Windows XP Start-up Problems [RESOLVED]

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

3 Pages

1 2 3 >

Windows XP Start-up Problems [RESOLVED], WinFixer and RUNDLL Errors on Start-up

Options

harrissa View Member Profile	Sep 23 2005, 10:20 PM Post #1
Member Posts: 18 OS: Windows XP Professional	When I start-up Windows XP I encounter the following problems: 1. WinFixer 2005 Installer Pop-up 2. RUNDLL - Error loading DOCEOC16B1 3. RUNDLL - Error loading E6F1873B.DLL I have followed your required actions and have done the following: 1. Ran WinSockXPFix 2. Ran CleanUp! 3. Ran Ad-aware SE 4. Ran CWShredder 5. Ran Spybot S&D 6. Ran Ewido Security Suite for Windows 2000 and XP only 7. Ran Trend Housecall 8. Ran TrojanHunter 9. Ran Windows Update - My machine is completely up-to-date, including Windows XP Service Pack 2 (SP2). The HijackThis log follows: Logfile of HijackThis v1.99.1 Scan saved at 11:49:28 PM, on 09/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\CreataCard\Gold\FMRemind.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Nikon\NkView4\NkVwMon.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\PeDevice\PeDev.exe C:\HJT\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.cox.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PBHelper - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: IEFriendly Class - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll (file missing) O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot O4 - HKLM\..\Run: [Edlahjy] C:\Program Files\Oailqvy\Bhznoo.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe" O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Jan Harris\Desktop\LyL AIM 2.0\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127008301984 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe The Ewido Scan Log follows: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 10:37:50 PM, 09/23/2005 + Report-Checksum: 2884B09F + Scan result: HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Spyware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Spyware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\motoin -> Spyware.Delfin : Cleaned with backup HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup HKLM\SOFTWARE\Preview AdService -> Spyware.BlazeFind : Cleaned with backup HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\YourSiteBar\Historysearch -> Spyware.ISTBar : Error during cleaning HKU\S-1-5-21-2381138938-3179742922-2167395947-1005\Software\Microsoft\Internet Explorer\MenuExt\SirSearch -> Spyware.KeenValue : Cleaned with backup HKU\S-1-5-21-2381138938-3179742922-2167395947-1005\Software\PWRSMND1 -> Spyware.KeenValue : Cleaned with backup HKU\S-1-5-21-2381138938-3179742922-2167395947-1005\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup [136] C:\WINDOWS\system32\D0CE0C16B1.dll -> Spyware.Hijacker.Generic : Error during cleaning [792] C:\WINDOWS\exe82.exe -> Spyware.MediaMotor : Cleaned with backup C:\WINDOWS\SYSTEM32\DRIVERS\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup C:\WINDOWS\SYSTEM32\b5s.dll -> Adware.eZula : Cleaned with backup C:\WINDOWS\SYSTEM32\__delete_on_reboot__D0CE0C16B1.dll -> Spyware.Hijacker.Generic : Cleaned with backup C:\WINDOWS\Downloaded Program Files\YSBactivex.dll -> TrojanDownloader.IstBar : Cleaned with backup C:\WINDOWS\Downloaded Program Files\m67m.ocx -> Spyware.MediaMotor : Cleaned with backup C:\WINDOWS\caddjq.exe -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\mm81.ocx -> TrojanDownloader.VB.ov : Cleaned with backup C:\WINDOWS\exe82.exe -> Spyware.MediaMotor : Cleaned with backup C:\WINDOWS\emvxyputva.exe -> Adware.BetterInternet : Cleaned with backup C:\x.bat -> Trojan.Zapchast : Cleaned with backup C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\nsvs.dll -> Spyware.Delfin : Cleaned with backup C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq2E.tmp\nsv.ocx -> Spyware.Delfin : Cleaned with backup C:\Documents and Settings\Steven A. Harris\Cookies\steven a. harris@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Steven A. Harris\Cookies\steven a. harris@ugl.adtrak[2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll -> Spyware.Nomeh : Cleaned with backup C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup C:\Program Files\Common Files\Oem Common\robj1.dll -> Spyware.Nomeh : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP240\A0021827.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP240\A0021867.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP241\A0021957.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP243\A0022128.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP244\A0022140.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP245\A0022148.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP245\A0022150.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP248\A0022185.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP250\A0022219.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP251\A0022255.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP252\A0022266.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP253\A0022286.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP254\A0022306.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP255\A0022319.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP256\A0022334.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP257\A0022347.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP258\A0022365.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP259\A0022414.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP259\A0022415.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP260\A0022423.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP262\A0022444.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP263\A0022465.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP264\A0022480.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP265\A0022493.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP267\A0022539.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP268\A0023533.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP270\A0023692.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP324\A0024608.exe -> Adware.Saha : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP331\A0024742.exe -> Adware.Saha : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP331\A0024745.exe -> Spyware.WebRebates : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP331\A0024747.exe -> Spyware.WebRebates : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP332\A0024810.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP339\A0025912.exe -> TrojanDownloader.Intexp.d : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP339\A0025913.exe -> Trojan.Imiserv.c : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP339\A0025914.DLL -> Spyware.Hijacker.Generic : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP339\A0025917.dll -> Spyware.Delfin : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP339\A0025918.ocx -> Spyware.Delfin : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP339\A0025923.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP339\A0025924.exe -> Adware.SaveNow : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP339\A0025930.dll -> TrojanDownloader.Braidupdate.d : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026374.exe -> Spyware.DelphinMediaViewer : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026375.exe -> Spyware.PurityScan.u : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026378.exe -> TrojanDownloader.Agent.dn : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026379.exe -> Trojan.Small.cy : Cleaned with backup ::Report End I appreciate your assistance in correcting these problems. Harrissa

ukbiker View Member Profile	Sep 28 2005, 05:01 AM Post #2
Rest in Peace, ukbiker Posts: 2,017 From: Gloucestershire, UK OS: xp	Hello and welcome to Geeks To Go. I am UKBiker and will be helping you with this log. Lets start out with some general scans and see if we cant clean things up a little. +++++ Step 1 +++++ Please download Ewido security suite it is a trial version of the program. If you already have Ewido, ensure that it is up to date. Install Ewido security suite Launch Ewido, there should be an icon on your desktop double-click it. The program will prompt you to update click the OK button The program will now go to the main screen You will need to update ewido to the latest definition files. On the left hand side of the main screen click update Click on Start The update will start and a progress bar will show the updates being installed. Once the updates are installed do the following: Click on scanner Make sure the following boxes are checked before scanning: Binder Crypter Archives Click on Start Scan Let the program scan the machine While the scan is in progress you will be prompted to clean files, click OK Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report Save the report to your desktop +++++ Step 2 +++++ Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply) +++++ Step 3 +++++ After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions. Open HijackThis, click Config, click Misc Tools Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. Post back with those logs and we can continue from there. If you have recieved help elsewhere or no longer need our assistance, please let us know.

harrissa View Member Profile	Sep 28 2005, 08:16 PM Post #3
Member Posts: 18 OS: Windows XP Professional	Hello UKBiker, Thanks for taking time to help me with this problem. I believe I have followed your directions and my response will address each of your steps in the order that you provided them. Step 1. I re-ran the Ewido security scan after running update. No updates were available. The report for this scan follows: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:23:09 PM, 09/28/2005 + Report-Checksum: C4D11D22 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Cleaned with backup HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning HKLM\SOFTWARE\YourSiteBar\Historysearch -> Spyware.ISTBar : Error during cleaning C:\Documents and Settings\Steven A. Harris\Cookies\steven a. harris@coxhsi.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Steven A. Harris\Cookies\steven a. harris@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026380.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026381.dll -> Adware.eZula : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026382.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026383.ocx -> TrojanDownloader.VB.ov : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026384.exe -> Adware.BetterInternet : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026385.bat -> Trojan.Zapchast : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026386.dll -> Spyware.Delfin : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026389.exe -> Spyware.Delfin : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026390.dll -> Spyware.Nomeh : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026387.ocx.tcf -> Spyware.Delfin : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026388.dll.tcf -> Spyware.Nomeh : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP347\A0026553.dll -> Spyware.Hijacker.Generic : Cleaned with backup C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP347\A0026554.exe -> Spyware.MediaMotor : Cleaned with backup ::Report End Step 2. I re-ran the housecall on-line virus scan. The scan found no infections and did not produce a report for me to save. Therefore, I have not included one. Step 3. I re-ran Hijack This and the normal log follows first: Logfile of HijackThis v1.99.1 Scan saved at 10:01:16 PM, on 09/28/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\devldr32.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe C:\Program Files\Nikon\NkView4\NkVwMon.exe C:\HJT\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.cox.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PBHelper - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: IEFriendly Class - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll (file missing) O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot O4 - HKLM\..\Run: [Edlahjy] C:\Program Files\Oailqvy\Bhznoo.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe" O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Jan Harris\Desktop\LyL AIM 2.0\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127008301984 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326 O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe The following log is the uninstall_list log that you requested: 2001 TurboTax Deluxe Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Download Manager 2.0 (Remove Only) Adobe Reader 7.0 Adobe SVG Viewer 3.0 Adobe� Photoshop� Album Starter Edition 3.0 American Greetings CreataCard Select 6 American Greetings Scrapbooks and More! ATI Display Driver Broderbund Media Manager Canon iP6600D Canon iP6600D Memory Card Utility Canon PhotoRecord Canon Utilities Easy-PhotoPrint ccCommon Citrix ICA Web Client CleanUp! Conexant HSF V92 56K Data Fax PCI Modem Cox Online Support Controls CreataCard Gold 3 Dell Solution Center Easy CD Creator 5 Basic Easy-WebPrint ewido security suite HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 Hotfix for Windows XP (KB896344) hp deskjet 5550 series hp deskjet 5550 series (Remove only) hp instant support hp print screen utility Intel® PRO Ethernet Adapter and Software Intel® PROSet II Intel� Pro Alerting Agent, Version 3.0.0 Intel� PRO Network Adapters WMI Provider (2.0) Internet Worm Protection ItsDeductible Express iTunes J2SE Runtime Environment 5.0 Update 1 J2SE Runtime Environment 5.0 Update 2 J2SE Runtime Environment 5.0 Update 4 Java 2 Runtime Environment Standard Edition v1.3.1_04 LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) MapSource - North American City Navigator v4.01 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Broadband Networking Microsoft Data Access Components KB870669 Microsoft Office XP Professional Microsoft Web Publishing Wizard 1.52 Microsoft Windows Journal Viewer Modem Helper Network Play System (Patching) Nikon View 4 Norton AntiVirus 2005 Norton AntiVirus 2005 (Symantec Corporation) Norton AntiVirus Help Norton AntiVirus Parent MSI Norton AntiVirus SYMLT MSI Norton WMI Update Norton WMI Update Oemji Toolbar OMCI Presto! ImageFolio LE Presto! PageManager Presto! PageType Presto! PhotoAlbum Quicken 2005 Quicken Lawyer 2002 Personal Deluxe Quicken WillMaker Plus 2005 QuickTime Registry Mechanic 5.0 Remove Hidden Data Tool SafeCast Shared Components Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB903235) Shockwave Sound Blaster Live! Value SPBBC Spybot - Search & Destroy 1.4 Symantec Symantec Script Blocking Installer SymNet The Print Shop The Sims TrojanHunter 4.2 TurboTax Deluxe 2002 TurboTax Deluxe 2003 TurboTax Deluxe 2004 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900930) Viewpoint Manager (Remove Only) Viewpoint Media Player VistaShuttle VPN Client Windows Blaster Worm Removal Tool (KB833330) Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Connect Windows Media Connect Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888240 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 Once again, I appreciate your help. Harrissa

harrissa

Sep 28 2005, 08:17 PM

Post #4

Member

Posts: 18
OS: Windows XP Professional

Hello UKBiker,

Thanks for taking time to help me with this problem. I believe I have followed your directions and my response will address each of your steps in the order that you provided them.

Step 1.

I re-ran the Ewido security scan after running update. No updates were available. The report for this scan follows:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:23:09 PM, 09/28/2005
+ Report-Checksum: C4D11D22

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Error during cleaning
HKLM\SOFTWARE\YourSiteBar\Historysearch -> Spyware.ISTBar : Error during cleaning
C:\Documents and Settings\Steven A. Harris\Cookies\steven a. harris@coxhsi.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Steven A. Harris\Cookies\steven a. harris@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026380.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026381.dll -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026382.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026383.ocx -> TrojanDownloader.VB.ov : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026384.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026385.bat -> Trojan.Zapchast : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026386.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026389.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026390.dll -> Spyware.Nomeh : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026387.ocx.tcf -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP346\A0026388.dll.tcf -> Spyware.Nomeh : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP347\A0026553.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP347\A0026554.exe -> Spyware.MediaMotor : Cleaned with backup

::Report End

Step 2.

I re-ran the housecall on-line virus scan. The scan found no infections and did not produce a report for me to save. Therefore, I have not included one.

Step 3.

I re-ran Hijack This and the normal log follows first:

Logfile of HijackThis v1.99.1
Scan saved at 10:01:16 PM, on 09/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://education.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.cox.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBHelper - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IEFriendly Class - {D240DC29-C093-4388-B71F-A7103C796B0C} - C:\Program Files\Oemji\OemjiSearchPlus\OemjiPls.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Oemji - {804DB5C7-31E6-4885-850A-F1941B58A4C7} - C:\Program Files\Oemji\Toolbar\OemjiSrc.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AOL Instant Messenger] aimsgr.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [A70F6A1D-0195-42a2-934C-D8AC0F7C08EB] rundll32.exe E6F1873B.DLL,D9EBC318C
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [hpinstantsupport] "C:\Program Files\Hewlett-Packard\hpis\bin\matcliwrapper.exe" "C:\Program Files\Hewlett-Packard\hpis\" -boot
O4 - HKLM\..\Run: [Edlahjy] C:\Program Files\Oailqvy\Bhznoo.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [seli] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDUiP6600DMon] C:\Program Files\Canon\Memory Card Utility\iP6600D\PDUiP6600DMon.exe
O4 - HKLM\..\RunServices: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\RunServices: [AOL Instant Messenger] aimsgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: CreataCard Gold 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Gold\FMRemind.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Documents and Settings\Jan Harris\Desktop\LyL AIM 2.0\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccommon.../cx_tgctlcm.jsp
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab