET69.tmp
        2008-02-07 20:46 13,624 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
        2008-02-07 20:46 87,360 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
        2008-02-07 20:46 91,448 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
        2008-02-07 20:46 21,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
        2008-02-07 20:46 206,136 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
        2008-02-07 20:46 31,544 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
        2008-02-07 20:46 40,248 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
        2007-03-16 16:27 479,232 ----a-w C:\Program Files\mozilla firefox\plugins\msvcm80.dll
        2007-03-16 16:27 548,864 ----a-w C:\Program Files\mozilla firefox\plugins\msvcp80.dll
        2007-03-16 16:27 626,688 ----a-w C:\Program Files\mozilla firefox\plugins\msvcr80.dll
        2007-07-20 11:47 981,170 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
        2008-02-07 20:46 24,384 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
        .

        ((((((((((((((((((((((((((((( snapshot@2008-08-27_14.51.40.50 )))))))))))))))))))))))))))))))))))))))))
        .
        - 2008-08-08 07:29:59 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
        + 2008-08-27 15:06:14 40,960 ----a-r C:\WINDOWS\Installer\{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
        .
        ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
        "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 356352]
        "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]
        "Gadwin PrintScreen Pro"="C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2008-07-21 11:38 516096]
        "mpt"="c:\WINDOWS\system32\mpt.exe" [2008-07-14 20:03 58594]
        "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-08-08 13:11 490952]
        "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
        "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-27 14:06 1576176]

        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "COEMsgDisplay"="C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 20:44 26624]
        "QuickPassword"="C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe" [2007-06-26 23:06 225280]
        "SmcService"="C:\PROGRA~1\Sygate\SSA\smc.exe" [2005-08-05 17:22 2582240]
        "GetIT"="C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe" [2007-12-04 01:12 286720]
        "IDA"="C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE" [2008-01-03 23:54 176128]
        "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2006-10-06 11:11 98304]
        "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2006-10-06 11:13 114688]
        "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2006-10-06 11:10 94208]
        "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe" [2007-09-25 21:23 75256]
        "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 22:48 479232]
        "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
        "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 06:10 15872]
        "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352]
        "H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
        "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-02-20 13:06 741376]
        "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
        "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
        "Communicator"="C:\Program Files\Microsoft Office Communicator\communicator.exe" [2008-08-06 12:03 5720072]
        "RTHDCPL"="RTHDCPL.EXE" [2006-10-11 18:36 16267776 C:\WINDOWS\RTHDCPL.EXE]

        [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
        "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:56 15360]

        C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
        Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 04:05:26 29696]
        Symantec NetBackup Desktop Agent.lnk - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe [2008-01-04 06:50:04 7304568]
        WinZip Quick Pick.lnk - c:\WINDOWS\Installer\{9FDF923E-DB53-41E4-8CE6-8DEB8301C12E}\Icon_WZQKPICK.EXE [2008-08-06 15:10:57 65536]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
        "SynchronousMachineGroupPolicy"= 0 (0x0)
        "SynchronousUserGroupPolicy"= 0 (0x0)
        "DisableNT4Policy"= 1 (0x1)

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
        "NoMSAppLogo5ChannelNotify"= 1 (0x1)
        "NoBandCustomize"= 0 (0x0)

        [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
        "Btn_Back"= 0 (0x0)
        "Btn_Forward"= 0 (0x0)
        "Btn_Stop"= 0 (0x0)
        "Btn_Refresh"= 0 (0x0)
        "Btn_Home"= 0 (0x0)
        "Btn_Search"= 0 (0x0)
        "Btn_History"= 0 (0x0)
        "Btn_Favorites"= 0 (0x0)
        "Btn_Media"= 0 (0x0)
        "Btn_Folders"= 0 (0x0)
        "Btn_Fullscreen"= 0 (0x0)
        "Btn_Tools"= 0 (0x0)
        "Btn_MailNews"= 0 (0x0)
        "Btn_Size"= 0 (0x0)
        "Btn_Print"= 0 (0x0)
        "Btn_Edit"= 0 (0x0)
        "Btn_Discussions"= 0 (0x0)
        "Btn_Cut"= 0 (0x0)
        "Btn_Copy"= 0 (0x0)
        "Btn_Paste"= 0 (0x0)
        "Btn_Encoding"= 0 (0x0)
        "Btn_PrintPreview"= 0 (0x0)
        "NoFavoritesMenu"= 0 (0x0)
        "NoLogoff"= 0 (0x0)
        "NoBandCustomize"= 0 (0x0)
        "NoMovingBands"= 0 (0x0)
        "NoCloseDragDropBands"= 0 (0x0)

        [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
        "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

        [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
        2008-08-27 14:06 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
        "Script"=NOITSCAN.bat

        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1957994488-842925246-40105171-690474\Scripts\Logon\0\0]
        "Script"=NOITSCAN.bat

        [HKEY_LOCAL_MACHINE\software\microsoft\security center]
        "AntiVirusDisableNotify"=dword:00000001

        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
        "DisableMonitoring"=dword:00000001

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
        "EnableFirewall"= 0 (0x0)
        "DisableNotifications"= 1 (0x1)
        "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
        "C:\\Program Files\\MSN Messenger\\livecall.exe"=

        R2 acautoreg;ActivCard Gold Autoregister;C:\Program Files\Common Files\ActivCard\acautoreg.exe [2007-06-26 23:06]
        R2 Accoca;ActivCard Gold service;C:\Program Files\Common Files\ActivCard\accoca.exe [2007-06-26 23:06]
        R2 DLOChangeJournalSvc;Symantec NetBackup Desktop Agent Change Journal Reader;C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe [2008-01-04 04:57]
        R2 HPSygControl;HP Sygate Icon Control;C:\PROGRA~1\sygate\ssa\syg_hp.exe [2006-01-25 22:25]
        R2 msralinkmonitor;MSRA Link Monitor;C:\Program Files\Remote tools\msraLinkMonitor.exe [2007-08-28 15:28]
        R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 15:34]
        R2 radexecd;HP OVCM Notify Daemon;C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe [2007-02-20 13:59]
        R2 radsched;HP OVCM Scheduler Daemon;C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe [2007-03-22 17:19]
        R2 Radstgms;HP OVCM MSI Redirector;C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe [2007-03-20 12:03]
        R3 akbus;ActivCard Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\akbus.sys [2007-04-06 11:46]
        R3 akpcsc;ActivCard Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akpcsc.sys [2007-06-26 23:06]
        R3 aksbus;ActivIdentity Virtual Reader Enumerator;C:\WINDOWS\system32\DRIVERS\aksbus.sys [2007-04-06 11:46]
        R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;C:\WINDOWS\system32\DRIVERS\akspcsc.sys [2007-06-26 23:06]
        R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-10-23 00:00]
        R3 RadiaMsi;RadiaMsi;C:\WINDOWS\system32\DRIVERS\radiamsi.sys [2007-08-03 10:31]
        S3 actccid;ActivCard USB Reader V2;C:\WINDOWS\system32\DRIVERS\actccid.sys [2007-06-26 23:06]
        S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
        S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-05-23 10:40]
        S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe [2005-08-05 17:18]
        S3 Service_Desktop;Desktop;C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe []
        .
        Contents of the 'Scheduled Tasks' folder

        2008-08-27 C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-27 C:\WINDOWS\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-27 C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-27 C:\WINDOWS\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
        - C:\Program Files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-23 23:27]

        2008-08-27 C:\WINDOWS\Tasks\IDA{884F3959-E5F7-11D1-9B15-080009F878E4}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]

        2008-08-27 C:\WINDOWS\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
        - C:\WINDOWS\system32\rundll32.exe [2004-08-04 01:56]
        .
        - - - - ORPHANS REMOVED - - - -

        Notify-NavLogon - (no file)



        **************************************************************************

        catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2008-08-27 16:18:47
        Windows 5.1.2600 Service Pack 2 NTFS

        scanning hidden processes ...

        scanning hidden autostart entries ...

        scanning hidden files ...

        scan completed successfully
        hidden files: 0

        **************************************************************************

        [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
        "ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

        [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
        "ImagePath"=""
        .
        DLLs Loaded Under Running Processes

        PROCESS: C:\WINDOWS\system32\winlogon.exe
        -> C:\WINDOWS\system32\NavLogon.dll
        .
        Completion time: 2008-08-27 16:21:17
        ComboFix-quarantined-files.txt 2008-08-27 15:20:25
        ComboFix2.txt 2008-08-27 13:52:23

        Pre-Run: 30,051,500,032 bytes free
        Post-Run: 30,031,036,416 bytes free

        281

        Malwarebytes log

        Malwarebytes' Anti-Malware 1.18
        Database version: 884

        16:29:24 2008-08-27
        mbam-log-8-27-2008 (16-29-24).txt

        Scan type: Quick Scan
        Objects scanned: 43796
        Time elapsed: 5 minute(s), 37 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 0

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        (No malicious items detected)

        HJT Log
        Logfile of HijackThis v1.99.1
        Scan saved at 16:30, on 2008-08-27
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v8.00 (8.00.6001.17184)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sygate\SSA\smc.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Common Files\ActivCard\acautoreg.exe
        C:\Program Files\Common Files\ActivCard\accoca.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        C:\PROGRA~1\sygate\ssa\syg_hp.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Remote tools\msraLinkMonitor.exe
        C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
        C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        C:\Program Files\CDBurnerXP\NMSAccessU.exe
        C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        C:\WINDOWS\system32\svchost.exe
        C:\Program Files\UPHClean\uphclean.exe
        C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\WINDOWS\system32\igfxtray.exe
        C:\WINDOWS\system32\hkcmd.exe
        C:\WINDOWS\system32\igfxpers.exe
        C:\Program Files\Google\Gmail Notifier\gnotify.exe
        C:\Program Files\Winamp\winampa.exe
        C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
        C:\Program Files\Microsoft Office Communicator\communicator.exe
        C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
        C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
        C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
        C:\Program Files\DAEMON Tools Lite\daemon.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\Common Files\Teleca Shared\Generic.exe
        C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
        C:\WINDOWS\system32\rundll32.exe
        C:\Program Files\Windows Media Player\wmplayer.exe
        C:\WINDOWS\explorer.exe
        C:\WINDOWS\system32\notepad.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
        C:\Program Files\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://athp.hp.com/portal/site/athp/index.jsp
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com/
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O4 - HKLM\..\Run: [COEMsgDisplay] C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
        O4 - HKLM\..\Run: [QuickPassword] C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SSA\smc.exe -startgui
        O4 - HKLM\..\Run: [GetIT] C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
        O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
        O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
        O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
        O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
        O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_13\bin\jusched.exe"
        O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
        O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
        O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
        O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
        O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
        O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
        O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
        O4 - HKCU\..\Run: [mpt] c:\WINDOWS\system32\mpt.exe
        O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
        O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = ?
        O8 - Extra context menu item: Download with Xilisoft YouTube Video Converter - C:\Program Files\Xilisoft\YouTube Video Converter\upod_link.HTM
        O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll
        O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
        O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - (no file)
        O9 - Extra button: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O9 - Extra 'Tools' menuitem: Fix Common Internet Explorer Problems - {E270AB82-96D5-45DB-ABE3-0BC038B92334} - C:\Program Files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
        O11 - Options group: [INTERNATIONAL] International*
        O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com
        O15 - Trusted Zone: http://ie.config.eur.compaq.com
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
        O15 - Trusted Zone: http://ie.config.jp.compaq.com
        O15 - Trusted Zone: http://*.compaq.com
        O15 - Trusted Zone: *.cpqcorp.net
        O15 - Trusted Zone: http://*.dcu.org
        O15 - Trusted Zone: http://ie.config.ecom.dec.com
        O15 - Trusted Zone: http://*.dec.com
        O15 - Trusted Zone: *.hp.com
        O15 - Trusted Zone: http://*.hpe-learning.com
        O15 - Trusted Zone: *.hpqcorp.net
        O15 - Trusted Zone: *.hpshopping.com
        O15 - Trusted Zone: http://ie.config.tandem.com
        O15 - Trusted Zone: http://*.tandem.com
        O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
        O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
        O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
        O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cab
        O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
        O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://sdcsqllmspro04/ProjectServer/objects/pjclient.cab
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189776183175
        O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://sdcsqllmspro04/ProjectServer/objects/1033/pjcintl.cab
        O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\Software\..\Telephony: DomainName = emea.hpqcorp.net
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CS4\Services\Tcpip\Parameters: Domain = emea.cpqcorp.net
        O17 - HKLM\System\CS4\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = EMEA.cpqcorp.net,EMEA.hpqcorp.net,hpqcorp.net,cpqcorp.net
        O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
        O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
        O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
        O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
        O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
        O23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exe
        O23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exe
        O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
        O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
        O23 - Service: HP Sygate Icon Control (HPSygControl) - Hewlett-Packard Company - C:\PROGRA~1\sygate\ssa\syg_hp.exe
        O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
        O23 - Service: Lan Discover Agent (magaService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\maga\maga.exe
        O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
        O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
        O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
        O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
        O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
        O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
        O23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
        O23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
        O23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
        O23 - Service: Desktop (Service_Desktop) - Unknown owner - C:\Program Files\Free-Soft\Virtual Desktop\Desktop.exe (file missing)
        O23 - Service: Sygate Security Agent (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SSA\smc.exe

        Cheers

        HB


      • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


        Your logs are clean


        Follow these steps to uninstall Combofix and tools used in the removal of malware
        • Click START then RUN
        • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
          CF_Cleanup.png


        • Make sure you have an Internet Connection.
        • Download OTCleanIt to your desktop and run it
        • A list of tool components used in the Cleanup of malware will be downloaded.
        • If your Firewall or Real Time protection attempts to block OTCleanUp to reach the Internet, please allow the application to do so.
        • Click Yes to beging the Cleanup process and remove these components, including this application.
        • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



        Please download JavaRa to your desktop and unzip it to its own folder
        • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
        • Accept any prompts.
        • Open JavaRa.exe again and select Search For Updates.
        • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



        Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
        http://www.adobe.com/products/acrobat/readstep2.html




        Below I have included a number of recommendations for how to protect your computer against malware infections.

        * Keep Windows updated by regularly checking their website at :
        http://windowsupdate.microsoft.com/
        This will ensure your computer has always the latest security updates available installed on your computer.

        * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

        SpywareBlaster protects against bad ActiveX
        IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
        Have a look at this tutorial for IE-Spyad here

        * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program or there will be a conflict.

        Make Internet Explorer more secure
        • Click Start > Run
        • Type Inetcpl.cpl & click OK
        • Click on the Security tab
        • Click Reset all zones to default level
        • Make sure the Internet Zone is selected & Click Custom level
        • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
        • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

        * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

        * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
        secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
        blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
        Here

        * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
        Here

        Thank you for your patience, and performing all of the procedures requested.


      • Registered Users, Registered Users 2 Posts: 1,536 ✭✭✭hamsterboy


        Many thanks again dude.
        You're a legend :)

        HB


      Advertisement