Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple problems, malware/trojans/virus Oh my!


  • This topic is locked This topic is locked

#1
pwt5

pwt5

    Member

  • Member
  • PipPip
  • 27 posts
I ran through the processes required before posing HJT log. Most of them were able to run. . AdAware wasn't able to remove all problems identified. . . . Panda online scan wasn't able to run. . . I was unable to update my microsoft updates. Please help. . .below I've listed my HJT log as well as the Uninstall list from HJT. I have also pasted my ewido log. Please let me know if you would like me to do anything else to fix my computer. Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 8:46:39 AM, on 10/14/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\config\msconfig\taskmgr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\hphmon04.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.n...a...&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,winservnt32.exe,dibnaww.exe,ddjfihw.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [bppoxa] C:\WINNT\system32\bxlwxc.exe reg_run
O4 - HKLM\..\Run: [winapildr] c:\windows\drivers\ias\[bleep].bat
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKLM\..\Run: [ltbptqfA] C:\WINNT\ltbptqfA.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [buhxpo] C:\WINNT\system32\cddgpq.exe reg_run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [wmwpy] C:\WINNT\system32\bxlwxc.exe reg_run
O4 - HKCU\..\Run: [ntdll.dll] "C:\Program Files\PSDream\PSDream.exe"
O4 - HKCU\..\Run: [xqnyq] C:\WINNT\system32\cddgpq.exe reg_run
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinlpes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_home
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143225708926
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O20 - Winlogon Notify: ShellCompatibility - C:\WINNT\system32\jtpu0779e.dll
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\MSupdate.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - C:\WINNT\system32\config\msconfig\taskmgr.exe


UNINSTALL LIST

Ad-Aware SE Personal
Adobe Photoshop 7.0
AVG Anti-Spyware 7.5
Canon Camera TWAIN Driver 6.0
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
ccCommon
CleanUp!
Dial 4.0
DiMAGE Viewer
EarthLink Software
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON PictureMate User's Guide
EPSON Printer Software
Film Factory
Generic 6-in-1 USB Card Reader Driver v1.7
Google Toolbar for Internet Explorer
HijackThis 1.99.1
hp instant support
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
KONICA_MINOLTA DiMAGE remote camera driver
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft Office XP Professional with FrontPage
MSN Messenger 5.0
Nero
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Panda ActiveScan
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PowerDVD
Prevx1
QuickTime
RealPlayer Basic
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
TPP Storage Driver Installation
TrojanHunter 4.6
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
Windows 2000 Hotfix - KB823980
WinZip
  • 0

Advertisements


#2
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi pwt5,

Sorry for the delay, its has been pretty busy here lately. :whistling:


Download Combofix.exe and save it to your desktop.

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log and Uninstall List and I will take another look.

Thanks.
  • 0

#3
pwt5

pwt5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Thank you for your response! Below I have insert a combofix log, followed by HJT and Uninstall.

Lawrence Luecke - Sat 2006-10-21 17:17:48.49 Service Pack 4
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Lawrence Luecke\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{27EAB1E9-09C4-438C-9B28-1EDFEFA8B824}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{27EAB1E9-09C4-438C-9B28-1EDFEFA8B824}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{27EAB1E9-09C4-438C-9B28-1EDFEFA8B824}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{27EAB1E9-09C4-438C-9B28-1EDFEFA8B824}\InprocServer32]
@="C:\\WINNT\\system32\\SMTUPAPI.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{B01FB050-50AA-484F-AC6A-45C53F8FCE70}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{B01FB050-50AA-484F-AC6A-45C53F8FCE70}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{B01FB050-50AA-484F-AC6A-45C53F8FCE70}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{B01FB050-50AA-484F-AC6A-45C53F8FCE70}\InprocServer32]
@="C:\\WINNT\\system32\\txpmib.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{A3C2845B-0631-4F16-8A38-F6A35A733E72}]
@=""

[HKEY_CLASSES_ROOT\clsid\{A3C2845B-0631-4F16-8A38-F6A35A733E72}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{A3C2845B-0631-4F16-8A38-F6A35A733E72}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{A3C2845B-0631-4F16-8A38-F6A35A733E72}\InprocServer32]
@="C:\\WINNT\\system32\\kmdbene.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{6541A79E-A60C-4C57-B583-5BE1866AC7F1}]
@=""
"IDEx"="AD"

[HKEY_CLASSES_ROOT\clsid\{6541A79E-A60C-4C57-B583-5BE1866AC7F1}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{6541A79E-A60C-4C57-B583-5BE1866AC7F1}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{6541A79E-A60C-4C57-B583-5BE1866AC7F1}\InprocServer32]
@="C:\\WINNT\\system32\\wbstream.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{CE02EAD2-865C-4B02-A5A6-E5EBDF92B50D}]
@=""

[HKEY_CLASSES_ROOT\clsid\{CE02EAD2-865C-4B02-A5A6-E5EBDF92B50D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{CE02EAD2-865C-4B02-A5A6-E5EBDF92B50D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{CE02EAD2-865C-4B02-A5A6-E5EBDF92B50D}\InprocServer32]
@="C:\\WINNT\\system32\\vtmdbg.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{0C310EF8-5499-4E9B-AD45-73303F8DE742}]
@=""

[HKEY_CLASSES_ROOT\clsid\{0C310EF8-5499-4E9B-AD45-73303F8DE742}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{0C310EF8-5499-4E9B-AD45-73303F8DE742}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{0C310EF8-5499-4E9B-AD45-73303F8DE742}\InprocServer32]
@="C:\\WINNT\\system32\\wfspdmod.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{BBBCC987-2D95-48BD-A387-6416D906508B}]
@=""

[HKEY_CLASSES_ROOT\clsid\{BBBCC987-2D95-48BD-A387-6416D906508B}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{BBBCC987-2D95-48BD-A387-6416D906508B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{BBBCC987-2D95-48BD-A387-6416D906508B}\InprocServer32]
@="C:\\WINNT\\system32\\biowsewm.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{278E47C4-3E69-475F-97B3-235AC7C1237D}]
@=""

[HKEY_CLASSES_ROOT\clsid\{278E47C4-3E69-475F-97B3-235AC7C1237D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{278E47C4-3E69-475F-97B3-235AC7C1237D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{278E47C4-3E69-475F-97B3-235AC7C1237D}\InprocServer32]
@="C:\\WINNT\\system32\\oT48lihu1848.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{C7AA868A-C6A2-4C2A-9C01-1D0DB8804438}]
@=""

[HKEY_CLASSES_ROOT\clsid\{C7AA868A-C6A2-4C2A-9C01-1D0DB8804438}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{C7AA868A-C6A2-4C2A-9C01-1D0DB8804438}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{C7AA868A-C6A2-4C2A-9C01-1D0DB8804438}\InprocServer32]
@="C:\\WINNT\\system32\\ozexl32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{1EE9BCD1-6A54-43E7-9104-B3C342CAFF72}]
@=""

[HKEY_CLASSES_ROOT\clsid\{1EE9BCD1-6A54-43E7-9104-B3C342CAFF72}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{1EE9BCD1-6A54-43E7-9104-B3C342CAFF72}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{1EE9BCD1-6A54-43E7-9104-B3C342CAFF72}\InprocServer32]
@="C:\\WINNT\\system32\\tbpelib.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINNT\system32\fppu0379e.dll
C:\WINNT\system32\h8l2li3o18.dll
C:\WINNT\system32\n86q0ij5e8o.dll
C:\WINNT\system32\tbpelib.dll
C:\WINNT\system32\guard.tmp


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06-10-08 15:34 276 axjmh.dll.qoo
06-09-27 21:45 53 boncwo.dat.qoo

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Lawrence Luecke\Application Data\Sskdmns.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\deskbar_e20.exe
C:\deskbar_e21.exe
C:\WINNT\Eim03.exe
C:\WINNT\offun.exe
C:\WINNT\uninstall_nmon.vbs
C:\Documents and Settings\Default User.WINNT\Application Data\NetMon
C:\Program Files\Common Files\misc002
C:\Program Files\Deskbar
C:\Program Files\Inetget2
C:\WINNT\system32\crunner
C:\Program Files\Common Files\{9CCFDFFF-02B9-1033-1113-001116190001}


((((((((((((((((((((((((((((((( Files Created from 2006-09-21 to 2006-10-21 ))))))))))))))))))))))))))))))))))


2006-10-14 08:09 127,208 --a------ C:\WINNT\system32\mucltui.dll
2006-10-11 21:21 76,560 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2006-10-04 20:35 684,052 ---hs---- C:\WINNT\absatpi.dll
2006-10-03 05:43 1,122,559 ---hs---- C:\WINNT\system32\fgiii.ini2
2006-10-02 21:27 86,068 --a------ C:\WINNT\system32\tnmgaytb.dll
2006-10-02 21:11 86,068 --a------ C:\WINNT\system32\galkjexe.dll
2006-10-02 19:59 86,068 --a------ C:\WINNT\system32\nckxanot.dll
2006-10-02 19:34 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys
2006-10-02 18:45 86,068 --a------ C:\WINNT\system32\inuafead.dll
2006-10-02 18:38 86,068 --a------ C:\WINNT\system32\ewodsvqn.dll
2006-09-30 16:08 86,068 --a------ C:\WINNT\system32\nmosbxgp.dll
2006-09-30 15:50 86,068 --a------ C:\WINNT\system32\ftjxjeaj.dll
2006-09-30 15:28 86,068 --a------ C:\WINNT\system32\objweggv.dll
2006-09-30 13:59 86,068 --a------ C:\WINNT\system32\akhgvajx.dll
2006-09-30 13:51 86,068 --a------ C:\WINNT\system32\wvdekvdb.dll
2006-09-30 13:23 86,068 --a------ C:\WINNT\system32\opglwhqp.dll
2006-09-30 13:12 86,068 --a------ C:\WINNT\system32\dhvdnrgi.dll
2006-09-29 21:09 918 --a------ C:\WINNT\system32\winpfg32.sys
2006-09-29 08:02 73,748 --a------ C:\WINNT\system32\inyrdrsi.dll
2006-09-28 06:53 0 --a------ C:\WINNT\Duce6.exe
2006-09-27 21:46 790,000 -r-hs---- C:\WINNT\ltbptqfA.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-21 17:21 -------- d-a------ C:\Program Files\Common Files
2006-10-12 22:12 -------- d-------- C:\Documents and Settings\Lawrence Luecke\Application Data\TrojanHunter
2006-10-12 21:33 -------- d-------- C:\Program Files\TrojanHunter 4.6
2006-10-11 21:22 -------- d-------- C:\Program Files\Internet Explorer
2006-10-11 21:14 -------- d-------- C:\Documents and Settings\Lawrence Luecke\Application Data\Sun
2006-10-11 21:13 -------- d-------- C:\Program Files\Java
2006-10-11 21:09 -------- d-------- C:\Program Files\Common Files\Java
2006-10-08 13:17 0 --a------ C:\WINNT\system32\pmnnooo.dll
2006-10-05 07:27 0 --a------ C:\WINNT\system32\nnnlmlk.dll
2006-10-04 21:08 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-04 21:01 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-28 06:25 -------- d-------- C:\Program Files\Outlook Express
2006-09-27 21:05 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-15 16:16 53248 --a------ C:\WINNT\uni_e6h.exe
2006-09-01 21:18 0 --a------ C:\WINNT\system32\62752_netapi.exe
2006-09-01 19:24 0 --a------ C:\WINNT\system32\23737_netapi.exe
2006-09-01 19:08 0 --a------ C:\WINNT\system32\22817_netapi.exe
2006-09-01 18:57 0 --a------ C:\WINNT\system32\45074_netapi.exe
2006-09-01 03:41 8464 --a------ C:\WINNT\system32\sporder.dll
2006-08-28 17:37 0 --a------ C:\WINNT\system32\71076_netapi.exe
2006-08-28 16:51 0 --a------ C:\WINNT\system32\81502_netapi.exe
2006-08-28 15:35 0 --a------ C:\WINNT\system32\73771_netapi.exe
2006-08-28 15:19 0 --a------ C:\WINNT\system32\78165_netapi.exe
2006-08-28 15:15 0 --a------ C:\WINNT\system32\02401_netapi.exe
2006-08-28 15:09 0 --a------ C:\WINNT\system32\26663_netapi.exe
2006-08-28 15:01 0 --a------ C:\WINNT\system32\26424_netapi.exe
2006-08-28 14:50 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-28 14:49 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-28 14:32 0 --a------ C:\WINNT\system32\04006_netapi.exe
2006-08-27 13:35 0 --a------ C:\WINNT\system32\48280_netapi.exe
2006-08-27 13:33 0 --a------ C:\WINNT\system32\04800_netapi.exe
2006-08-27 13:11 0 --a------ C:\WINNT\system32\18577_netapi.exe
2006-08-27 13:07 0 --a------ C:\WINNT\system32\54368_netapi.exe
2006-08-27 12:51 0 --a------ C:\WINNT\system32\56225_netapi.exe
2006-08-27 12:50 0 --a------ C:\WINNT\system32\64624_netapi.exe
2006-08-27 12:40 0 --a------ C:\WINNT\system32\57355_netapi.exe
2006-08-27 12:33 0 --a------ C:\WINNT\system32\48580_netapi.exe
2006-08-27 12:33 0 --a------ C:\WINNT\system32\28546_netapi.exe
2006-08-27 12:23 0 --a------ C:\WINNT\system32\40555_netapi.exe
2006-08-27 12:19 0 --a------ C:\WINNT\system32\84752_netapi.exe
2006-08-27 12:16 0 --a------ C:\WINNT\system32\46012_netapi.exe
2006-08-27 12:13 0 --a------ C:\WINNT\system32\11388_netapi.exe
2006-08-27 12:11 0 --a------ C:\WINNT\system32\41843_netapi.exe
2006-08-27 10:54 0 --a------ C:\WINNT\system32\52128_netapi.exe
2006-08-27 10:49 0 --a------ C:\WINNT\system32\07483_netapi.exe
2006-08-27 10:29 0 --a------ C:\WINNT\system32\02067_netapi.exe
2006-08-27 09:32 0 --a------ C:\WINNT\system32\76057_netapi.exe
2006-08-26 23:13 0 --a------ C:\WINNT\system32\setup_73522.exe
2006-08-26 22:41 0 --a------ C:\WINNT\system32\75875_netapi.exe
2006-08-26 22:12 0 --a------ C:\WINNT\system32\68761_netapi.exe
2006-08-26 21:52 0 --a------ C:\WINNT\system32\01116_netapi.exe
2006-08-26 21:39 0 --a------ C:\WINNT\system32\40862_netapi.exe
2006-08-26 21:35 0 --a------ C:\WINNT\system32\66831_netapi.exe
2006-08-26 21:16 0 --a------ C:\WINNT\system32\40236_netapi.exe
2006-08-26 20:44 0 --a------ C:\WINNT\system32\32147_netapi.exe
2006-08-26 20:31 0 --a------ C:\WINNT\system32\75771_netapi.exe
2006-08-26 20:19 0 --a------ C:\WINNT\system32\34183_netapi.exe
2006-08-26 20:09 0 --a------ C:\WINNT\system32\75077_netapi.exe
2006-08-26 20:02 0 --a------ C:\WINNT\system32\15838_netapi.exe
2006-08-26 19:54 0 --a------ C:\WINNT\system32\42010_netapi.exe
2006-08-26 19:44 0 --a------ C:\WINNT\system32\31067_netapi.exe
2006-08-26 19:34 0 --a------ C:\WINNT\system32\45710_netapi.exe
2006-08-26 19:31 0 --a------ C:\WINNT\system32\63638_netapi.exe
2006-08-26 19:26 0 --a------ C:\WINNT\system32\71148_netapi.exe
2006-08-26 19:15 0 --a------ C:\WINNT\system32\06157_netapi.exe
2006-08-26 18:55 0 --a------ C:\WINNT\system32\51084_netapi.exe
2006-08-26 18:48 0 --a------ C:\WINNT\system32\72750_netapi.exe
2006-08-26 18:15 0 --a------ C:\WINNT\system32\17111_netapi.exe
2006-08-26 17:45 0 --a------ C:\WINNT\system32\36276_netapi.exe
2006-08-26 17:30 0 --a------ C:\WINNT\system32\46766_netapi.exe
2006-08-26 17:23 0 --a------ C:\WINNT\system32\75253_netapi.exe
2006-08-26 17:02 0 --a------ C:\WINNT\system32\57402_netapi.exe
2006-07-28 13:52 0 --a------ C:\WINNT\system32\hqghumea.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SpySweeper"=""
"ntdll.dll"="\"C:\\Program Files\\PSDream\\PSDream.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"LoadQM"="loadqm.exe"
"Repair Registry Pro"="C:\\Program Files\\Repair Registry Pro\\RepairRegistryPro.exe -s"
"winapildr"="c:\\windows\\drivers\\ias\\[bleep].bat"
"TPP Auto Loader"="C:\\WINNT\\TPPALDR.EXE"
"Synchronization Manager"="mobsync.exe /logon"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"RelevantKnowledge"="c:\\winnt\\system32\\rlvknlg.exe -boot"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NeroCheck"="C:\\WINNT\\System32\\NeroCheck.exe"
"Ms Java for Windows NT"="mguard.exe"
"ltbptqfA"="C:\\WINNT\\ltbptqfA.exe"
"HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
"HPHmon04"="C:\\WINNT\\System32\\hphmon04.exe"
"HPDJ Taskbar Utility"="C:\\WINNT\\System32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"EPSON PictureMate"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2P1.EXE /P17 \"EPSON PictureMate\" /O6 \"USB001\" /M \"PictureMate\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"a-winpoet-service"="\"C:\\Program Files\\WinPoET Broadband Connection\\winpppoverethernet.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.6\\THGuard.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3c,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,10,03,00,00,1f,00,00,00,e0,00,00,00,d6,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Ms Update WinServices NT/XP"="winservnt32.exe"
"Ms Java for Windows NT"="mguard.exe"
"ziiw"="C:\\PROGRA~1\\COMMON~1\\ziiw\\ziiwm.exe"
"xqnyq"="C:\\WINNT\\system32\\cddgpq.exe reg_run"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\Norton AntiVirus - Scan my computer - Lawrence Luecke.job

Completion time: Sat 2006-10-21 17:49:59.84
C:\ComboFix.txt ... 06-10-21 17:49
C:\ComboFix2.txt ... 06-10-21 17:10

Logfile of HijackThis v1.99.1
Scan saved at 6:20:53 PM, on 10/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\config\msconfig\taskmgr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\hphmon04.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.n...a...&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [winapildr] c:\windows\drivers\ias\[bleep].bat
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKLM\..\Run: [ltbptqfA] C:\WINNT\ltbptqfA.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [ntdll.dll] "C:\Program Files\PSDream\PSDream.exe"
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinlpes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_home
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143225708926
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\MSupdate.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - C:\WINNT\system32\config\msconfig\taskmgr.exe

Ad-Aware SE Personal
Adobe Photoshop 7.0
Canon Camera TWAIN Driver 6.0
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
ccCommon
CleanUp!
Dial 4.0
DiMAGE Viewer
EarthLink Software
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON PictureMate User's Guide
EPSON Printer Software
Film Factory
Generic 6-in-1 USB Card Reader Driver v1.7
Google Toolbar for Internet Explorer
HijackThis 1.99.1
hp instant support
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
KONICA_MINOLTA DiMAGE remote camera driver
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft Office XP Professional with FrontPage
MSN Messenger 5.0
Nero
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Panda ActiveScan
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PowerDVD
Prevx1
QuickTime
RealPlayer Basic
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
TPP Storage Driver Installation
TrojanHunter 4.6
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
Windows 2000 Hotfix - KB823980
Windows 2000 Hotfix - KB842773
Windows Installer 3.1 (KB893803)
WinZip
  • 0

#4
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi pwt5,

Some malware is interfering with the HijackThis scan. Could you navigate to C:\HJT\HijackThis.exe and rename HijackThis.exe to Analyse.exe, in future this is the program name that I will be referring to when I instruct you to run HijackThis.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please post the contents of the SmitfraudFix report, C:\vundofix.txt and a new HiJackThis log in a reply to this thread.

Thanks.
  • 0

#5
pwt5

pwt5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
SmitFraudFix v2.113

Scan done at 21:00:41.58, Mon 10/23/2006
Run from C:\Documents and Settings\Lawrence Luecke\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lawrence Luecke


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Lawrence Luecke\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



VundoFix V6.2.6

Checking Java version...

Java version is 1.5.0.6

Scan started at 9:03:57 PM 10/23/2006

Listing files found while scanning....

C:\WINNT\system32\akhgvajx.dll
C:\WINNT\system32\dhvdnrgi.dll
C:\WINNT\system32\ewodsvqn.dll
C:\WINNT\system32\ftjxjeaj.dll
C:\WINNT\system32\galkjexe.dll
C:\WINNT\system32\inuafead.dll
C:\WINNT\system32\inyrdrsi.dll
C:\WINNT\system32\nckxanot.dll
C:\WINNT\system32\nmosbxgp.dll
C:\WINNT\system32\objweggv.dll
C:\WINNT\system32\opglwhqp.dll
C:\WINNT\system32\tnmgaytb.dll
C:\WINNT\system32\wvdekvdb.dll

Beginning removal...

Attempting to delete C:\WINNT\system32\akhgvajx.dll
C:\WINNT\system32\akhgvajx.dll Has been deleted!

Attempting to delete C:\WINNT\system32\dhvdnrgi.dll
C:\WINNT\system32\dhvdnrgi.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ewodsvqn.dll
C:\WINNT\system32\ewodsvqn.dll Has been deleted!

Attempting to delete C:\WINNT\system32\ftjxjeaj.dll
C:\WINNT\system32\ftjxjeaj.dll Has been deleted!

Attempting to delete C:\WINNT\system32\galkjexe.dll
C:\WINNT\system32\galkjexe.dll Has been deleted!

Attempting to delete C:\WINNT\system32\inuafead.dll
C:\WINNT\system32\inuafead.dll Has been deleted!

Attempting to delete C:\WINNT\system32\inyrdrsi.dll
C:\WINNT\system32\inyrdrsi.dll Has been deleted!

Attempting to delete C:\WINNT\system32\nckxanot.dll
C:\WINNT\system32\nckxanot.dll Has been deleted!

Attempting to delete C:\WINNT\system32\nmosbxgp.dll
C:\WINNT\system32\nmosbxgp.dll Has been deleted!

Attempting to delete C:\WINNT\system32\objweggv.dll
C:\WINNT\system32\objweggv.dll Has been deleted!

Attempting to delete C:\WINNT\system32\opglwhqp.dll
C:\WINNT\system32\opglwhqp.dll Has been deleted!

Attempting to delete C:\WINNT\system32\tnmgaytb.dll
C:\WINNT\system32\tnmgaytb.dll Has been deleted!

Attempting to delete C:\WINNT\system32\wvdekvdb.dll
C:\WINNT\system32\wvdekvdb.dll Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 9:32:02 PM, on 10/23/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\config\msconfig\taskmgr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\System32\hphmon04.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\WINNT\system32\wuauclt.exe
C:\HJT\Analyse.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.n...a...&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [winapildr] c:\windows\drivers\ias\[bleep].bat
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RelevantKnowledge] c:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKLM\..\Run: [ltbptqfA] C:\WINNT\ltbptqfA.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [ntdll.dll] "C:\Program Files\PSDream\PSDream.exe"
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinlpes.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_home
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143225708926
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\MSupdate.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - C:\WINNT\system32\config\msconfig\taskmgr.exe


Ad-Aware SE Personal
Adobe Photoshop 7.0
Canon Camera TWAIN Driver 6.0
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
ccCommon
CleanUp!
Dial 4.0
DiMAGE Viewer
EarthLink Software
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON PictureMate User's Guide
EPSON Printer Software
Film Factory
Generic 6-in-1 USB Card Reader Driver v1.7
Google Toolbar for Internet Explorer
HijackThis 1.99.1
hp instant support
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
KONICA_MINOLTA DiMAGE remote camera driver
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft Office XP Professional with FrontPage
MSN Messenger 5.0
Nero
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Panda ActiveScan
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PowerDVD
Prevx1
QuickTime
RealPlayer Basic
Security Update for Windows 2000 (KB904706)
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
TPP Storage Driver Installation
TrojanHunter 4.6
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
Windows 2000 Hotfix - KB823980
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921883
Windows Installer 3.1 (KB893803)
WinZip
  • 0

#6
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi pwt5,

Your computer is compromised by several infections that steal passwords and compromise system security. If at all possible DO NOT use this infected computer for any banking or sensitive data needs. When you have completed the following instructions, I would strongly recommend that you change any passwords that are used or stored on this computer.

Please download the Killbox by Option^Explicit and Save it to your desktop.

Note: In the event you already have Killbox, this is a new version that I need you to download.

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

You will need to print out a copy of these instructions, or save them to NotePad and put a shortcut to the file on the desktop so that you can refer to while you complete this procedure.

Please follow these instructions exactly as I have them listed. If there is anything that you don't understand please post back with any questions before proceding.

Repair Registry Pro is considered a questionable scanner, you can find out more about this here. I would recommend to keep it included it in the list below.

Serv-U FTP Server - If you did not install this application I would recommend to keep it included it in the list below, you can find out more about this here.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s << See above comments
O4 - HKLM\..\Run: [RelevantKnowledge] c:\winnt\system32\rlvknlg.exe -boot
O4 - HKLM\..\Run: [Ms Java for Windows NT] mguard.exe
O4 - HKLM\..\Run: [ltbptqfA] C:\WINNT\ltbptqfA.exe
O4 - HKCU\..\Run: [ntdll.dll] "C:\Program Files\PSDream\PSDream.exe"
O4 - Startup: TA_Start.lnk = C:\WINNT\system32\dwdsregt.exe
O4 - Startup: Think-Adz.lnk = C:\WINNT\system32\pwinlpes.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\MSupdate.exe (file missing) << See above comments
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - C:\WINNT\system32\config\msconfig\taskmgr.exe

Now close all windows other than HiJackThis (including any browser windows), then click Fix Checked.

Boot into Safe Mode: You can do this by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Go to Start then Run and type this in the box: sc delete TskHlp
Then do the same for sc delete Serv-U if you did not install Serv-U FTP Server.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Repair Registry Pro
C:\Program Files\PSDream

Please double-click Killbox.exe to run it.
  • Select: Delete on Reboot then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\winnt\system32\rlvknlg.exe
    C:\WINNT\ltbptqfA.exe
    C:\WINNT\system32\mguard.exe
    C:\WINNT\system32\dwdsregt.exe
    C:\WINNT\system32\pwinlpes.exe
    C:\WINNT\system32\SMTUPAPI.DLL
    C:\WINNT\system32\txpmib.dll
    C:\WINNT\system32\kmdbene.dll
    C:\WINNT\system32\wbstream.dll
    C:\WINNT\system32\vtmdbg.dll
    C:\WINNT\system32\wfspdmod.dll
    C:\WINNT\system32\biowsewm.dll
    C:\WINNT\system32\oT48lihu1848.dll
    C:\WINNT\system32\ozexl32.dll
    C:\Documents and Settings\Lawrence Luecke\Application Data\Sskdmns.dll
    C:\WINNT\absatpi.dll
    C:\WINNT\system32\fgiii.ini2
    C:\WINNT\system32\tnmgaytb.dll
    C:\WINNT\system32\galkjexe.dll
    C:\WINNT\system32\nckxanot.dll
    C:\WINNT\system32\inuafead.dll
    C:\WINNT\system32\ewodsvqn.dll
    C:\WINNT\system32\nmosbxgp.dll
    C:\WINNT\system32\ftjxjeaj.dll
    C:\WINNT\system32\objweggv.dll
    C:\WINNT\system32\akhgvajx.dll
    C:\WINNT\system32\wvdekvdb.dll
    C:\WINNT\system32\opglwhqp.dll
    C:\WINNT\system32\dhvdnrgi.dll
    C:\WINNT\system32\winpfg32.sys
    C:\WINNT\system32\inyrdrsi.dl
    C:\WINNT\Duce6.exe
    C:\WINNT\ltbptqfA.exe
    C:\WINNT\system32\pmnnooo.dll
    C:\WINNT\system32\nnnlmlk.dll
    C:\WINNT\uni_e6h.exe
    C:\WINNT\system32\62752_netapi.exe
    C:\WINNT\system32\23737_netapi.exe
    C:\WINNT\system32\22817_netapi.exe
    C:\WINNT\system32\45074_netapi.exe
    C:\WINNT\system32\71076_netapi.exe
    C:\WINNT\system32\81502_netapi.exe
    C:\WINNT\system32\73771_netapi.exe
    C:\WINNT\system32\78165_netapi.exe
    C:\WINNT\system32\02401_netapi.exe
    C:\WINNT\system32\26663_netapi.exe
    C:\WINNT\system32\26424_netapi.exe
    C:\WINNT\system32\04006_netapi.exe
    C:\WINNT\system32\48280_netapi.exe
    C:\WINNT\system32\04800_netapi.exe
    C:\WINNT\system32\18577_netapi.exe
    C:\WINNT\system32\54368_netapi.exe
    C:\WINNT\system32\56225_netapi.exe
    C:\WINNT\system32\64624_netapi.exe
    C:\WINNT\system32\57355_netapi.exe
    C:\WINNT\system32\48580_netapi.exe
    C:\WINNT\system32\28546_netapi.exe
    C:\WINNT\system32\40555_netapi.exe
    C:\WINNT\system32\84752_netapi.exe
    C:\WINNT\system32\46012_netapi.exe
    C:\WINNT\system32\11388_netapi.exe
    C:\WINNT\system32\41843_netapi.exe
    C:\WINNT\system32\52128_netapi.exe
    C:\WINNT\system32\07483_netapi.exe
    C:\WINNT\system32\02067_netapi.exe
    C:\WINNT\system32\76057_netapi.exe
    C:\WINNT\system32\75875_netapi.exe
    C:\WINNT\system32\68761_netapi.exe
    C:\WINNT\system32\01116_netapi.exe
    C:\WINNT\system32\40862_netapi.exe
    C:\WINNT\system32\66831_netapi.exe
    C:\WINNT\system32\40236_netapi.exe
    C:\WINNT\system32\32147_netapi.exe
    C:\WINNT\system32\75771_netapi.exe
    C:\WINNT\system32\34183_netapi.exe
    C:\WINNT\system32\75077_netapi.exe
    C:\WINNT\system32\15838_netapi.exe
    C:\WINNT\system32\42010_netapi.exe
    C:\WINNT\system32\31067_netapi.exe
    C:\WINNT\system32\45710_netapi.exe
    C:\WINNT\system32\63638_netapi.exe
    C:\WINNT\system32\71148_netapi.exe
    C:\WINNT\system32\06157_netapi.exe
    C:\WINNT\system32\51084_netapi.exe
    C:\WINNT\system32\72750_netapi.exe
    C:\WINNT\system32\17111_netapi.exe
    C:\WINNT\system32\36276_netapi.exe
    C:\WINNT\system32\46766_netapi.exe
    C:\WINNT\system32\75253_netapi.exe
    C:\WINNT\system32\57402_netapi.exe
    C:\WINNT\system32\hqghumea.dll
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

After that, Reboot back into Safe Mode. You can do this by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

IMPORTANT: Do not open any other windows or programs while AVG Anti-spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows.

Please do an online scan with Kaspersky WebScanner

Please note: You must use Internet Explorer for this as it uses an ActiveX component.

This scan may take a while to complete, so please be patient and let it finish.

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
Open Nortons Antivirus and update so that you have the latest file signatures. Let me know if you cannot download the latest file signatures.

Please post the contents of the AVG Anti-Spyware text report, the Kaspersky results that you saved and a new HiJackThis log.

Thanks.
  • 0

#7
pwt5

pwt5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Octagonal,

I started following your directions from the top. . .I downloaded killbox and saved to desktop. I downloaded AVG Anti-Spyware to the desktop. . . I went to open and update AVG Anti-Spyware and that's where I started to run into problems. The program wouldn't open because my CPU usage shot right up to 100% and the program would 'Not Respond". Any ideas?
  • 0

#8
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
pwt5,

Continue without updating AVG Anti-Spyware. Let me know if you still run into problems.
  • 0

#9
pwt5

pwt5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Octagonal,

I let the computer sit overnight and I was able to update AVG the next morning. I was able to work through the remaining instructions without much problems.

A couple notes. . . .I did receive the message "PendingFileRenameOperations". . . I did update Norton AV definitions.

Now, on with the reports. . . .

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:46:27 PM 10/25/2006

+ Scan result:



C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Lawrence Luecke\Cookies\lawrence [email protected][1].txt -> TrackingCookie.Zedo : Cleaned.


::Report end


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, October 26, 2006 6:40:53 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/10/2006
Kaspersky Anti-Virus database records: 235001
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 25420
Number of viruses found: 40
Number of infected objects: 228 / 0
Number of suspicious objects: 1
Duration of the scan process: 01:20:17

Infected Object Name / Virus Name / Last Action
C:\!KillBox\absatpi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ek skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Symantec\LiveUpdate\2006-10-25_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users.WINNT\Application Data\Symantec\LiveUpdate\Log.LiveUpdate Object is locked skipped
C:\Documents and Settings\Default User.WINNT\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Default User.WINNT\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Default User.WINNT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lawrence Luecke\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lawrence Luecke\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Lawrence Luecke\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Lawrence Luecke\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Lawrence Luecke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lawrence Luecke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lawrence Luecke\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lawrence Luecke\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lawrence Luecke\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Lawrence Luecke\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\025B2A6D.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\025E546A.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\027F427F.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\03E051B4.exe Infected: Backdoor.Win32.SdBot.alg skipped
C:\Program Files\Norton AntiVirus\Quarantine\047D4782.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0481717F.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0622776B.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\06252167.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07E84377.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\07EE1770.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08266133.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08290B2F.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\08856F56.exe Infected: Backdoor.IRC.Shiznat skipped
C:\Program Files\Norton AntiVirus\Quarantine\08891952.exe Infected: Backdoor.Win32.Mechbot.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\09C4356B.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\09C85F67.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0AF801E6.exe Infected: Backdoor.Win32.SdBot.alg skipped
C:\Program Files\Norton AntiVirus\Quarantine\0BAB0720.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\0EF85E8B.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F7E17F8.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F8141F4.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\14F44891.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Program Files\Norton AntiVirus\Quarantine\153E31DC.exe Infected: Backdoor.Win32.SdBot.alg skipped
C:\Program Files\Norton AntiVirus\Quarantine\167C396C.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\167F6368.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\175F2AEE.exe Infected: Backdoor.Win32.SdBot.xd skipped
C:\Program Files\Norton AntiVirus\Quarantine\1A2D2F5A.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\1A315957.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\1A3C33AC.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Program Files\Norton AntiVirus\Quarantine\1A9E1F40.exe Infected: Trojan-Downloader.Win32.VB.ang skipped
C:\Program Files\Norton AntiVirus\Quarantine\1EA66D1F.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F035808.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F060205.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\1FD02E8C.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\205667F9.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\205E1366.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\20623D62.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\20946C99.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\209B4092.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\20E87A55.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Program Files\Norton AntiVirus\Quarantine\23606F3B.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\23664334.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\236A6D30.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\237A3F1E.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\252C0F41.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\2530393D.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\273825DC.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\273B4FD8.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe/data.rar/IpcScan.exe Infected: HackTool.Win32.IpcScan.150 skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe/data.rar/lock.bat Infected: Trojan.BAT.NoShare.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe/data.rar/MSupdate.exe Infected: Backdoor.Win32.ServU-based skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe/data.rar/nero.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe/data.rar/psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe/data.rar/scansql.exe Infected: not-a-virus:NetTool.Win32.SQLAccount.180 skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe/data.rar/devcheck.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe/data.rar Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe RarSFX: infected - 8 skipped
C:\Program Files\Norton AntiVirus\Quarantine\294963D0.exe CryptFF: infected - 8 skipped
C:\Program Files\Norton AntiVirus\Quarantine\299E2772.exe Infected: HackTool.Win32.IpcScan.150 skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar/scansql.exe Infected: not-a-virus:NetTool.Win32.SQLAccount.180 skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar/scvhost.exe Infected: Backdoor.Win32.ServU-based skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar/devcheck2.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar/devcheck.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar/DFind.exe Infected: not-a-virus:NetTool.Win32.DFind skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar/IpcScan.exe Infected: HackTool.Win32.IpcScan.150 skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar/lsass.exe Infected: Backdoor.Win32.mIRC-based skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar/mirc.ini Infected: Backdoor.IRC.Zapchast skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar/psexec.exe Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe/data.rar Infected: not-a-virus:RiskTool.Win32.PsExec.131 skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe RarSFX: infected - 10 skipped
C:\Program Files\Norton AntiVirus\Quarantine\29C84944.exe CryptFF: infected - 10 skipped
C:\Program Files\Norton AntiVirus\Quarantine\29D57135.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.3017 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A25640F.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A2C3808.exe Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B766A55.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B7A1451.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B8F2A3B.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B957E34.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\2BA73FCA.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C2C4BEF.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C461BD3.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C5019C8.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C5D41BA.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C9E0972.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2CAB3163.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2D2442DE.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2D3414CC.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2D6F088C.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2D830476.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DCE4A23.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2DDB7215.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E3A33AD.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E505994.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E5A5789.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E9A42E1.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E9C1F41.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E9D6CDD.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EB66F24.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EF40CE0.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F0134D2.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F0E5CC3.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F524E78.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2F607669.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2FA7121A.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\2FBB0E05.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\30925D92.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3098318B.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\30A6726D.exe Infected: Trojan-Downloader.Win32.Dyfuca.fb skipped
C:\Program Files\Norton AntiVirus\Quarantine\30B8380A.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\33A3699E.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\33B0118F.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\33E12A4D.exe Infected: Backdoor.Win32.Rbot.bif skipped
C:\Program Files\Norton AntiVirus\Quarantine\3A4224F6.exe Infected: Backdoor.Win32.IRCBot.wo skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4A215F.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3F4D4B5B.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\3FE5293E.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Program Files\Norton AntiVirus\Quarantine\4024081F.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\423E0F08.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.de skipped
C:\Program Files\Norton AntiVirus\Quarantine\445B3DCC.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\445E67C8.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\486E22FF.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Program Files\Norton AntiVirus\Quarantine\4ADB4C55.exe Infected: Trojan-Downloader.Win32.VB.afa skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D5F1A2A.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D624427.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\506A4E36.txt Infected: Trojan-Downloader.Win32.Agent.aol skipped
C:\Program Files\Norton AntiVirus\Quarantine\5216287D.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\521C7C76.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\52202672.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\5223506E.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\529F2DC8.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\Program Files\Norton AntiVirus\Quarantine\52B17D3D.exe Infected: Backdoor.Win32.Mechbot.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\52B75136.exe Infected: Backdoor.IRC.Shiznat skipped
C:\Program Files\Norton AntiVirus\Quarantine\52BB7B32.exe Infected: Backdoor.IRC.Shiznat skipped
C:\Program Files\Norton AntiVirus\Quarantine\52CD7996.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\Program Files\Norton AntiVirus\Quarantine\54962604.exe Infected: HackTool.Win32.IpcScan.150 skipped
C:\Program Files\Norton AntiVirus\Quarantine\54EF5BD7.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\54F205D3.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\55881295.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\Program Files\Norton AntiVirus\Quarantine\559650D5.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\58DE0F20.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\59034761.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\59B433FE.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Program Files\Norton AntiVirus\Quarantine\59E853C4.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A96039F.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\5A992D9C.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\5B3D5E1C.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BB1630C.exe Infected: Backdoor.Win32.Mechbot.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\5DC5445E.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\5DFD4F46.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E1E7322.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E351909.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E4240FB.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E7F1D91.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\5E964378.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F166A11.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\5F3039F4.exe Infected: Backdoor.Win32.Rbot.bar skipped
C:\Program Files\Norton AntiVirus\Quarantine\60AC56A2.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\60AF009F.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\62BE4A52.exe Infected: Backdoor.Win32.Mechbot.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\62C1744F.exe Infected: Backdoor.IRC.Shiznat skipped
C:\Program Files\Norton AntiVirus\Quarantine\633E0116.exe Infected: Backdoor.Win32.SdBot.alg skipped
C:\Program Files\Norton AntiVirus\Quarantine\66236A96.exe Infected: Backdoor.Win32.Mechbot.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\66261493.exe Infected: Backdoor.IRC.Shiznat skipped
C:\Program Files\Norton AntiVirus\Quarantine\665107B4.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Program Files\Norton AntiVirus\Quarantine\695947AD.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ew skipped
C:\Program Files\Norton AntiVirus\Quarantine\695947AD.exe NSIS: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\695947AD.exe CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\695F1BA6.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Norton AntiVirus\Quarantine\695F1BA6.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Norton AntiVirus\Quarantine\695F1BA6.exe NSIS: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\695F1BA6.exe CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B8D7937.exe Infected: Backdoor.Win32.Rbot.af skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C0A7820.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\6C104C19.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\6CB4615C.exe Infected: Backdoor.Win32.Mechbot.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\6CB80B58.exe Infected: Backdoor.IRC.Shiznat skipped
C:\Program Files\Norton AntiVirus\Quarantine\70A45949.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\72355600.exe Infected: Backdoor.Win32.IRCBot.vm skipped
C:\Program Files\Norton AntiVirus\Quarantine\73020099.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\Program Files\Norton AntiVirus\Quarantine\74DC28F7.exe Infected: Backdoor.Win32.SdBot.alg skipped
C:\Program Files\Norton AntiVirus\Quarantine\7508183B.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\750B4237.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\77CE0809.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\77D13206.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\77F25745.exe Infected: Backdoor.Win32.Rbot.adf skipped
C:\Program Files\Norton AntiVirus\Quarantine\79CA1156.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\79FD54C8.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A007EC4.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A4E2D49.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A515745.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A7F6438.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7A830E35.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D7F19BF.exe Infected: Backdoor.Win32.Mechbot.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D9229B1.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D9553AD.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D976245.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D976245.exe/data0005 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D976245.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D976245.exe NSIS: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7D976245.exe CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7DD633C4.bat Infected: Trojan.BAT.NoShare.p skipped
C:\Program Files\Norton AntiVirus\Quarantine\7DFB5537.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E5D40CB.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E6E12B9.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\7E8B0C98.exe Infected: not-a-virus:NetTool.Win32.DFind skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EAC3074.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EBF2C5F.exe Infected: not-a-virus:NetTool.Win32.SQLAccount.180 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EC92A54.exe Infected: not-a-virus:NetTool.Win32.SQLAccount.180 skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F82178F.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\Program Files\Norton AntiVirus\Quarantine\7F86418B.exe Infected: Backdoor.Win32.Rbot.bhq skipped
C:\VundoFix Backups\akhgvajx.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\dhvdnrgi.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\ewodsvqn.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\ftjxjeaj.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\galkjexe.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\inuafead.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\nckxanot.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\nmosbxgp.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\objweggv.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\opglwhqp.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\tnmgaytb.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\VundoFix Backups\wvdekvdb.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\security\logs\scepol.log Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{0B5D40A1-85B6-4C78-B617-5F28D0B026B2}.bin Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\default Object is locked skipped
C:\WINNT\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINNT\system32\config\msconfig\taskmgr.exe Suspicious: Packed.Win32.CryptExe skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\software Object is locked skipped
C:\WINNT\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\system Object is locked skipped
C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\WINNT\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINNT\system32\MSupdate.exe_tobedeleted Infected: not-a-virus:Server-FTP.Win32.Serv-U.5201 skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 7:01:41 AM, on 10/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\config\msconfig\taskmgr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\hphmon04.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\WINNT\system32\wuauclt.exe
C:\HJT\Analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.n...a...&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [winapildr] c:\windows\drivers\ias\[bleep].bat
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_home
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143225708926
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\MSupdate.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - C:\WINNT\system32\config\msconfig\taskmgr.exe




Ad-Aware SE Personal
Adobe Photoshop 7.0
AVG Anti-Spyware 7.5
Canon Camera TWAIN Driver 6.0
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
ccCommon
CleanUp!
Dial 4.0
DiMAGE Viewer
DirectX 8 Hotfix - KB839643
EarthLink Software
EPSON CardMonitor
EPSON PhotoStarter3.0
EPSON PictureMate User's Guide
EPSON Printer Software
Film Factory
Generic 6-in-1 USB Card Reader Driver v1.7
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for MDAC 2.53 (KB911562)
hp instant support
HP Photo and Imaging 1.0 - HP Photosmart Printer Series
Internet Explorer Q903235
Internet Worm Protection
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
KONICA_MINOLTA DiMAGE remote camera driver
LiveReg (Symantec Corporation)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft Office XP Professional with FrontPage
MSN Messenger 5.0
Nero
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SCSSDist MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
Panda ActiveScan
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
PowerDVD
Prevx1
QuickTime
RealPlayer Basic
Security Update for Windows 2000 (KB904706)
Security Update for Windows Media Player (KB911564)
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
TPP Storage Driver Installation
TrojanHunter 4.6
USB Storage Adapter (TPP)
USB Storage Adapter V2 (TPP)
USB Storage Adapter V3 (TPP)
Windows 2000 Hotfix - KB823980
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB890046
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921883
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB924191
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
WinZip



Thanks for all of your help so far!!
  • 0

#10
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi pwt5,

Good work :whistling:

Could you Open HijackThis and perform a scan. Take a look at this entry, the forums software detects this filename as something unsavoury and inserts "[bleep]" instead of the real filename. I need to know what the actual filename is.

O4 - HKLM\..\Run: [winapildr] c:\windows\drivers\ias\[bleep].bat

Could you let me know what the real name is by putting a "-" in between the letters in your next reply. Something like "s-o-m-e-f-i-l-e.bat"

Then close HijackThis

Those scans aren't too bad mostly cookies and Quarantined entries in Nortons.

Go to Start then Run and type this in the box: cmd

A command propmt dialog box will open, then type the following (make sure you press the Enter key after typing each line)

sc stop Serv-U
sc delete Serv-U
sc stop TskHlp
sc delete TskHlp

Reboot the computer.

Please remove all of the entries in the Quarantine area of Nortons Antivirus.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Post a fresh HijackThis log and let me know the real filename that I asked for.

Thanks.
  • 0

Advertisements


#11
pwt5

pwt5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Hijack entry from your last message with - inserted. . . .

O4 - HKLM\..\Run: [winapildr] c:\windows\drivers\ias\f-u-c-k.bat

I receive a message when I try to do the cmd prompts. . . .

"'sc' is not recognized as an internal or extermal command, operable program or batch file"

please help with this issue. . . .THANK YOU!
  • 0

#12
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi pwt5,

Those command instructions should work so lets try this a little bit differently. I believe that the unsavoury batch file has something to do with this.

C:\WINNT\system32\config\msconfig\taskmgr.exe

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [winapildr] c:\windows\drivers\ias\[bleep].bat << [bleep] will really be the other name.
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\MSupdate.exe (file missing)
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - C:\WINNT\system32\config\msconfig\taskmgr.exe

Now close all windows other than HiJackThis (including any browser windows), then click Fix Checked.

Reboot into safe mode, you can do this by restarting your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please double-click Killbox.exe to run it.
  • Select: Delete on Reboot then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    Please delete the "-" in the first filename before you copy and paste it.

    c:\windows\drivers\ias\f-u-c-k.bat
    C:\WINNT\system32\MSupdate.exe
    C:\WINNT\system32\config\msconfig\taskmgr.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Go to Start then Run and type this in the box: cmd

A command propmt dialog box will open.

At the end of the command prompt line type:

CD\

Then press the Enter key.

The blinking cursor should now appear on a new line immediately after the C:\

Then type the following (make sure you press the Enter key after typing each line):

sc stop Serv-U
sc delete Serv-U
sc stop TskHlp
sc delete TskHlp

Reboot the computer.

Let me know if you have any problems performing these steps.

Please post a new HijackThis log and tell me how your computer is now behaving.

Thanks.
  • 0

#13
pwt5

pwt5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
I followed directions successful until I got to the command directions. . . .I am still unable to run the prompts you had requested. Please see attached word file with a print-screen of my command prompts and responses.

Computer seems to be slugish, or very slow with responding. I have attached an updated HJT log. . . let me know what else I can do. Thanks!!

Logfile of HijackThis v1.99.1
Scan saved at 10:43:37 PM, on 11/1/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TPPALDR.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\TrojanHunter 4.6\THGuard.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wuauclt.exe
C:\HJT\Analyse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cgi.verizon.n...a...&bm=ho_home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer customized for Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINNT\TPPALDR.EXE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINNT\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [EPSON PictureMate] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [a-winpoet-service] "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://cgi.verizon.net/bookmarks/bmredir.asp?region=east&bw=dialin&cd=4.0&bm=ho_home
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1143225708926
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINNT\System32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Serv-U FTP Server (Serv-U) - Unknown owner - C:\WINNT\system32\MSupdate.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Task Manager Help (TskHlp) - Unknown owner - C:\WINNT\system32\config\msconfig\taskmgr.exe (file missing)

Attached Files


  • 0

#14
Octagonal

Octagonal

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,528 posts
Hi pwt5,

Lets see what is hiding here...

Download and Save Blacklight to your desktop (choose "I ACCEPT" then click "DOWNLOAD" on the website).

Double-click blbeta.exe then accept the agreement, click > "Scan" then > "Next".

You'll see a list of all items found. There will also be a log on your desktop with the name "fsbl.xxxxxxxxxxxxxx.log" (the xxxxxxxxxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Download WinPFind2.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind2 on your desktop.
  • Open the folder and double-click on winpfind2.exe to start the program.
  • Click on the Services tab.
  • From the two drop down boxes next to Filter list:, on the left one choose List all type of services and on the right one choose List all services.
  • Click on the Configuration tab.
  • Keep the standard settings and then in the AddOn-Options box click the checkboxes for
    • HKCU_IEDesktop.def
    • Policies.def
    • SID_Run_Policies.def
    to select them.
  • Under File Options click Select All
  • Under Other Options put a check to both Show All boxes
  • Please maximize the window in order to be able to view the Status Bar where you can see the progress of the scan.
  • Now click the Run All Scans button on the toolbar.
  • When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.
Please post the requested logs.

Thanks.
  • 0

#15
pwt5

pwt5

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
reports you requested . . . .

11/02/06 19:46:27 [Info]: BlackLight Engine 1.0.47 initialized
11/02/06 19:46:27 [Info]: OS: 5.0 build 2195 (Service Pack 4)
11/02/06 19:46:28 [Note]: 7019 4
11/02/06 19:46:28 [Note]: 7005 0
11/02/06 19:46:41 [Note]: 7006 0
11/02/06 19:46:41 [Note]: 7011 856
11/02/06 19:46:42 [Note]: 7026 0
11/02/06 19:46:42 [Note]: 7026 0
11/02/06 19:47:22 [Note]: FSRAW library version 1.7.1020
11/02/06 19:56:28 [Note]: 7007 0



Logfile created on: 11/02/2006 20:13
WinPFind2 by OldTimer - Version 1.0.12 Folder = C:\Documents and Settings\Lawrence Luecke\Desktop\WinPFind2\
Microsoft Windows 2000 Service Pack 4 (Version = 5.0.2195)
Internet Explorer (Version = 6.0.2600.0000)


< All Processes >
\systemroot\system32\smss.exe - (Microsoft Corporation )
\??\c:\winnt\system32\csrss.exe - (Microsoft Corporation )
\??\c:\winnt\system32\winlogon.exe - (Microsoft Corporation )
c:\winnt\system32\services.exe - (Microsoft Corporation )
c:\winnt\system32\lsass.exe - (Microsoft Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST -K RPCSS] - (Microsoft Corporation )
(RpcSs) C:\WINNT\system32\rpcss.dll - (Microsoft Corporation )
c:\winnt\system32\spoolsv.exe - (Microsoft Corporation )
c:\program files\symantec\liveupdate\aluschedulersvc.exe - (Symantec Corporation )
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe - (Anti-Malware Development a.s. )
c:\program files\common files\symantec shared\ccsetmgr.exe - (Symantec Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS] - (Microsoft Corporation )
(EventSystem) C:\WINNT\System32\es.dll - (Microsoft Corporation )
(Netman) C:\WINNT\System32\netman.dll - (Microsoft Corporation )
(NtmsSvc) C:\WINNT\System32\NtmsSvc.dll - (Microsoft Corporation )
(RasAuto) C:\WINNT\System32\rasauto.dll - (Microsoft Corporation )
(RasMan) C:\WINNT\System32\rasmans.dll - (Microsoft Corporation )
(RemoteAccess) C:\WINNT\System32\mprdim.dll - (Microsoft Corporation )
(SENS) C:\WINNT\system32\sens.dll - (Microsoft Corporation )
(SharedAccess) C:\WINNT\System32\ipnathlp.dll - (Microsoft Corporation )
(TapiSrv) C:\WINNT\System32\tapisrv.dll - (Microsoft Corporation )
(WZCSVC) C:\WINNT\System32\wzcsvc.dll - (Microsoft Corporation )
c:\program files\norton antivirus\navapsvc.exe - (Symantec Corporation )
c:\program files\norton antivirus\iwp\npfmntor.exe - (Symantec Corporation )
c:\winnt\system32\mstask.exe - (Microsoft Corporation )
c:\program files\common files\symantec shared\sndsrvc.exe - (Symantec Corporation )
c:\program files\common files\symantec shared\spbbc\spbbcsvc.exe - (Symantec Corporation )
c:\winnt\explorer.exe - (Microsoft Corporation )
c:\winnt\system32\stisvc.exe - (Microsoft Corporation )
c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe - (Symantec Corporation )
c:\winnt\system32\wbem\winmgmt.exe - (Microsoft Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K WUGROUP] - (Microsoft Corporation )
(wuauserv) C:\WINNT\system32\wuauserv.dll - (Microsoft Corporation )
c:\program files\common files\symantec shared\ccevtmgr.exe - (Symantec Corporation )
c:\winnt\system32\svchost.exe [C:\WINNT\SYSTEM32\SVCHOST.EXE -K BITSGROUP] - (Microsoft Corporation )
(BITS) C:\WINNT\System32\qmgr.dll - (Microsoft Corporation )
c:\winnt\tppaldr.exe - (In-System Design, Inc. )
c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe - (Hewlett-Packard )
c:\program files\real\realplayer\realplay.exe - (RealNetworks, Inc. )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\winnt\system32\hphmon04.exe - (Hewlett-Packard )
c:\winnt\system32\spool\drivers\w32x86\3\hpztsb05.exe - (HP )
c:\program files\hewlett-packard\hp share-to-web\hpgs2wnf.exe - ( )
c:\winnt\system32\spool\drivers\w32x86\3\e_s4i2p1.exe - (SEIKO EPSON CORPORATION )
c:\program files\common files\symantec shared\ccapp.exe - (Symantec Corporation )
c:\program files\java\jre1.5.0_06\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\program files\trojanhunter 4.6\thguard.exe - (Mischel Internet Security )
c:\program files\epson\epson cardmonitor\epson cardmonitor1.1.exe - (SEIKO EPSON CORPORATION )
c:\program files\internet explorer\iexplore.exe - (Microsoft Corporation )
c:\documents and settings\lawrence luecke\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )

< Registry Entries >

[>> Internet Explorer Settings <<]
HKLM->Main\\Start Page - http://www.microsoft...p...ER}&ar=home
HKLM->Main\\Default_Page_URL - http://cgi.verizon.n...a...&bm=ho_home
HKLM->Main\\Default_Search_URL - http://www.microsoft...amp;ar=iesearch
HKLM->Main\\Local Page - %SystemRoot%\system32\blank.htm
HKCU->Main\\Start Page - http://www.google.com/
HKCU->Main\\Default_Page_URL - http://start.earthlink.net
HKCU->Main\\Local Page - C:\WINNT\System32\blank.htm
HKLM->Search\\CustomizeSearch - http://ie.search.msn...st/srchcust.htm
HKLM->Search\\SearchAssistant - http://ie.search.msn...st/srchasst.htm
HKCU->URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
HKCU->Internet Settings\\ProxyEnable - 0
HKCU->Internet Settings\\ProxyOverride - 127.0.0.1;<local>

[>> BHO's <<]

[>> Internet Explorer Bars, Toolbars and Extensions <<]

[HKLM-> Internet Explorer Bars]
{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )
{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - Real.com = C:\WINNT\System32\Shdocvw.dll (Microsoft Corporation )

[HKCU-> Internet Explorer Bars]
{30D02401-6A81-11D0-8274-00C04FD5AE38} - Search Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll (Microsoft Corporation )
{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation )

[HKLM-> Internet Explorer ToolBars]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc. )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINNT\System32\msdxm.ocx ( )
{D7F30B62-8269-41AF-9539-B2697FA7D77E} - EarthLink Toolbar = C:\Program Files\EarthLink TotalAccess\PnEL.dll (EarthLink, Inc. )

[HKCU-> Internet Explorer ToolBars]
ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

[HKCU-> Internet Explorer CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8196 - Sun Java Console
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - 8193 - Reg Data - Key not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 8194 - Reg Data - Value does not exist
NextId - 8197

[HKLM-> Internet Explorer Extensions]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc. )
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} (HKCU CLSID) - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc. )
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - ButtonText: Real.com = Reg Data - Value does not exist (File not found)
CmdMapping - MenuText: Reg Data - Value does not exist = Reg Data - Key not found (File not found)

[HKCU-> Internet Explorer Menu Extensions]
&AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML (File not found)
&Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html (Google Inc. )
&Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html (Google Inc. )
Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html (Google Inc. )
Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html (Google Inc. )
E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation )
Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html (Google Inc. )
Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html (Google Inc. )

[>> Approved Shell Extensions (Non-Microsoft only) <<]

[HKLM-> Approved Shell Extensions]
{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll (File not found)
{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = Reg Data - Key not found (File not found)
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = Reg Data - Key not found (File not found)
{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINNT\System32\hticons.dll (Hilgraeve, Inc. )
{A4DF5659-0801-4A60-9607-1C48695EFDA9} - Share-to-Web Upload Folder = C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL (Hewlett-Packard )
{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} - TrojanHunter Menu Shell Extension = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )

[>> ContextMenuHandlers (Non-Microsoft only) <<]

[HKLM-> ContextMenuHandlers]
* - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
* - Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
* - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
* - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Directory - AVG Anti-Spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s. )
Directory - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
Directory - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )
Folder - Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation )
Folder - TrojanHunter - {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.6\contmenu.dll ( )
Folder - WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc. )

[>> ColumnHandlers (Non-Microsoft only) <<]

[HKLM-> ColumnHandlers]

[>> File Associations Keys <<]
HKLM->SOFTWARE\Classes\.bat\\'' - batfile
HKLM->SOFTWARE\Classes\batfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.cmd\\'' - cmdfile
HKLM->SOFTWARE\Classes\cmdfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.com\\'' - comfile
HKLM->SOFTWARE\Classes\comfile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.exe\\'' - exefile
HKLM->SOFTWARE\Classes\exefile\shell\open\command\\'' - "%1" %*
HKLM->SOFTWARE\Classes\.hta\\'' - htafile
HKLM->SOFTWARE\Classes\htafile\shell\open\command\\'' - C:\WINNT\System32\mshta.exe "%1" %*
HKLM->SOFTWARE\Classes\.js\\'' - JSFile
HKLM->SOFTWARE\Classes\jsfile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.jse\\'' - JSEFile
HKLM->SOFTWARE\Classes\jsefile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.scr\\'' - scrfile
HKLM->SOFTWARE\Classes\scrfile\shell\open\command\\'' - "%1" /S
HKLM->SOFTWARE\Classes\.vbe\\'' - VBEFile
HKLM->SOFTWARE\Classes\vbefile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.vbs\\'' - VBSFile
HKLM->SOFTWARE\Classes\vbsfile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsf\\'' - WSFFile
HKLM->SOFTWARE\Classes\wsffile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.wsh\\'' - WSHFile
HKLM->SOFTWARE\Classes\wshfile\shell\open\command\\'' - C:\WINNT\System32\WScript.exe "%1" %*
HKLM->SOFTWARE\Classes\.txt\\'' - txtfile
HKLM->SOFTWARE\Classes\txtfile\shell\open\command\\'' - %SystemRoot%\system32\NOTEPAD.EXE %1

[>> Registry Run Keys <<]
HKLM->Run\\a-winpoet-service - "C:\Program Files\WinPoET Broadband Connection\winpppoverethernet.exe" (File not found)
HKLM->Run\\ccApp - "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation )
HKLM->Run\\EPSON PictureMate - C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2P1.EXE /P17 "EPSON PictureMate" /O6 "USB001" /M "PictureMate" (SEIKO EPSON CORPORATION )
HKLM->Run\\HPDJ Taskbar Utility - C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb05.exe (HP )
HKLM->Run\\HPHmon04 - C:\WINNT\System32\hphmon04.exe (Hewlett-Packard )
HKLM->Run\\HPHUPD04 - "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" (Hewlett-Packard )
HKLM->Run\\LoadQM - loadqm.exe (Microsoft Corporation )
HKLM->Run\\NeroCheck - C:\WINNT\System32\NeroCheck.exe (Ahead Software Gmbh )
HKLM->Run\\QuickTime Task - "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc. )
HKLM->Run\\RealTray - C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc. )
HKLM->Run\\Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard )
HKLM->Run\\SSC_UserPrompt - C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation )
HKLM->Run\\SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc. )
HKLM->Run\\Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation )
HKLM->Run\\Synchronization Manager - mobsync.exe /logon (Microsoft Corporation )
HKLM->Run\\THGuard - "C:\Program Files\TrojanHunter 4.6\THGuard.exe" (Mischel Internet Security )
HKLM->Run\\TPP Auto Loader - C:\WINNT\TPPALDR.EXE (In-System Design, Inc. )
HKLM->Run\OptionalComponents\IMAIL - Installed = 1
HKLM->Run\OptionalComponents\MAPI - Installed = 1
HKLM->Run\OptionalComponents\MSFS - Installed = 1
HKCU->Run\\SpySweeper - (File not found)

[>> Miscellaneous Startup Keys <<]

[AppInit DLLs]
AppInit_DLL - (File not found)

[Image File Execution Options]
Your Image File Name Here without a path - Debugger = ntsd -d

[Shell Service Object Delay Load]
Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll (Microsoft Corporation )
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll (Microsoft Corporation )
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation )

[Shell Execute Hooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s. )
{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation )

[Shared Task Scheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )
{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation )

[SafeBoot Option]

[HKLM Command Processor AutoRun]
HKLM->Command Processor\\AutoRun -

[HKCU Command Processor AutoRun]

[Security Providers]
SecurityProviders\\SecurityProviders - msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[BootExecute]
Session Manager\\BootExecute - autocheck autochk *;

[PendingFileRenameOperations]

[FileRenameOperations]

[ExcludeFromKnownDlls]
Session Manager\\ExcludeFromKnownDlls -

[>> Disabled MSConfig Items <<]

[>> User Agent Post Platform <<]

[>> Winlogon <<]
HMLM->AltDefaultDomainName - LLUECKE
HMLM->AltDefaultUserName - Lawrence Luecke
HMLM->AutoAdminLogon - 1
HMLM->DefaultDomainName - LLUECKE
HMLM->DefaultUserName - Lawrence Luecke
HKLM->Shell - explorer.exe (Microsoft Corporation )
HKLM->System - (File not found)
HMLM->UserInit - c:\winnt\system32\userinit.exe, (Microsoft Corporation )
HKLM->VMApplet - rundll32 shell32,Control_RunDLL "sysdm.cpl"
Notify\crypt32chain - crypt32.dll (Microsoft Corporation )
Notify\cryptnet - cryptnet.dll (Microsoft Corporation )
Notify\cscdll - cscdll.dll (Microsoft Corporation )
Notify\sclgntfy - sclgntfy.dll (Microsoft Corporation )
Notify\SensLogn - WlNotify.dll (Microsoft Corporation )
Notify\wzcnotif - wzcdlg.dll (Microsoft Corporation )

[>> DNS Name Servers <<]
{A16A77C7-5F3E-4C8B-B109-A15B299C71BA} - (Linksys LNE100TX(v5) Fast Ethernet Adapter)

[>> All Winsock2 Catalogs <<]
NameSpace_Catalog5\Catalog_Entries\000000000001 (Tcpip) - %SystemRoot%\System32\rnr20.dll (Microsoft Corporation )
NameSpace_Catalog5\Catalog_Entries\000000000002 (NTDS) - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )
Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\msafd.dll (Microsoft Corporation )

[>> Protocol Handlers (Non-Microsoft only) <<]
ipp - (File not found)
msdaipp - (File not found)
vnd.ms.radio - C:\WINNT\System32\msdxm.ocx ( )

[>> Protocol Filters (Non-Microsoft only) <<]

< All Services >
Abiosdsk (Abiosdsk) - (File not found)) [Disabled - Stopped - Kernel driver]
abp480n5 (abp480n5) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft ACPI Driver (ACPI) - \SystemRoot\System32\DRIVERS\ACPI.sys (Microsoft Corporation ) [ - Running - Kernel driver]
ACPIEC (ACPIEC) - (File not found)) [Disabled - Stopped - Kernel driver]
adpu160m (adpu160m) - (File not found)) [Disabled - Stopped - Kernel driver]
AFD Networking Support Environment (AFD) - \SystemRoot\System32\drivers\afd.sys (Microsoft Corporation ) [Automatic - Running - Kernel driver]
AFS2k (AFS2K) - (File not found)) [ - Running - Kernel driver]
Aha154x (Aha154x) - (File not found)) [Disabled - Stopped - Kernel driver]
aic116x (aic116x) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78u2 (aic78u2) - (File not found)) [Disabled - Stopped - Kernel driver]
aic78xx (aic78xx) - (File not found)) [Disabled - Stopped - Kernel driver]
Alerter (Alerter) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
ami0nt (ami0nt) - (File not found)) [Disabled - Stopped - Kernel driver]
amsint (amsint) - (File not found)) [Disabled - Stopped - Kernel driver]
AOL Spyware Protection Service (AOLService) - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Application Management (AppMgmt) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
asc (asc) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3350p (asc3350p) - (File not found)) [Disabled - Stopped - Kernel driver]
asc3550 (asc3550) - (File not found)) [Disabled - Stopped - Kernel driver]
ASCTRM (ASCTRM) - (File not found)) [Automatic - Running - Kernel driver]
RAS Asynchronous Media Driver (AsyncMac) - System32\DRIVERS\asyncmac.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Standard IDE/ESDI Hard Disk Controller (atapi) - \SystemRoot\System32\DRIVERS\atapi.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Atdisk (Atdisk) - (File not found)) [Disabled - Stopped - Kernel driver]
ATM ARP Client Protocol (Atmarpc) - System32\DRIVERS\atmarpc.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Audio Stub Driver (audstub) - System32\DRIVERS\audstub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Automatic LiveUpdate Scheduler (Automatic LiveUpdate Scheduler) - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ( ) [ - Running - Kernel driver]
AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s. ) [Automatic - Running - Win32, running in it's own process]
AVG Anti-Spyware Clean Driver (AvgAsCln) - System32\DRIVERS\AvgAsCln.sys (GRISOFT, s.r.o. ) [ - Running - Kernel driver]
Beep (Beep) - (File not found)) [ - Running - Kernel driver]
Background Intelligent Transfer Service (BITS) - C:\WINNT\System32\svchost.exe -k BITSgroup (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Computer Browser (Browser) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
BusLogic (BusLogic) - (File not found)) [Disabled - Stopped - Kernel driver]
Closed Caption Decoder (ccdecode) - system32\drivers\ccdecode.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Symantec Event Manager (ccEvtMgr) - "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Symantec Password Validation (ccPwdSvc) - "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (Symantec Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Symantec Settings Manager (ccSetMgr) - "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
cd20xrnt (cd20xrnt) - (File not found)) [Disabled - Stopped - Kernel driver]
Cdaudio (Cdaudio) - (File not found)) [ - Stopped - Kernel driver]
Cdfs (Cdfs) - (File not found)) [Disabled - Running - Filesystem driver]
CD-ROM Driver (Cdrom) - System32\DRIVERS\cdrom.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Changer (Changer) - (File not found)) [ - Stopped - Kernel driver]
Indexing Service (cisvc) - C:\WINNT\System32\cisvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
ClipBook (ClipSrv) - C:\WINNT\system32\clipsrv.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Cpqarray (Cpqarray) - (File not found)) [Disabled - Stopped - Kernel driver]
cpqarry2 (cpqarry2) - (File not found)) [Disabled - Stopped - Kernel driver]
cpqfcalm (cpqfcalm) - (File not found)) [Disabled - Stopped - Kernel driver]
cpqfws2e (cpqfws2e) - (File not found)) [Disabled - Stopped - Kernel driver]
dac960nt (dac960nt) - (File not found)) [Disabled - Stopped - Kernel driver]
deckzpsx (deckzpsx) - (File not found)) [Disabled - Stopped - Kernel driver]
DHCP Client (Dhcp) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Disk Driver (Disk) - \SystemRoot\System32\DRIVERS\disk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Diskperf (Diskperf) - (File not found)) [ - Running - Kernel driver]
Logical Disk Manager Administrative Service (dmadmin) - C:\WINNT\System32\dmadmin.exe /com (VERITAS Software Corp. ) [On Demand - Stopped - Win32, running in a shared process]
dmboot (dmboot) - System32\drivers\dmboot.sys (VERITAS Software Corp. ) [Disabled - Stopped - Kernel driver]
Logical Disk Manager Driver (dmio) - \SystemRoot\System32\drivers\dmio.sys (VERITAS Software Corp. ) [ - Running - Kernel driver]
dmload (dmload) - \SystemRoot\System32\drivers\dmload.sys (VERITAS Software Corp. ) [ - Running - Kernel driver]
Logical Disk Manager (dmserver) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Microsoft DirectMusic SW Synth (WDM) (DMusic) - system32\drivers\DMusic.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
DNS Client (Dnscache) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Dot4 HPH11 (Dot4 HPH11) - System32\DRIVERS\hphid411.sys (HP ) [On Demand - Stopped - Kernel driver]
Print Class Driver for IEEE-1284.4 HPH11 (Dot4Print HPH11) - System32\DRIVERS\hphipr11.sys (HP ) [On Demand - Stopped - Kernel driver]
Dot4Usb HPH11 (Dot4Usb HPH11) - System32\drivers\hphius11.sys (HP ) [On Demand - Stopped - Kernel driver]
EFS (EFS) - (File not found)) [Disabled - Running - Filesystem driver]
Creative AudioPCI (ES1371,ES1373) (WDM) (es1371) - system32\drivers\es1371mp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Event Log (Eventlog) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
COM+ Event System (EventSystem) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Fastfat (Fastfat) - (File not found)) [Disabled - Running - Filesystem driver]
Fax Service (Fax) - C:\WINNT\system32\faxsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Fd16_700 (Fd16_700) - (File not found)) [Disabled - Stopped - Kernel driver]
Floppy Disk Controller Driver (Fdc) - System32\DRIVERS\fdc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Fips (Fips) - (File not found)) [Automatic - Running - Kernel driver]
fireport (fireport) - (File not found)) [Disabled - Stopped - Kernel driver]
flashpnt (flashpnt) - (File not found)) [Disabled - Stopped - Kernel driver]
Floppy Disk Driver (Flpydisk) - System32\DRIVERS\flpydisk.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
FltMgr (FltMgr) - \SystemRoot\system32\drivers\fltmgr.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Volume Manager Driver (Ftdisk) - \SystemRoot\System32\DRIVERS\ftdisk.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Generic Packet Classifier (Gpc) - System32\DRIVERS\msgpc.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
i8042 Keyboard and PS/2 Mouse Port Driver (i8042prt) - System32\DRIVERS\i8042prt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
i81x (i81x) - System32\DRIVERS\i81xnt5.sys (Intel Corporation ) [On Demand - Running - Kernel driver]
ini910u (ini910u) - (File not found)) [Disabled - Stopped - Kernel driver]
IntelIde (IntelIde) - \SystemRoot\System32\DRIVERS\intelide.sys (Microsoft Corporation ) [ - Running - Kernel driver]
IP Traffic Filter Driver (IpFilterDriver) - System32\DRIVERS\ipfltdrv.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP in IP Tunnel Driver (IpInIp) - System32\DRIVERS\ipinip.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IP Network Address Translator (IpNat) - System32\DRIVERS\ipnat.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IPSEC driver (IPSEC) - System32\DRIVERS\ipsec.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
ipsraidn (ipsraidn) - (File not found)) [Disabled - Stopped - Kernel driver]
IR Enumerator Service (IRENUM) - System32\DRIVERS\irenum.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
PnP ISA/EISA Bus Driver (isapnp) - \SystemRoot\System32\DRIVERS\isapnp.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Keyboard Class Driver (Kbdclass) - System32\DRIVERS\kbdclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Microsoft Kernel Wave Audio Mixer (kmixer) - system32\drivers\kmixer.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
KSecDD (KSecDD) - (File not found)) [ - Running - Kernel driver]
Server (lanmanserver) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Workstation (lanmanworkstation) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
lbrtfdc (lbrtfdc) - (File not found)) [ - Stopped - Kernel driver]
LiveUpdate (LiveUpdate) - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (Symantec Corporation ) [On Demand - Stopped - Win32, running in it's own process]
TCP/IP NetBIOS Helper Service (LmHosts) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Linksys LNE100TX(v5) Fast Ethernet Adapter (lne100v5) - System32\DRIVERS\lne100v5.sys (LinkSys Group Inc. ) [On Demand - Running - Kernel driver]
lp6nds35 (lp6nds35) - (File not found)) [Disabled - Stopped - Kernel driver]
Messenger (Messenger) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Microsoft Security Login Service (Microsoft Security Login Service) - (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Microsoft update Service (Microsoft update Service) - (File not found)) [Automatic - Stopped - Win32, running in it's own process]
mnmdd (mnmdd) - (File not found)) [ - Running - Kernel driver]
NetMeeting Remote Desktop Sharing (mnmsrvc) - C:\WINNT\System32\mnmsrvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Modem (Modem) - (File not found)) [On Demand - Running - Kernel driver]
Mouse Class Driver (Mouclass) - System32\DRIVERS\mouclass.sys (Microsoft Corporation ) [ - Running - Kernel driver]
MountMgr (MountMgr) - (File not found)) [ - Running - Kernel driver]
BDA MPE Filter (MPE) - System32\DRIVERS\MPE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
mraid35x (mraid35x) - (File not found)) [Disabled - Stopped - Kernel driver]
MRXSMB (MRxSmb) - System32\DRIVERS\mrxsmb.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Distributed Transaction Coordinator (MSDTC) - C:\WINNT\System32\msdtc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Msfs (Msfs) - (File not found)) [ - Running - Filesystem driver]
Windows Installer (MSIServer) - C:\WINNT\system32\msiexec.exe /V (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Microsoft Streaming Service Proxy (MSKSSRV) - system32\drivers\MSKSSRV.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Clock Proxy (MSPCLOCK) - system32\drivers\MSPCLOCK.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Quality Manager Proxy (MSPQM) - system32\drivers\MSPQM.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft Streaming Tee/Sink-to-Sink Converter (MSTEE) - system32\drivers\MSTEE.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Mup (Mup) - (File not found)) [ - Running - Filesystem driver]
NABTS/FEC VBI Codec (NABTSFEC) - System32\DRIVERS\NABTSFEC.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Norton AntiVirus Auto-Protect Service (navapsvc) - "C:\Program Files\Norton AntiVirus\navapsvc.exe" (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
NAVENG (NAVENG) - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061101.019\NAVENG.Sys (Symantec Corporation ) [On Demand - Running - Kernel driver]
NAVEX15 (NAVEX15) - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061101.019\NavEx15.Sys (Symantec Corporation ) [On Demand - Running - Kernel driver]
Ncrc710 (Ncrc710) - (File not found)) [Disabled - Stopped - Kernel driver]
NDIS System Driver (NDIS) - (File not found)) [ - Running - Kernel driver]
Remote Access NDIS TAPI Driver (NdisTapi) - System32\DRIVERS\ndistapi.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Usermode I/O Protocol (Ndisuio) - System32\DRIVERS\ndisuio.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Remote Access NDIS WAN Driver (NdisWan) - System32\DRIVERS\ndiswan.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
NDIS Proxy (NDProxy) - (File not found)) [On Demand - Running - Kernel driver]
NetBIOS Interface (NetBIOS) - System32\DRIVERS\netbios.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
NetBios over Tcpip (NetBT) - System32\DRIVERS\netbt.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Network DDE (NetDDE) - C:\WINNT\system32\netdde.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Network DDE DSDM (NetDDEdsdm) - C:\WINNT\system32\netdde.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
NetDetect (NetDetect) - \SystemRoot\system32\drivers\netdtect.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Net Logon (Netlogon) - C:\WINNT\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Network Connections (Netman) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Norton AntiVirus Firewall Monitor Service (NPFMntor) - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Npfs (Npfs) - (File not found)) [ - Running - Filesystem driver]
Ntfs (Ntfs) - (File not found)) [Disabled - Running - Filesystem driver]
NT LM Security Support Provider (NtLmSsp) - C:\WINNT\System32\lsass.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Removable Storage (NtmsSvc) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Null (Null) - (File not found)) [ - Running - Kernel driver]
IPX Traffic Filter Driver (NwlnkFlt) - System32\DRIVERS\nwlnkflt.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
IPX Traffic Forwarder Driver (NwlnkFwd) - System32\DRIVERS\nwlnkfwd.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Microsoft USB Open Host Controller Driver (openhci) - System32\DRIVERS\openhci.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
OrangeWare USB 2.0 Root Hub Support (ousb2hub) - System32\DRIVERS\ousb2hub.sys (OrangeWare Corporation ) [On Demand - Running - Kernel driver]
NEC PCI to USB Enhanced Host Controller (ousbehci) - System32\Drivers\ousbehci.sys (OrangeWare Corporation ) [Automatic - Running - Kernel driver]
Parallel class driver (Parallel) - System32\DRIVERS\parallel.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Parallel port driver (Parport) - System32\DRIVERS\parport.sys (Microsoft Corporation ) [ - Running - Kernel driver]
PartMgr (PartMgr) - (File not found)) [ - Running - Kernel driver]
ParVdm (ParVdm) - (File not found)) [Automatic - Running - Kernel driver]
PCI Bus Driver (PCI) - \SystemRoot\System32\DRIVERS\pci.sys (Microsoft Corporation ) [ - Running - Kernel driver]
PCIDump (PCIDump) - (File not found)) [ - Stopped - Kernel driver]
PCIIde (PCIIde) - (File not found)) [Disabled - Stopped - Kernel driver]
Pcmcia (Pcmcia) - (File not found)) [Disabled - Stopped - Kernel driver]
Plug and Play (PlugPlay) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Pml Driver HPH11 (Pml Driver HPH11) - C:\WINNT\System32\HPHipm11.exe (HP ) [On Demand - Stopped - Win32, running in it's own process]
IPSEC Policy Agent (PolicyAgent) - C:\WINNT\System32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
WAN Miniport (PPTP) (PptpMiniport) - System32\DRIVERS\raspptp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Protected Storage (ProtectedStorage) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Direct Parallel Link Driver (Ptilink) - System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc. ) [On Demand - Running - Kernel driver]
ql1080 (ql1080) - (File not found)) [Disabled - Stopped - Kernel driver]
Ql10wnt (Ql10wnt) - (File not found)) [Disabled - Stopped - Kernel driver]
ql1240 (ql1240) - (File not found)) [Disabled - Stopped - Kernel driver]
ql2100 (ql2100) - (File not found)) [Disabled - Stopped - Kernel driver]
Remote Access Auto Connection Driver (RasAcd) - System32\DRIVERS\rasacd.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Remote Access Auto Connection Manager (RasAuto) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
WAN Miniport (L2TP) (Rasl2tp) - System32\DRIVERS\rasl2tp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Remote Access Connection Manager (RasMan) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
Direct Parallel (Raspti) - System32\DRIVERS\raspti.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Streaming Network Raw Channel Access (RCA) - system32\drivers\RCA.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Rdbss (Rdbss) - System32\DRIVERS\rdbss.sys (Microsoft Corporation ) [ - Running - Filesystem driver]
Digital CD Audio Playback Filter Driver (redbook) - System32\DRIVERS\redbook.sys (Microsoft Corporation ) [ - Stopped - Kernel driver]
Routing and Remote Access (RemoteAccess) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Remote Registry Service (RemoteRegistry) - C:\WINNT\system32\regsvc.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
Remote Procedure Call (RPC) Locator (RpcLocator) - C:\WINNT\System32\locator.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Remote Procedure Call (RPC) (RpcSs) - C:\WINNT\system32\svchost -k rpcss (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
QoS RSVP (RSVP) - C:\WINNT\System32\rsvp.exe -s (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Security Accounts Manager (SamSs) - C:\WINNT\system32\lsass.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
SAVRT (SAVRT) - \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SAVRTPEL (SAVRTPEL) - \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation ) [ - Running - Kernel driver]
SAVScan (SAVScan) - C:\Program Files\Norton AntiVirus\SAVScan.exe (Symantec Corporation ) [On Demand - Stopped - Win32, running in it's own process]
ScriptBlocking Service (SBService) - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (Symantec Corporation ) [Automatic - Stopped - Win32, running in it's own process]
Smart Card Helper (SCardDrv) - C:\WINNT\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Smart Card (SCardSvr) - C:\WINNT\System32\SCardSvr.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Task Scheduler (Schedule) - C:\WINNT\system32\MSTask.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
RunAs Service (seclogon) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
System Event Notification (SENS) - C:\WINNT\system32\svchost.exe -k netsvcs (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Serenum Filter Driver (serenum) - System32\DRIVERS\serenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Serial port driver (Serial) - System32\DRIVERS\serial.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Serv-U FTP Server (Serv-U) - C:\WINNT\system32\MSupdate.exe (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Sfloppy (Sfloppy) - (File not found)) [ - Stopped - Kernel driver]
sglfb (sglfb) - (File not found)) [ - Stopped - Kernel driver]
Internet Connection Sharing (SharedAccess) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [Disabled - Stopped - Win32, running in a shared process]
Simbad (Simbad) - (File not found)) [Disabled - Stopped - Kernel driver]
BDA Slip De-Framer (SLIP) - System32\DRIVERS\SLIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Symantec Network Drivers Service (SNDSrvc) - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Sparrow (Sparrow) - (File not found)) [Disabled - Stopped - Kernel driver]
SPBBCDrv (SPBBCDrv) - \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation ) [ - Running - Kernel driver]
Symantec SPBBCSvc (SPBBCSvc) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
Print Spooler (Spooler) - C:\WINNT\system32\spoolsv.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Srv (Srv) - System32\DRIVERS\srv.sys (Microsoft Corporation ) [On Demand - Running - Filesystem driver]
Still Image Service (StiSvc) - C:\WINNT\system32\stisvc.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
BDA IPSink (streamip) - System32\DRIVERS\StreamIP.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Software Bus Driver (swenum) - System32\DRIVERS\swenum.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft Kernel GS Wavetable Synthesizer (swmidi) - system32\drivers\swmidi.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Symantec Core LC (Symantec Core LC) - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (Symantec Corporation ) [Automatic - Running - Win32, running in it's own process]
symc810 (symc810) - (File not found)) [Disabled - Stopped - Kernel driver]
symc8xx (symc8xx) - (File not found)) [Disabled - Stopped - Kernel driver]
SYMDNS (SYMDNS) - \SystemRoot\System32\Drivers\SYMDNS.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SymEvent (SymEvent) - \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMFW (SYMFW) - \SystemRoot\System32\Drivers\SYMFW.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMIDS (SYMIDS) - \SystemRoot\System32\Drivers\SYMIDS.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMIDSCO (SYMIDSCO) - \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20061025.029\symidsco.sys (Symantec Corporation ) [On Demand - Running - Kernel driver]
symlcbrd (symlcbrd) - \??\C:\WINNT\System32\drivers\symlcbrd.sys (Symantec Corporation ) [Automatic - Running - Kernel driver]
SYMNDIS (SYMNDIS) - \SystemRoot\System32\Drivers\SYMNDIS.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMREDRV (SYMREDRV) - \SystemRoot\System32\Drivers\SYMREDRV.SYS (Symantec Corporation ) [On Demand - Running - Kernel driver]
SYMTDI (SYMTDI) - \SystemRoot\System32\Drivers\SYMTDI.SYS (Symantec Corporation ) [ - Running - Kernel driver]
sym_hi (sym_hi) - (File not found)) [Disabled - Stopped - Kernel driver]
Microsoft System Audio Device (sysaudio) - system32\drivers\sysaudio.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Performance Logs and Alerts (SysmonLog) - C:\WINNT\system32\smlogsvc.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
System Spooler Host (System Spooler Host) - (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Telephony (TapiSrv) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
TCP/IP Protocol Driver (Tcpip) - System32\DRIVERS\tcpip.sys (Microsoft Corporation ) [ - Running - Kernel driver]
tga (tga) - (File not found)) [ - Stopped - Kernel driver]
Telnet (TlntSvr) - C:\WINNT\system32\tlntsvr.exe (Microsoft Corporation ) [Disabled - Stopped - Win32, running in it's own process]
tmcomm (tmcomm) - \??\C:\WINNT\system32\drivers\tmcomm.sys (Trend Micro Inc. ) [Automatic - Running - Kernel driver]
USB Storage Adapter V3 (TPP) (TPP300) - System32\DRIVERS\TPP300.SYS (In-System Design, Inc. ) [On Demand - Stopped - Kernel driver]
Distributed Link Tracking Client (TrkWks) - C:\WINNT\system32\services.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Task Manager Help (TskHlp) - C:\WINNT\system32\config\msconfig\taskmgr.exe (File not found)) [Automatic - Stopped - Win32, running in it's own process]
Udfs (Udfs) - (File not found)) [Disabled - Stopped - Filesystem driver]
Microsoft USB Universal Host Controller Driver (uhcd) - System32\DRIVERS\uhcd.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
ultra66 (ultra66) - (File not found)) [Disabled - Stopped - Kernel driver]
Microcode Update Driver (Update) - System32\DRIVERS\update.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Uninterruptible Power Supply (UPS) - C:\WINNT\System32\ups.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
Microsoft USB Standard Hub Driver (usbhub) - System32\DRIVERS\usbhub.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Microsoft USB PRINTER Class (usbprint) - System32\DRIVERS\usbprint.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
USB Scanner Driver (usbscan) - System32\DRIVERS\usbscan.sys (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
USB Mass Storage Driver (USBSTOR) - System32\DRIVERS\USBSTOR.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Utility Manager (UtilMan) - C:\WINNT\System32\UtilMan.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in it's own process]
VgaSave (VgaSave) - \SystemRoot\System32\drivers\vga.sys (Microsoft Corporation ) [ - Running - Kernel driver]
Windows Time (W32Time) - C:\WINNT\System32\services.exe (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]
Remote Access IP ARP Driver (Wanarp) - System32\DRIVERS\wanarp.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
WAN Miniport (ATW) (wanatw) - System32\DRIVERS\wanatw4.sys (File not found)) [On Demand - Stopped - Kernel driver]
Microsoft WINMM WDM Audio Compatibility Driver (wdmaud) - system32\drivers\wdmaud.sys (Microsoft Corporation ) [On Demand - Running - Kernel driver]
Winacpci (Winacpci) - System32\DRIVERS\winacpci.sys (Conexant ) [On Demand - Running - Kernel driver]
Windows Management Instrumentation (WinMgmt) - C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation ) [Automatic - Running - Win32, running in it's own process]
Windows Management Instrumentation Driver Extensions (Wmi) - C:\WINNT\system32\Services.exe (Microsoft Corporation ) [On Demand - Running - Win32, running in a shared process]
iVasion PoET Adapter (WRSWanDD) - System32\DRIVERS\WrKPoETNic2000.sys ( ) [On Demand - Stopped - Kernel driver]
Windows Socket 2.0 Non-IFS Service Provider Support Environment (WS2IFSL) - \SystemRoot\System32\drivers\ws2ifsl.sys (Microsoft Corporation ) [Disabled - Stopped - Kernel driver]
World Standard Teletext Codec (WSTCODEC) - System32\DRIVERS\WSTCODEC.SYS (Microsoft Corporation ) [On Demand - Stopped - Kernel driver]
Automatic Updates (wuauserv) - C:\WINNT\system32\svchost.exe -k wugroup (Microsoft Corporation ) [Automatic - Running - Win32, running in a shared process]
Wireless Configuration (WZCSVC) - C:\WINNT\System32\svchost.exe -k netsvcs (Microsoft Corporation ) [On Demand - Stopped - Win32, running in a shared process]

< Files >

%SystemDrive%
C:\ComboFix2.txt - qoologic ( [Ver = | Size = 18193 bytes | Date = 10/21/2006 16:50 | Attr = ])

%ProgramFilesDir%

%WinDir%
C:\WINNT\pxinstall_log.txt - Umonitor ( [Ver = | Size = 49290 bytes | Date = 10/11/2006 18:44 | Attr = ])
C:\WINNT\tpwkjqa.exe - WSUD ( [Ver = | Size = 550000 bytes | Date = 12/12/1989 09:10 | Attr = RHS])

%System%
C:\WINNT\SYSTEM32\Libparse.exe - aspack ( [Ver = | Size = 29696 bytes | Date = 11/06/2005 15:18 | Attr = ])
C:\WINNT\SYSTEM32\mfc42u.dll - WSUD (Microsoft Corporation [Ver = 6.00.9586.0 | Size = 1011764 bytes | Date = 06/19/2003 13:05 | Attr = ])
C:\WINNT\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.21.1628.0 | Size = 9639336 bytes | Date = 10/04/2006 12:03 | Attr = ])
C:\WINNT\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.21.1628.0 | Size = 9639336 bytes | Date = 10/04/2006 12:03 | Attr = ])
C:\WINNT\SYSTEM32\MSupdate.exe_tobedeleted - aspack (Cat Soft [Ver = 5.2.0.1 | Size = 711168 bytes | Date = 11/12/2004 21:35 | Attr = ])
C:\WINNT\SYSTEM32\RASDLG.DLL - Umonitor (Microsoft Corporation [Ver = 5.00.2195.6920 | Size = 531216 bytes | Date = 01/12/2005 13:39 | Attr = ])
C:\WINNT\SYSTEM32\SrchSTS.exe - UPX! (S!Ri [Ver = | Size = 288417 bytes | Date = 04/27/2006 16:49 | Attr = ])
C:\WINNT\SYSTEM32\swreg.exe - UPX! (SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Date = 08/29/2006 18:43 | Attr = ])
C:\WINNT\SYSTEM32\swsc.exe - UPX! ( [Ver = | Size = 40960 bytes | Date = 01/09/2006 09:36 | Attr = ])
C:\WINNT\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 05/08/2001 06:00 | Attr = ])
C:\WINNT\SYSTEM32\xsys.dll - UPX! (influenced.net [Ver = 4.0.3.5 | Size = 39424 bytes | Date = 11/06/2005 15:14 | Attr = ])

%System%\Drivers folder and sub-folders

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINNT\ShellIconCache - ( [Ver = | Size = 552896 bytes | Date = 11/01/2006 22:07 | Attr = H ])
C:\WINNT\CSC\00000001 - ( [Ver = | Size = 64 bytes | Date = 11/02/2006 03:24 | Attr = S])
C:\WINNT\CSC\00000002 - ( [Ver = | Size = 64 bytes | Date = 10/23/2006 20:25 | Attr = S])
C:\WINNT\CSC\csc1.tmp - ( [Ver = | Size = 64 bytes | Date = 09/27/2006 18:13 | Attr = S])
C:\WINNT\inf\oem20.inf - ( [Ver = | Size = 0 bytes | Date = 10/14/2006 07:09 | Attr = H ])
C:\WINNT\system32\fgiii.ini - ( [Ver = | Size = 1074752 bytes | Date = 09/29/2006 12:35 | Attr = HS])
C:\WINNT\system32\config\DEFAULT.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/02/2006 19:12 | Attr = H ])
C:\WINNT\system32\config\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/02/2006 03:24 | Attr = H ])
C:\WINNT\system32\config\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/02/2006 11:48 | Attr = H ])
C:\WINNT\system32\config\SOFTWARE.LOG - ( [Ver = | Size = 1024 bytes | Date = 11/02/2006 19:57 | Attr = H ])
C:\WINNT\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 11/02/2006 03:24 | Attr = H ])

CPL files
C:\WINNT\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.00.2134.1 | Size = 67344 bytes | Date = 05/08/2001 06:00 | Attr = ])
C:\WINNT\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.00.2195.6624 | Size = 301328 bytes | Date = 06/19/2003 13:05 | Attr = ])
C:\WINNT\SYSTEM32\DESK.CPL -
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP