Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Advanced Cleaner hijack [RESOLVED]

Started by bman98 , Jan 26 2008 05:44 PM

This topic is locked

#1
bman98

Posted 26 January 2008 - 05:44 PM

New Member

Member
7 posts

Just started to have system problems.
Now I get various Hijacking when I launch IE6.
Adobe Acrobat, my HP printer driver and Symantec Antivirus were also problematic.
I uninstalled Acrobat, HP and cant uninstall the SAM.
I have a Lenovo T60 running XP Pro.
I hope you can help me....
Thanks in advance.
Here's the log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:07:19 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Cisco Systems\VPN client\cvpnd.exe
C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe
C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\A04665\My Documents\hijackthis\Hijackthis 2beta\HijackThis.exe

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O15 "IP_192.168.1.50" /M "Stylus C88"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Epson America Inc. -- EAI VPN Client.lnk = C:\Program Files\Cisco Systems\VPN client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...l?noreloadredir
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://D:\components\wmvhdrating.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EMP_NSMOSV - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe
O23 - Service: EMP_NSWLSV - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9336 bytes

#2
Rorschach112

Posted 26 January 2008 - 07:12 PM

Ralphie

Retired Staff
47,710 posts

Hello

Please download Deckard's System Scanner (DSS) and save it to your Desktop.

Close all other windows before proceeding.
Double-click on dss.exe and follow the prompts.
If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

#3
bman98

Posted 26 January 2008 - 07:32 PM

New Member

Topic Starter
Member
7 posts

Thanks for helping.
Here are the 2 reports.
This is Main..
Deckard's System Scanner v20071014.68
Run by A04665 on 2008-01-26 20:24:42
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
46: 2008-01-27 01:24:47 UTC - RP328 - Deckard's System Scanner Restore Point
45: 2008-01-26 21:58:06 UTC - RP327 - Removed ScanSoft PDF Professional 4
44: 2008-01-26 18:48:25 UTC - RP326 - System Checkpoint
43: 2008-01-25 14:18:57 UTC - RP325 - Installed ThinkPad Keyboard Customizer Utility
42: 2008-01-25 14:12:23 UTC - RP324 - Installed ThinkPad Keyboard Customizer Utility

-- First Restore Point --
1: 2008-01-22 03:27:04 UTC - RP283 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as A04665.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:26:45 PM, on 1/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Cisco Systems\VPN client\cvpnd.exe
C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe
C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\A04665\Desktop\dss.exe
C:\DOCUME~1\A04665\MYDOCU~1\HIJACK~1\HIJACK~1\A04665.exe

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {A051B1FF-8D7E-418B-AABE-4FF82F4280A2} - C:\WINDOWS\system32\ssqoljh.dll
O2 - BHO: (no name) - {AD56BA6B-D201-436B-86FC-277E740244C8} - C:\WINDOWS\system32\jkhfc.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O15 "IP_192.168.1.50" /M "Stylus C88"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Epson America Inc. -- EAI VPN Client.lnk = C:\Program Files\Cisco Systems\VPN client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...l?noreloadredir
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://D:\components\wmvhdrating.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O20 - Winlogon Notify: ssqoljh - C:\WINDOWS\SYSTEM32\ssqoljh.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EMP_NSMOSV - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe
O23 - Service: EMP_NSWLSV - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 9905 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 EMP_MAP (EPSON Network Presentation Driver Service) - c:\windows\system32\drivers\emp_map.sys
R1 EMP_MOMM (EPSON Network Presentation Service for Moderator) - c:\windows\system32\drivers\emp_momm.sys
R1 Smapint - c:\windows\system32\drivers\smapint.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R1 TDSMAPI - c:\windows\system32\drivers\tdsmapi.sys
R1 TSMAPIP - c:\windows\system32\drivers\tsmapip.sys
R2 PROCDD (IPS Helper Driver) - c:\windows\system32\drivers\procdd.sys <Not Verified; Lenovo Group Limited; Away Manager>
R2 smihlp (SMI helper driver) - c:\program files\thinkvantage fingerprint software\smihlp.sys <Not Verified; UPEK Inc.; ThinkVantage Fingerprint Software>
R3 Afc (PPdus ASPI Shell) - c:\windows\system32\drivers\afc.sys <Not Verified; Arcsoft, Inc.; Arcsoft® ASPI Shell>
R3 EMP_Mirr - c:\windows\system32\drivers\emp_mirr.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 EMP_MOMR - c:\windows\system32\drivers\emp_momr.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R3 lknuhst (Linksys Network USB Host Controller) - c:\windows\system32\drivers\lknuhst.sys <Not Verified; SerComm; Linksys Network USB Host Controller Driver>
R3 LKNUHUB (Linksys Network USB Root Hub) - c:\windows\system32\drivers\lknuhub.sys <Not Verified; SerComm; Linksys Network USB Hub Driver>
R3 NETGEARUHOST (NETGEAR Network USB Host Controller) - c:\windows\system32\drivers\netgearuhost.sys <Not Verified; SerComm; NETGEAR Network USB Host Controller>
R3 NETGEARUHUB (NETGEAR Network USB Root Hub) - c:\windows\system32\drivers\netgearuhub.sys <Not Verified; SerComm; NETGEAR Network USB Root Hub>

S3 Ndisprot (EP_NSWD NDIS Protocol Driver) - c:\windows\system32\drivers\ep_nswd.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 NSNDIS5 (NSNDIS5 NDIS Protocol Driver) - c:\windows\system32\nsndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); NetStumbler>
S3 PCTINDIS5 (PCTINDIS5 NDIS Protocol Driver) - c:\windows\system32\pctindis5.sys (file missing)
S3 vdisp - c:\windows\system32\drivers\emp_vd1.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 vdisp2 - c:\windows\system32\drivers\emp_vd2.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 vdisp3 - c:\windows\system32\drivers\emp_vd3.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
S3 vdisp4 - c:\windows\system32\drivers\emp_vd4.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 EMP_NSMOSV - c:\program files\common files\epson projector\emp_nsmosv.exe
R2 EMP_NSWLSV - c:\program files\epson projector\emp ns connection v2\emp_nswlsv.exe
R2 EpsonBidirectionalService - c:\program files\common files\epson\ebapi\eebsvc.exe <Not Verified; SEIKO EPSON CORPORATION; Enhanced EPSON Bi-directional API>
R2 IPSSVC (IPS Core Service) - c:\windows\system32\ipssvc.exe <Not Verified; Lenovo Group Limited; Away Manager>
R2 Multi-user Cleanup Service - "c:\program files\lotus\notes\ntmulti.exe" <Not Verified; IBM Corp; IBM Lotus Notes/Domino>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 TpKmpSVC (IBM KCU Service) - c:\windows\system32\tpkmpsvc.exe

S4 Lotus Notes Single Logon - "c:\program files\lotus\notes\nslsvice.exe" <Not Verified; IBM Corp; IBM Lotus Notes/Domino>
S4 RetroExp Helper (Retrospect Express HD Helper) - "c:\progra~1\retros~1\retros~1.1\rthlpsvc.exe" <Not Verified; EMC Dantz; Retrospect Express HD>
S4 RetroExpLauncher (Retrospect Express HD Launcher) - c:\progra~1\retros~1\retros~1.1\retrorun.exe <Not Verified; EMC Dantz; Retrospect Express HD>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

-- Scheduled Tasks -------------------------------------------------------------

2008-01-26 17:54:09 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job

-- Files created between 2007-12-26 and 2008-01-26 -----------------------------

2008-01-26 15:14:04 89152 --a------ C:\WINDOWS\system32\xwqpvaci.dll
2008-01-25 15:17:35 87104 --a------ C:\WINDOWS\system32\rteydrrk.dll
2008-01-24 11:13:31 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
2008-01-24 11:13:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\Intel
2008-01-24 11:13:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Intel
2008-01-24 10:40:56 0 d-------- C:\Program Files\MSBuild
2008-01-24 10:38:28 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-01-24 10:37:57 0 d-------- C:\Program Files\Reference Assemblies
2008-01-21 22:26:54 422120 --ahs---- C:\WINDOWS\system32\cfhkj.ini2
2008-01-21 22:26:50 334848 --a------ C:\WINDOWS\system32\jkhfc.dll
2008-01-21 22:22:53 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-01-21 22:21:49 38400 --a------ C:\WINDOWS\system32\ljjkjig.dll
2008-01-21 22:21:43 38400 --a------ C:\WINDOWS\system32\ssqoljh.dll
2008-01-21 22:21:36 0 d-------- C:\WINDOWS\system32\nGpxx01
2008-01-15 17:47:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2008-01-15 16:52:24 140800 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2008-01-14 21:48:16 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-01-03 10:34:20 0 d-------- C:\Program Files\EPDCalc
2008-01-02 12:27:07 150528 --a------ C:\WINDOWS\unSpySweeper.exe <Not Verified; Webroot Software, Inc.; >
2008-01-02 12:27:06 0 d-------- C:\Program Files\Webroot

-- Find3M Report ---------------------------------------------------------------

2008-01-26 16:58:13 0 d-------- C:\Program Files\Common Files
2008-01-25 09:04:13 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-25 09:04:05 0 d-------- C:\Program Files\Lenovo
2008-01-25 08:45:11 25024 --a------ C:\Documents and Settings\A04665\Application Data\GDIPFONTCACHEV1.DAT
2008-01-24 10:37:11 0 d-------- C:\Program Files\Messenger
2008-01-23 15:31:42 0 d-------- C:\Program Files\HP
2008-01-23 15:23:25 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-21 22:27:02 0 d-------- C:\Program Files\QuickTime
2008-01-21 22:26:59 0 d-------- C:\Program Files\Linksys Wireless-G Print Server
2008-01-21 22:26:57 0 d-------- C:\Program Files\Windows Defender
2008-01-21 22:26:56 0 d-------- C:\Program Files\ThinkVantage Fingerprint Software
2008-01-21 22:26:56 0 d-------- C:\Program Files\Symantec AntiVirus
2008-01-21 22:26:56 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-21 22:26:55 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-15 17:47:35 0 d-------- C:\Documents and Settings\A04665\Application Data\AdobeUM
2008-01-15 09:28:02 30707 --a------ C:\WINDOWS\nsreg.dat
2008-01-11 09:16:40 0 d-------- C:\Documents and Settings\A04665\Application Data\Adobe
2008-01-03 10:51:18 0 d-------- C:\Program Files\Viewpoint
2008-01-03 10:37:36 0 d-------- C:\Documents and Settings\A04665\Application Data\ScanSoft
2008-01-03 10:34:15 73216 --a------ C:\WINDOWS\ST6UNST.EXE <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-01 16:38:02 0 d-------- C:\Documents and Settings\A04665\Application Data\Real
2007-12-30 10:20:17 0 d-------- C:\Documents and Settings\A04665\Application Data\LimeWire
2007-12-25 15:07:42 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-12-25 15:04:01 0 d-------- C:\Program Files\DivX
2007-12-22 08:33:51 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-20 10:49:52 0 d-------- C:\Program Files\Common Files\EPSON
2007-12-11 17:34:56 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 17:33:14 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-12-07 18:28:42 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-12-05 07:34:01 0 d-------- C:\Program Files\Picasa2
2007-12-05 07:34:00 0 d-------- C:\Program Files\Google
2007-12-05 07:32:34 0 d-------- C:\Program Files\VisualRoute Lite Edition
2007-12-04 02:33:16 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-11-30 14:34:11 0 d-------- C:\Program Files\ExtractNow
2007-11-30 14:34:07 0 d-------- C:\Program Files\Windows Media Connect 2
2007-11-30 14:34:04 0 d-------- C:\Program Files\PCDR5
2007-11-30 14:34:01 0 d-------- C:\Program Files\Microsoft Location Finder
2007-11-30 14:34:01 0 d-------- C:\Program Files\LimeWire
2007-11-19 14:45:38 208896 --a------ C:\WINDOWS\system32\NetProvCredMan.dll <Not Verified; Intel Corporation; NetProvCredMan Dynamic Link Library>
2007-10-31 13:12:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}]
01/21/2008 10:21 PM 38400 --a------ C:\WINDOWS\system32\ssqoljh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD56BA6B-D201-436B-86FC-277E740244C8}]
01/21/2008 10:26 PM 334848 --a------ C:\WINDOWS\system32\jkhfc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" []
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" []
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" []
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" []
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" []
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" []
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" []
"TP4EX"="tp4ex.exe" [10/17/2005 03:11 AM C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" []
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" []
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" []
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" []
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []
"PSDiagnosticM"="C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" []
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" []
"BluetoothAuthenticationAgent"="bthprops.cpl" [08/04/2004 02:56 AM C:\WINDOWS\system32\bthprops.cpl]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [01/08/2007 12:50 PM]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" []
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" []
"ProjectorControl"="" []
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" []
"NPDTRAY"="C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [5/12/2007 1:25:05 AM]
Epson America Inc. -- EAI VPN Client.lnk - C:\Program Files\Cisco Systems\VPN client\vpngui.exe [5/1/2007 7:19:23 AM]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 3:01:04 AM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A051B1FF-8D7E-418B-AABE-4FF82F4280A2}"= C:\WINDOWS\system32\ssqoljh.dll [01/21/2008 10:21 PM 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 10/19/2006 04:08 AM 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 04/25/2006 09:20 PM 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqoljh]
ssqoljh.dll 01/21/2008 10:21 PM 38400 C:\WINDOWS\system32\ssqoljh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 09/06/2006 04:37 PM 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 12/14/2006 11:06 AM 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkhfc
"Notification Packages"= scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkhfc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network EPSON Stylus C120 Ser...]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.EXE /FU "C:\DOCUME~1\A04665\LOCALS~1\Temp\E_S38E.tmp" /EF "HKCU"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProjectorControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe /h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
"C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
"C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RetroExpLauncher"=2 (0x2)
"RetroExp Helper"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ERSvc"=2 (0x2)
"helpsvc"=2 (0x2)
"btwdins"=2 (0x2)
"BthServ"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73731e14-0729-11dc-925e-001641e6e4a7}]
AutoRun\command- E:\Loaderw.exe

-- Hosts -----------------------------------------------------------------------

192.168.1.140 HP000D9D1B5CD0
;
;
;
;
;
;
;
;
This is "Extra"

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™ Duo CPU T2500 @ 2.00GHz
CPU 1: Intel® Core™ Duo CPU T2500 @ 2.00GHz
Percentage of Memory in Use: 27%
Physical Memory (total/avail): 2046.36 MiB / 1486.99 MiB
Pagefile Memory (total/avail): 3938.52 MiB / 3568.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1934.55 MiB

C: is Fixed (NTFS) - 88.61 GiB total, 29.99 GiB free.
D: is CDROM (UDF)

\\.\PHYSICALDRIVE0 - ST910021AS - 93.16 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 88.61 GiB - C:
\PARTITION1 - Unknown - 4.55 GiB

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: Symantec AntiVirus Corporate Edition v10.1.5.5000 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Cisco Systems\\VPN client\\ipsecdialer.exe"="C:\\Program Files\\Cisco Systems\\VPN client\\ipsecdialer.exe:*:Enabled:EAI VPN Client"
"C:\\Program Files\\EPSON Projector\\EMP Monitor V4.10\\EMPMonitor.exe"="C:\\Program Files\\EPSON Projector\\EMP Monitor V4.10\\EMPMonitor.exe:*:Enabled:EMP Monitor V4.10"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\A04665\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=EPSON-EADC6B417
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\A04665
LOGONSERVER=\\EPSON-EADC6B417
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\ThinkPad\Utilities;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\;;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\Wireless\Bin\;C:\Program Files\Intel\Wireless\Bin\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 14 Stepping 12, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0e0c
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\A04665\LOCALS~1\Temp
TMP=C:\DOCUME~1\A04665\LOCALS~1\Temp
TPCCommon=C:\PROGRA~1\THINKV~2\PrdCtr
USERDOMAIN=EPSON-EADC6B417
USERNAME=A04665
USERPROFILE=C:\Documents and Settings\A04665
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

xpuser (new local, admin)
A04665 (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Access Help --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6FA39A7-26B1-480A-BC74-6D17531AC222}\setup.exe" -l0x9 UNINSTALL
ACT! 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Symantec\ACT\Uninst5.isu" -c"C:\Program Files\Symantec\ACT\UNINSTAL.DLL"
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
ArcSoft PhotoImpression 6 --> C:\Program Files\InstallShield Installation Information\{D03E7B00-CA85-4684-9321-1888873C34BD}\Setup.exe -runfromtemp -l0x0009 -removeonly
ArcSoft Print Creations --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}\Setup.exe" -l0x9
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5357
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ccc-Branding --> MsiExec.exe /I{7379FDD1-D0ED-4FF2-B168-E246772E731E}
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
EMP Monitor V4.10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E443863-1C81-4D8A-8099-0BF9DE4CDDE6}\setup.exe" -l0x9
EMP NS Connection V2.20 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A515955-A3D4-4FE6-98C0-E7987FF3279A}\setup.exe" -l0x9
EMP SlideMaker2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06DAA6C4-06F6-4D95-8BCF-7976C9196D74}\Setup.exe" -l0x9
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Esker Print to Fax for Notes --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7CB387BD-A22C-4FDB-94C3-F05F35BB8F5B}\Setup.exe" -l0x9 UNINSTALL
ExtractNow --> "C:\Program Files\ExtractNow\unins000.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\A04665\My Documents\hijackthis\Hijackthis 2beta\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IBM Lotus Sametime Connect 7.5 --> MsiExec.exe /I{4AA455FB-BFEE-473C-AA0E-4FDA505F6FB7}
IBM RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IDOL 1.2.0 --> C:\WINDOWS\eiunin2.exe "C:\EPSON\IDOL1.2.0\install.DAT"
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 3.6.2 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 4.12.15 --> "C:\Program Files\LimeWire\uninstall.exe"
Linksys Wireless-G Print Server --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C61244F9-C335-4EE4-BF7B-5CAB855555E3}\setup.exe" -l0x9 -removeonly
LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Lotus Notes 7.0.1 --> MsiExec.exe /I{C5C10BD4-49AA-4C25-ACE6-902A37ED51FF}
Maxtor OneTouch --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3EC91FDF-FE9A-43D5-96C4-8A9C24372500} /l1033
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
Microsoft ActiveSync 4.0 --> MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Location Finder --> MsiExec.exe /I{9D18F7F8-B984-4249-8512-CC621BC59F12}
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft Reader Text-to-Speech for English --> MsiExec.exe /X{E0E400F5-422B-4540-A14F-B0739D71FEE7}
Microsoft Streets & Trips 2006 --> MsiExec.exe /I{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Moderator --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC5F77D7-9821-4911-A6CB-0ACD85954B34}\setup.exe" -l0x9 -UnInstall
Mozilla Firefox (2.0.0.9) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
Netscape Communicator 4.51 --> C:\WINDOWS\cd32.exe 4.51 (en)
Network Stumbler 0.4.0 (remove only) --> "C:\Program Files\Network Stumbler\uninst.exe"
On Screen Display --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Outerinfo --> "C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe"
PC-Doctor 5 for Windows --> C:\Program Files\PCDR5\uninst.exe
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Presentation Director --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65706020-7B6F-41F2-8047-FC69579E386A}\Setup.exe" -l0x9 -AddRemove
Productivity Center Supplement for ThinkPad --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D728E945-256D-4477-B377-6BBA693714AC}\setup.exe" -l0x9 -AddRemove
Projection Distance Calculator --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\EPDCalc\ST6UNST.LOG"
Projector Control V1.00 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB112E15-F479-4D1D-A083-AD88211D6A5F}\Setup.exe" -l0x9 -UnInstall
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Retrospect Express HD 1.1 --> MsiExec.exe /I{A4952AA3-FCBF-4D28-9DC4-A3935FDC5805}
Salesforce.com Lotus Notes Edition 3.2 --> MsiExec.exe /X{6B81281F-38A3-4AA4-B198-81CF3BA32940}
salesforce.com Offline Edition 2.0 --> MsiExec.exe /X{C6EA8029-DF3F-4752-AC37-A88455F82000}
Software Installer --> swiif.exe /U
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Spy Sweeper --> C:\WINDOWS\unSpySweeper.exe
SwiftFile 3.0 --> MsiExec.exe /I{438C7648-31F3-4DAD-81C4-407893984D8D}
Symantec AntiVirus --> MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
Symantec Technical Support Web Controls --> MsiExec.exe /X{9743AF47-B746-4324-B4C4-512E67D04370}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad Bluetooth with Enhanced Data Rate Software --> MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
ThinkPad Configuration --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC081D4D-DF1B-4CF1-B530-027E4118D846}\setup.exe" -l0x9 -AddRemove
ThinkPad FullScreen Magnifier --> RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Keyboard Customizer Utility --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\Setup.exe" -l0x9 anything
ThinkPad Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad Power Management Driver --> RunDll32.exe tpinspm.dll,Uninstall
ThinkPad UltraNav Wizard --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\setup.exe" -l0x9 UNINSTALL
ThinkVantage Away Manager --> Rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\AWAYTASK.INF
ThinkVantage Productivity Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}\setup.exe" -l0x9 -AddRemove
TrackPoint Accessibility Features --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\setup.exe"
USB Storage Adapter FX (MXO) --> MXOun.exe MXOFX
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type11138 / Warning
Event Submitted/Written: 01/26/2008 05:32:49 PM
Event ID/Source: 1524 / Userenv
Event Description:
Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

Event Record #/Type11135 / Error
Event Submitted/Written: 01/26/2008 05:26:16 PM
Event ID/Source: 11706 / MsiInstaller
Event Description:
Product: Symantec AntiVirus -- Error 1706.No valid source could be found for product Symantec AntiVirus. The Windows Installer cannot continue.

Event Record #/Type11134 / Warning
Event Submitted/Written: 01/26/2008 05:26:07 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{33CFCF98-F8D6-4549-B469-6F4295676D83}', feature 'SAVUI' failed during request for component '{0ABF6425-272D-4795-9BD8-F2428110EC95}'

Event Record #/Type11133 / Warning
Event Submitted/Written: 01/26/2008 05:26:07 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{33CFCF98-F8D6-4549-B469-6F4295676D83}', feature 'SAVMain', component '{12ED2D07-8DEF-43FF-8C44-4F3AD17001A1}' failed. The resource 'C:\Program Files\Common Files\Symantec Shared\ccApp.exe' does not exist.

Event Record #/Type11131 / Error
Event Submitted/Written: 01/26/2008 05:03:36 PM
Event ID/Source: 10005 / MsiInstaller
Event Description:
Product: Symantec AntiVirus -- Internal Error 2318. C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\APTemp\AP1.html

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type65561 / Warning
Event Submitted/Written: 01/26/2008 07:53:55 PM
Event ID/Source: 7 / Print
Event Description:
Printer Network EPSON Stylus C120 Ser... was resumed.

Event Record #/Type65549 / Warning
Event Submitted/Written: 01/26/2008 05:56:17 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type65542 / Warning
Event Submitted/Written: 01/26/2008 05:42:33 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type65530 / Error
Event Submitted/Written: 01/26/2008 05:34:18 PM
Event ID/Source: 7034 / Service Control Manager
Event Description:
The Symantec AntiVirus Definition Watcher service terminated unexpectedly. It has done this 1 time(s).

Event Record #/Type65529 / Error
Event Submitted/Written: 01/26/2008 05:34:15 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for the Symantec AntiVirus service to connect.

-- End of Deckard's System Scanner: finished at 2008-01-26 20:27:11 ------------

-- End of Deckard's System Scanner: finished at 2008-01-26 20:27:11 ------------

#4
Rorschach112

Posted 27 January 2008 - 11:27 AM

Ralphie

Retired Staff
47,710 posts

Hello

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#5
bman98

Posted 27 January 2008 - 12:08 PM

New Member

Topic Starter
Member
7 posts

Hijack this report..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:03, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Cisco Systems\VPN client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe
C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\A04665\My Documents\hijackthis\Hijackthis 2beta\HijackThis.exe

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O15 "IP_192.168.1.50" /M "Stylus C88"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PSDiagnosticM] "C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe
O4 - HKCU\..\Run: [EPSON Stylus C120 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.EXE /FU "C:\WINDOWS\TEMP\E_S84.tmp" /EF "HKCU"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Epson America Inc. -- EAI VPN Client.lnk = C:\Program Files\Cisco Systems\VPN client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...l?noreloadredir
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://D:\components\wmvhdrating.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EMP_NSMOSV - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe
O23 - Service: EMP_NSWLSV - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 10222 bytes

:
:
:
:
ComboFix 08-01-23.1C - A04665 2008-01-27 12:49:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1492 [GMT -5:00]
Running from: C:\Documents and Settings\A04665\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\cfhkj.ini
C:\WINDOWS\system32\cfhkj.ini2
C:\WINDOWS\system32\icavpqwx.ini
C:\WINDOWS\system32\jkhfc.dll
C:\WINDOWS\system32\jkhfc.exe
C:\WINDOWS\system32\krrdyetr.ini
C:\WINDOWS\system32\ljjkjig.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rteydrrk.dll
C:\WINDOWS\system32\ssqoljh.dll
C:\WINDOWS\system32\xwqpvaci.dll

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.cõj+|Cü¤Ì›v÷+È@™JŸ:®½‰NêGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD
˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎGD_©½ºD˜QÄ{¶ÀzÎ÷+È@™JŸ:®½‰Nêõj+|Cü¤Ì›vad S-1-5-18`€HT4?? 6ÚVwoQZC¬¬D¢HÿóMsC:\WINDOWS\SoftwareDistribution\Download\0543369f973946d5c0fc0749cfd699e7\ab8cf6ef6cfe936ec965093704cf727a3f026d5d
.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 12:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 10:27 . 2008-01-27 10:33 <DIR> d-------- C:\Program Files\Linksys Wireless-G Print Server
2008-01-27 10:27 . 2006-10-18 18:32 37,248 --a------ C:\WINDOWS\system32\lknuhub.sys
2008-01-27 10:27 . 2006-10-18 18:32 11,648 --a------ C:\WINDOWS\system32\lknucmp.sys
2008-01-27 10:27 . 2006-10-18 18:35 1,393 --a------ C:\WINDOWS\system32\lknucmp.inf
2008-01-27 10:27 . 2006-10-18 18:36 1,371 --a------ C:\WINDOWS\system32\lknuhub.inf
2008-01-27 01:09 . 2005-09-17 00:20 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-27 01:09 . 2005-09-17 00:20 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-27 00:56 . 2008-01-27 01:01 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-26 20:24 . 2008-01-26 20:24 <DIR> d-------- C:\Deckard
2008-01-24 15:13 . 2008-01-25 15:14 1,142,812 --ahs---- C:\WINDOWS\system32\nvopkfny.ini
2008-01-24 11:14 . 2008-01-24 11:14 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-24 11:14 . 2008-01-24 11:14 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-01-24 11:14 . 2008-01-24 11:14 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-01-24 11:14 . 2008-01-24 11:14 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-01-24 10:40 . 2008-01-24 10:40 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 10:38 . 2008-01-24 11:22 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-24 10:37 . 2008-01-24 10:37 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-24 10:37 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-01-21 22:21 . 2008-01-21 22:21 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-03 10:34 . 2008-01-03 10:34 <DIR> d-------- C:\Program Files\EPDCalc
2008-01-03 10:19 . 2008-01-03 10:19 0 -ra------ C:\WINDOWS\system32\RCCustomSetup.ini
2008-01-02 12:27 . 2008-01-02 12:27 <DIR> d-------- C:\Program Files\Webroot
2008-01-02 12:27 . 2003-10-15 23:42 150,528 --a------ C:\WINDOWS\unSpySweeper.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 17:53 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-27 17:50 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-27 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 06:10 --------- d-----w C:\Program Files\Symantec
2008-01-25 14:04 --------- d-----w C:\Program Files\Lenovo
2008-01-23 20:31 --------- d-----w C:\Program Files\HP
2008-01-23 20:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-22 03:27 --------- d-----w C:\Program Files\QuickTime
2008-01-22 03:26 --------- d-----w C:\Program Files\Windows Defender
2008-01-22 03:26 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2008-01-22 03:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-03 15:51 --------- d-----w C:\Program Files\Viewpoint
2008-01-03 15:34 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-03 15:34 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-26 08:04 7,168 ------w C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2007-12-25 20:07 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-25 20:04 --------- d-----w C:\Program Files\DivX
2007-12-22 13:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-20 15:49 --------- d-----w C:\Program Files\Common Files\EPSON
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-05 12:34 --------- d-----w C:\Program Files\Picasa2
2007-12-05 12:34 --------- d-----w C:\Program Files\Google
2007-12-05 12:32 --------- d-----w C:\Program Files\VisualRoute Lite Edition
2007-11-30 19:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-30 19:34 --------- d-----w C:\Program Files\PCDR5
2007-11-30 19:34 --------- d-----w C:\Program Files\Microsoft Location Finder
2007-11-30 19:34 --------- d-----w C:\Program Files\LimeWire
2007-11-30 19:34 --------- d-----w C:\Program Files\ExtractNow
2007-11-27 04:37 2,236,544 ----a-w C:\WINDOWS\system32\drivers\NETw4x32.sys
.

<pre>
----a-w			52,896 2008-01-27 05:59:01  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   169,984 2008-01-27 06:01:20  C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w			15,360 2008-01-27 06:01:20  C:\WINDOWS\system32\ctfmon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [ ]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [ ]
"ProjectorControl"="" []
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [ ]
"NPDTRAY"="C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe" [ ]
"EPSON Stylus C120 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [ ]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [ ]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [ ]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [ ]
"TP4EX"="tp4ex.exe" [2005-10-17 03:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [ ]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [ ]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2007-01-08 12:50 169984]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 12:42 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"PSDiagnosticM"="C:\Program Files\Linksys Wireless-G Print Server\PSDiagnosticM.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-12 01:25:05 113664]
Epson America Inc. -- EAI VPN Client.lnk - C:\Program Files\Cisco Systems\VPN client\vpngui.exe [2007-05-01 07:19:23 1524776]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-10-19 04:08 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-25 21:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 16:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 11:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\jkhfc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2004-08-31 09:23 823296 C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network EPSON Stylus C120 Ser...]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProjectorControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 05:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
C:\Program Files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
C:\Program Files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 03:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RetroExpLauncher"=2 (0x2)
"RetroExp Helper"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ERSvc"=2 (0x2)
"helpsvc"=2 (0x2)
"btwdins"=2 (0x2)
"BthServ"=2 (0x2)

R1 EMP_MAP;EPSON Network Presentation Driver Service;C:\WINDOWS\system32\DRIVERS\EMP_Map.sys [2007-02-20 09:27]
R1 EMP_MOMM;EPSON Network Presentation Service for Moderator;C:\WINDOWS\system32\DRIVERS\EMP_MOMm.sys [2007-06-05 19:16]
R2 EMP_NSMOSV;EMP_NSMOSV;C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe [2007-06-14 17:40]
R2 EMP_NSWLSV;EMP_NSWLSV;C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe [2007-03-07 08:56]
R2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 21:00]
R3 EMP_Mirr;EMP_Mirr;C:\WINDOWS\system32\DRIVERS\EMP_Mirr.sys [2007-02-20 09:27]
R3 EMP_MOMR;EMP_MOMR;C:\WINDOWS\system32\DRIVERS\EMP_MOMr.sys [2007-06-05 19:16]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 17:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\NETGEARUHOST.sys [2006-08-17 15:04]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\NETGEARUHUB.sys [2006-08-17 15:04]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-09-09 09:16]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]
S3 Ndisprot;EP_NSWD NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\EP_NSWD.sys [2007-02-20 09:27]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 vdisp;vdisp;C:\WINDOWS\system32\DRIVERS\EMP_Vd1.sys [2007-02-20 09:27]
S3 vdisp2;vdisp2;C:\WINDOWS\system32\DRIVERS\EMP_Vd2.sys [2007-02-20 09:27]
S3 vdisp3;vdisp3;C:\WINDOWS\system32\DRIVERS\EMP_Vd3.sys [2007-02-20 09:27]
S3 vdisp4;vdisp4;C:\WINDOWS\system32\DRIVERS\EMP_Vd4.sys [2007-02-20 09:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73731e14-0729-11dc-925e-001641e6e4a7}]
\Shell\AutoRun\command - E:\Loaderw.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 17:56:40 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 12:56:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2008-01-27 12:59:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 17:59:05
.
2008-01-25 12:16:16 --- E O F ---

#6
Rorschach112

Posted 27 January 2008 - 12:47 PM

Ralphie

Retired Staff
47,710 posts

Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\nvopkfny.ini
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\jkhfc.exe
E:\Loaderw.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73731e14-0729-11dc-925e-001641e6e4a7}]

RenV::
----a-w 52,896 2008-01-27 05:59:01 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 169,984 2008-01-27 06:01:20 C:\WINDOWS\pchealth\helpctr\binaries\MSConfig .exe
----a-w 15,360 2008-01-27 06:01:20 C:\WINDOWS\system32\ctfmon .exe

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

#7
bman98

Posted 27 January 2008 - 02:18 PM

New Member

Topic Starter
Member
7 posts

HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13, on 1/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Cisco Systems\VPN client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe
C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\A04665\My Documents\hijackthis\Hijackthis 2beta\HijackThis.exe

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O15 "IP_192.168.1.50" /M "Stylus C88"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~4\wcescomm.exe"
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKCU\..\Run: [NPDTRAY] C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe
O4 - HKCU\..\Run: [EPSON Stylus C120 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.EXE /FU "C:\WINDOWS\TEMP\E_S84.tmp" /EF "HKCU"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Epson America Inc. -- EAI VPN Client.lnk = C:\Program Files\Cisco Systems\VPN client\vpngui.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - https://components.v...l?noreloadredir
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://D:\components\hidinputmonitorx.ocx
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish...fishActivia.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://D:\components\wmvhdrating.ocx
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EMP_NSMOSV - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe
O23 - Service: EMP_NSWLSV - SEIKO EPSON CORPORATION - C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 10491 bytes
:
:
:
:
:
ComboFIx Text:

ComboFix 08-01-23.1C - A04665 2008-01-27 15:01:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1487 [GMT -5:00]
Running from: C:\Documents and Settings\A04665\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\A04665\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\system32\jkhfc.exe
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nvopkfny.ini
E:\Loaderw.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\nvopkfny.ini

.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 14:44 . 2004-09-30 18:45 229,376 -ra------ C:\WINDOWS\system32\hpovst08.dll
2008-01-27 14:44 . 2004-09-30 19:01 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2008-01-27 14:25 . 2008-01-27 14:47 69,425 --a------ C:\WINDOWS\hpoins05.dat
2008-01-27 14:25 . 2004-12-14 10:39 19,696 --------- C:\WINDOWS\hpomdl05.dat
2008-01-27 13:41 . 2008-01-27 13:41 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-27 13:20 . 2008-01-27 13:41 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-27 12:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 01:09 . 2005-09-17 00:20 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-27 01:09 . 2005-09-17 00:20 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-27 00:56 . 2008-01-27 01:01 169,984 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-27 00:56 . 2008-01-27 01:01 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-27 00:56 . 2008-01-27 01:01 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-26 20:24 . 2008-01-26 20:24 <DIR> d-------- C:\Deckard
2008-01-24 11:14 . 2008-01-24 11:14 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-24 11:14 . 2008-01-24 11:14 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-01-24 11:14 . 2008-01-24 11:14 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-01-24 11:14 . 2008-01-24 11:14 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-01-24 10:40 . 2008-01-24 10:40 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 10:38 . 2008-01-24 11:22 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-24 10:37 . 2008-01-24 10:37 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-24 10:37 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-01-21 22:21 . 2008-01-21 22:21 <DIR> d-------- C:\WINDOWS\system32\nGpxx01
2008-01-03 10:34 . 2008-01-03 10:34 <DIR> d-------- C:\Program Files\EPDCalc
2008-01-03 10:19 . 2008-01-03 10:19 0 -ra------ C:\WINDOWS\system32\RCCustomSetup.ini
2008-01-02 12:27 . 2008-01-02 12:27 <DIR> d-------- C:\Program Files\Webroot
2008-01-02 12:27 . 2003-10-15 23:42 150,528 --a------ C:\WINDOWS\unSpySweeper.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 20:07 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-27 20:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-27 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 18:21 --------- d-----w C:\Program Files\HP
2008-01-27 06:10 --------- d-----w C:\Program Files\Symantec
2008-01-25 14:04 --------- d-----w C:\Program Files\Lenovo
2008-01-23 20:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-22 03:27 --------- d-----w C:\Program Files\QuickTime
2008-01-22 03:26 --------- d-----w C:\Program Files\Windows Defender
2008-01-22 03:26 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2008-01-22 03:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-03 15:51 --------- d-----w C:\Program Files\Viewpoint
2008-01-03 15:34 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-03 15:34 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-26 08:04 7,168 ------w C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2007-12-25 20:07 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-25 20:04 --------- d-----w C:\Program Files\DivX
2007-12-22 13:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-20 15:49 --------- d-----w C:\Program Files\Common Files\EPSON
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-05 12:34 --------- d-----w C:\Program Files\Picasa2
2007-12-05 12:34 --------- d-----w C:\Program Files\Google
2007-12-05 12:32 --------- d-----w C:\Program Files\VisualRoute Lite Edition
2007-11-30 19:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-30 19:34 --------- d-----w C:\Program Files\PCDR5
2007-11-30 19:34 --------- d-----w C:\Program Files\Microsoft Location Finder
2007-11-30 19:34 --------- d-----w C:\Program Files\LimeWire
2007-11-30 19:34 --------- d-----w C:\Program Files\ExtractNow
2007-11-27 04:37 2,236,544 ----a-w C:\WINDOWS\system32\drivers\NETw4x32.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-27_12.58.54.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-27 17:48:44 757,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 20:01:45 757,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 17:48:44 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 20:01:45 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 17:48:44 753,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-27 20:01:45 753,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 17:48:44 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 20:01:45 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 17:48:44 5,353,472 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-27 20:01:45 5,353,472 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-27 17:48:45 196,608 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 20:01:45 196,608 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-22 10:49:30 49,152 ----a-r C:\WINDOWS\Installer\{17293791-C82E-476C-9997-9A0FF234A19B}\NewShortcut1_17293791C82E476C99979A0FF234A19B.exe
+ 2008-01-27 18:21:03 49,152 ----a-r C:\WINDOWS\Installer\{17293791-C82E-476C-9997-9A0FF234A19B}\NewShortcut1_17293791C82E476C99979A0FF234A19B.exe
+ 2008-01-27 18:41:01 40,960 ----a-r C:\WINDOWS\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2008-01-27 18:40:45 45,056 ----a-r C:\WINDOWS\Installer\{64FC0C98-B035-4530-B15D-3D30610B6DF1}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
+ 2008-01-27 19:02:37 65,536 ----a-r C:\WINDOWS\Installer\{85BCA736-A0F4-448E-9BC1-6EA08693E10B}\ARPPRODUCTICON.exe
- 1998-10-29 23:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
+ 1998-10-29 21:45:06 306,688 ----a-w C:\WINDOWS\IsUninst.exe
- 2007-01-08 17:50:20 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
+ 2008-01-27 06:01:20 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
- 2001-08-17 20:53:32 6,784 -c--a-w C:\WINDOWS\system32\dllcache\serscan.sys
+ 2001-08-17 18:53:32 6,784 -c--a-w C:\WINDOWS\system32\dllcache\serscan.sys
- 2001-08-17 20:53:32 6,784 ----a-w C:\WINDOWS\system32\drivers\serscan.sys
+ 2001-08-17 18:53:32 6,784 ----a-w C:\WINDOWS\system32\drivers\serscan.sys
+ 2004-06-11 18:27:32 118,784 ----a-r C:\WINDOWS\system32\HPODXPAT.DLL
- 2004-09-29 19:12:48 278,584 ----a-w C:\WINDOWS\system32\HPZidr12.dll
+ 2004-09-29 17:12:48 278,584 ----a-w C:\WINDOWS\system32\HPZidr12.dll
- 2004-09-29 19:08:08 61,440 ----a-w C:\WINDOWS\system32\HPZinw12.exe
+ 2004-09-29 17:08:08 61,440 ----a-w C:\WINDOWS\system32\HPZinw12.exe
- 2004-09-29 19:14:36 69,632 ----a-w C:\WINDOWS\system32\HPZipm12.exe
+ 2004-09-29 17:14:36 69,632 ----a-w C:\WINDOWS\system32\HPZipm12.exe
- 2004-09-29 19:15:16 204,800 ----a-w C:\WINDOWS\system32\HPZipr12.dll
+ 2004-09-29 17:15:16 204,800 ----a-w C:\WINDOWS\system32\HPZipr12.dll
- 2004-09-29 19:09:26 94,208 ----a-w C:\WINDOWS\system32\HPZipt12.dll
+ 2004-09-29 17:09:26 94,208 ----a-w C:\WINDOWS\system32\HPZipt12.dll
- 2004-09-29 19:09:32 57,344 ----a-w C:\WINDOWS\system32\HPZisn12.dll
+ 2004-09-29 17:09:32 57,344 ----a-w C:\WINDOWS\system32\HPZisn12.dll
+ 2004-09-30 23:43:13 185,913 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpof7212.dat
+ 2004-09-30 23:42:43 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpofax08.dll
+ 2004-09-30 23:44:25 185,646 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpop7212.dat
+ 2004-10-01 00:03:40 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg12.exe
+ 2004-09-30 23:46:36 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcoi12.dll
+ 2004-09-30 23:46:41 393,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcon12.dll
+ 2004-10-01 00:03:43 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng12.exe
+ 2004-10-01 00:02:57 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzflt12.dll
+ 2004-10-01 00:03:03 1,597,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzimc12.dll
+ 2004-10-01 00:03:07 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzime12.dll
+ 2004-10-01 00:03:14 2,150,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzims12.dll
+ 2004-10-01 00:03:21 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzjui12.dll
+ 2004-10-01 00:01:33 139,345 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzlnt12.dll
+ 2004-10-01 00:03:24 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpcl12.dll
+ 2004-10-01 00:03:46 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre12.exe
+ 2004-09-30 23:59:03 3,203,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzr3212.dll
+ 2004-10-01 00:03:27 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzres12.dll
+ 2004-09-30 23:59:07 1,761,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrm312.dll
+ 2004-10-01 00:03:30 679,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzslk12.dll
+ 2004-10-01 00:01:39 180,315 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsnt12.dll
+ 2004-10-01 00:03:49 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc12.exe
+ 2004-10-01 00:03:53 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw12.exe
+ 2004-10-01 00:03:34 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbi12.dll
+ 2004-10-01 00:03:56 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu12.exe
+ 2004-10-01 00:03:59 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx12.exe
+ 2004-10-01 00:03:37 176,188 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzvip12.dll
+ 2004-09-30 23:43:13 185,913 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\hpof7212.dat
+ 2004-09-30 23:42:43 40,960 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\hpofax08.dll
+ 2004-09-30 23:46:33 212,992 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpz2ku12.dll
+ 2004-10-01 00:03:40 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzcfg12.exe
+ 2004-09-30 23:46:36 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzcoi12.dll
+ 2004-09-30 23:46:41 393,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzcon12.dll
+ 2004-10-01 00:03:43 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzeng12.exe
+ 2004-10-01 00:02:57 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzflt12.dll
+ 2004-10-01 00:03:03 1,597,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzimc12.dll
+ 2004-10-01 00:03:07 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzime12.dll
+ 2004-10-01 00:03:14 2,150,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzims12.dll
+ 2004-10-01 00:03:21 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzjui12.dll
+ 2004-10-01 00:01:33 139,345 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzlnt12.dll
+ 2004-10-01 00:03:24 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzpcl12.dll
+ 2004-10-01 00:01:36 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzpm312.dll
+ 2004-10-01 00:03:46 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzpre12.exe
+ 2004-09-30 23:59:03 3,203,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzr3212.dll
+ 2004-10-01 00:03:27 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzres12.dll
+ 2004-09-30 23:59:07 1,761,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzrm312.dll
+ 2004-10-01 00:03:30 679,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzslk12.dll
+ 2004-10-01 00:01:39 180,315 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzsnt12.dll
+ 2004-10-01 00:03:49 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzstc12.exe
+ 2004-10-01 00:03:53 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzstw12.exe
+ 2004-10-01 00:03:34 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbi12.dll
+ 2004-10-01 00:03:56 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbu12.exe
+ 2004-10-01 00:03:59 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbx12.exe
+ 2004-10-01 00:03:37 176,188 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzvip12.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-27 01:01 15360]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~4\wcescomm.exe" [ ]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [ ]
"ProjectorControl"="" []
"TPKMAPMN"="C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe" [ ]
"NPDTRAY"="C:\PROGRA~1\Lenovo\NPDIRECT\NPDTray.exe" [ ]
"EPSON Stylus C120 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [ ]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"PSQLLauncher"="C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" [ ]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [ ]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [ ]
"MXOBG"="C:\WINDOWS\MXOALDR.EXE" [ ]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [ ]
"TP4EX"="tp4ex.exe" [2005-10-17 03:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [ ]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [ ]
"AwaySch"="C:\Program Files\Lenovo\AwayTask\AwaySch.EXE" [ ]
"LPManager"="C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 02:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-01-27 01:01 169984]
"TPFNF7"="C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-27 00:59 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-11-15 13:28 85744]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49 49152]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-05-12 01:25:05 113664]
Epson America Inc. -- EAI VPN Client.lnk - C:\Program Files\Cisco Systems\VPN client\vpngui.exe [2007-05-01 07:19:23 1524776]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-04 19:28:24 258048]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 03:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]
C:\Program Files\Lenovo\AwayTask\AwayNotify.dll 2006-10-19 04:08 49152 C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
psqlpwd.dll 2006-04-25 21:20 40448 C:\WINDOWS\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 16:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 11:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 15:49 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxtorOneTouch]
--a------ 2004-08-31 09:23 823296 C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network EPSON Stylus C120 Ser...]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICCA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProjectorControl]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
C:\PROGRA~1\RETROS~1\RETROS~1.1\RetroExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-03-14 05:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify]
C:\Program Files\TiVo\Desktop\TiVoNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer]
C:\Program Files\TiVo\Desktop\TiVoServer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoTransfer]
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 03:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RetroExpLauncher"=2 (0x2)
"RetroExp Helper"=2 (0x2)
"LiveUpdate"=3 (0x3)
"ERSvc"=2 (0x2)
"helpsvc"=2 (0x2)
"btwdins"=2 (0x2)
"BthServ"=2 (0x2)

R1 EMP_MAP;EPSON Network Presentation Driver Service;C:\WINDOWS\system32\DRIVERS\EMP_Map.sys [2007-02-20 09:27]
R1 EMP_MOMM;EPSON Network Presentation Service for Moderator;C:\WINDOWS\system32\DRIVERS\EMP_MOMm.sys [2007-06-05 19:16]
R2 EMP_NSMOSV;EMP_NSMOSV;C:\Program Files\Common Files\EPSON Projector\EMP_NSMOSV.exe [2007-06-14 17:40]
R2 EMP_NSWLSV;EMP_NSWLSV;C:\Program Files\EPSON Projector\EMP NS Connection V2\EMP_NSWLSV.exe [2007-03-07 08:56]
R2 smihlp;SMI helper driver;C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [2006-04-25 21:00]
R3 EMP_Mirr;EMP_Mirr;C:\WINDOWS\system32\DRIVERS\EMP_Mirr.sys [2007-02-20 09:27]
R3 EMP_MOMR;EMP_MOMR;C:\WINDOWS\system32\DRIVERS\EMP_MOMr.sys [2007-06-05 19:16]
R3 lknuhst;Linksys Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\lknuhst.sys [2006-10-18 17:32]
R3 LKNUHUB;Linksys Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\lknuhub.sys [2006-10-18 18:32]
R3 NETGEARUHOST;NETGEAR Network USB Host Controller;C:\WINDOWS\system32\DRIVERS\NETGEARUHOST.sys [2006-08-17 15:04]
R3 NETGEARUHUB;NETGEAR Network USB Root Hub;C:\WINDOWS\system32\DRIVERS\NETGEARUHUB.sys [2006-08-17 15:04]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-09-09 09:16]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]
S3 Ndisprot;EP_NSWD NDIS Protocol Driver;C:\WINDOWS\system32\DRIVERS\EP_NSWD.sys [2007-02-20 09:27]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 21:12]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\PCTINDIS5.SYS []
S3 vdisp;vdisp;C:\WINDOWS\system32\DRIVERS\EMP_Vd1.sys [2007-02-20 09:27]
S3 vdisp2;vdisp2;C:\WINDOWS\system32\DRIVERS\EMP_Vd2.sys [2007-02-20 09:27]
S3 vdisp3;vdisp3;C:\WINDOWS\system32\DRIVERS\EMP_Vd3.sys [2007-02-20 09:27]
S3 vdisp4;vdisp4;C:\WINDOWS\system32\DRIVERS\EMP_Vd4.sys [2007-02-20 09:27]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-27 20:09:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 15:07:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
Completion time: 2008-01-27 15:11:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-27 20:10:58
ComboFix2.txt 2008-01-27 17:59:08
.
2008-01-25 12:16:16 --- E O F ---

:

#8
bman98

Posted 27 January 2008 - 02:47 PM

New Member

Topic Starter
Member
7 posts

....After I ran the ComboFix.exe application the system rebooted.

Now every time I restart I get an error.

"ccApp.exe - Unable to Locate Component
This application has failed to start because ccL40.dll was not found. Reinstalling the application may fix the problem."

#9
Rorschach112

Posted 27 January 2008 - 02:56 PM

Ralphie

Retired Staff
47,710 posts

Hello

The infection you had targeted legitimate files like ccApp.exe so you will need to re-install Symantec Shared

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::

Folder::
C:\WINDOWS\system32\nGpxx01
Registry::

Driver::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner and click Accept

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Also tell me how your PC is running

#10
bman98

Posted 27 January 2008 - 06:23 PM

New Member

Topic Starter
Member
7 posts

My Symantec SAM Popped up and found the following
Virus.
Adeware.Purit.. FIlename A0042990.exe
W32.Trats!inf Filename A0042991.exe
Trojan.adclick Filename A0042009.dll

THis is Kapersky log..
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 27, 2008 19:15
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/01/2008
Kaspersky Anti-Virus database records: 534224
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 92234
Number of viruses found: 5
Number of infected objects: 28
Number of suspicious objects: 0
Duration of the scan process: 01:40:27

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\A04665\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\A04665\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\A04665\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\A04665\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\A04665\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\A04665\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\A04665\My Documents\hijackthis\backups\backup-20060723-200259-781.dll Infected: not-a-virus:AdWare.Win32.Coupons.h skipped
C:\Documents and Settings\A04665\ntuser.dat Object is locked skipped
C:\Documents and Settings\A04665\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-05042007-163914.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F400000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F400001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F400002.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F400003.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F400004.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F680000.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F680001.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0000\4FBC33C8.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0001\4FBC33D5.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0002\4FBC33E1.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0003\4FBC33ED.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0004\4FBC3B2F.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0005\4FBC3B3B.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0006\4FBC3B48.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0007\4FBC493F.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0008\4FBC494C.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC0009\4FBC4958.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0FAC000A\4FBC4964.VBN Infected: Trojan-Dropper.Win32.Agent.dgo skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0567NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0827NAV~.TMP Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ljjkjig.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\QooBox\Quarantine\catchme2008-01-27_125636.68.zip/jkhfc.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\QooBox\Quarantine\catchme2008-01-27_125636.68.zip/ssqoljh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\QooBox\Quarantine\catchme2008-01-27_125636.68.zip ZIP: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{64BF61E3-95B0-4DF1-A4BF-C0C69328209A}\RP333\A0042988.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\System Volume Information\_restore{64BF61E3-95B0-4DF1-A4BF-C0C69328209A}\RP333\A0042988.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{64BF61E3-95B0-4DF1-A4BF-C0C69328209A}\RP333\A0042990.exe Object is locked skipped
C:\System Volume Information\_restore{64BF61E3-95B0-4DF1-A4BF-C0C69328209A}\RP336\A0043193.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\System Volume Information\_restore{64BF61E3-95B0-4DF1-A4BF-C0C69328209A}\RP336\A0043202.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
C:\System Volume Information\_restore{64BF61E3-95B0-4DF1-A4BF-C0C69328209A}\RP336\A0043203.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
C:\System Volume Information\_restore{64BF61E3-95B0-4DF1-A4BF-C0C69328209A}\RP343\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{7554DBC8-3927-4A52-9EAA-D4F6AA76C25A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

:
:
:
:
:

THis is ComboFix log
ComboFix 08-01-23.1C - A04665 2008-01-27 16:47:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1430 [GMT -5:00]
Running from: C:\Documents and Settings\A04665\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\A04665\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\nGpxx01

.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 16:35 . 2008-01-27 16:35 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-27 16:33 . 2004-10-01 07:01 139,345 --a------ C:\WINDOWS\system32\hpzlnt12.dll
2008-01-27 16:26 . 2008-01-27 16:33 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-27 16:26 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.1
2008-01-27 16:25 . 2008-01-27 16:40 68,938 --a------ C:\WINDOWS\hpoins05.dat
2008-01-27 16:25 . 2004-12-14 23:39 19,696 --------- C:\WINDOWS\hpomdl05.dat
2008-01-27 16:24 . 2008-01-27 16:25 <DIR> d-------- C:\TEMP\HP_WebRelease
2008-01-27 13:20 . 2008-01-27 16:34 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-01-27 12:48 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 01:09 . 2005-09-17 00:20 108,168 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-27 01:09 . 2005-09-17 00:20 87,768 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-27 00:56 . 2008-01-27 01:01 169,984 --a--c--- C:\WINDOWS\system32\dllcache\msconfig.exe
2008-01-27 00:56 . 2008-01-27 01:01 15,360 --a--c--- C:\WINDOWS\system32\dllcache\ctfmon.exe
2008-01-27 00:56 . 2008-01-27 01:01 15,360 --a------ C:\WINDOWS\system32\ctfmon.exe
2008-01-26 20:24 . 2008-01-26 20:24 <DIR> d-------- C:\Deckard
2008-01-24 11:14 . 2008-01-24 11:14 21,361 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-24 11:14 . 2008-01-24 11:14 21,361 --a------ C:\WINDOWS\AegisP.sys
2008-01-24 11:14 . 2008-01-24 11:14 13,984 --a------ C:\WINDOWS\AegisP.inf
2008-01-24 11:14 . 2008-01-24 11:14 10,640 --a------ C:\WINDOWS\AegisP.cat
2008-01-24 10:40 . 2008-01-24 10:40 <DIR> d-------- C:\Program Files\MSBuild
2008-01-24 10:38 . 2008-01-24 11:22 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-01-24 10:37 . 2008-01-24 10:37 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-01-24 10:37 . 2006-06-29 13:07 14,048 --a------ C:\WINDOWS\system32\spmsg2.dll
2008-01-03 10:34 . 2008-01-03 10:34 <DIR> d-------- C:\Program Files\EPDCalc
2008-01-03 10:19 . 2008-01-03 10:19 0 -ra------ C:\WINDOWS\system32\RCCustomSetup.ini
2008-01-02 12:27 . 2008-01-02 12:27 <DIR> d-------- C:\Program Files\Webroot
2008-01-02 12:27 . 2003-10-15 23:42 150,528 --a------ C:\WINDOWS\unSpySweeper.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 21:15 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-27 20:01 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-27 18:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-27 18:21 --------- d-----w C:\Program Files\HP
2008-01-27 07:05 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
2008-01-27 06:10 --------- d-----w C:\Program Files\Symantec
2008-01-27 06:01 169,984 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe
2008-01-25 14:04 --------- d-----w C:\Program Files\Lenovo
2008-01-23 20:23 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-22 03:27 --------- d-----w C:\Program Files\QuickTime
2008-01-22 03:26 --------- d-----w C:\Program Files\Windows Defender
2008-01-22 03:26 --------- d-----w C:\Program Files\ThinkVantage Fingerprint Software
2008-01-22 03:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-01-03 15:51 --------- d-----w C:\Program Files\Viewpoint
2008-01-03 15:34 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-03 15:34 249,856 ------w C:\WINDOWS\Setup1.exe
2007-12-26 08:04 7,168 ------w C:\WINDOWS\system32\drivers\TSMAPIP.SYS
2007-12-25 20:07 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-12-25 20:04 --------- d-----w C:\Program Files\DivX
2007-12-22 13:33 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-20 15:49 --------- d-----w C:\Program Files\Common Files\EPSON
2007-12-11 22:34 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-12-11 22:34 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-12-11 22:34 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 22:34 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 22:33 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-12-11 22:33 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 22:33 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 22:33 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 22:32 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-07 23:28 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2007-12-05 12:34 --------- d-----w C:\Program Files\Picasa2
2007-12-05 12:34 --------- d-----w C:\Program Files\Google
2007-12-05 12:32 30,601 ----a-w C:\WINDOWS\java\x.exe
2007-12-05 12:32 --------- d-----w C:\Program Files\VisualRoute Lite Edition
2007-12-04 07:33 682,496 ----a-w C:\WINDOWS\system32\divx.dll
2007-11-30 19:34 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-30 19:34 --------- d-----w C:\Program Files\PCDR5
2007-11-30 19:34 --------- d-----w C:\Program Files\Microsoft Location Finder
2007-11-30 19:34 --------- d-----w C:\Program Files\LimeWire
2007-11-30 19:34 --------- d-----w C:\Program Files\ExtractNow
2007-11-27 04:37 2,236,544 ----a-w C:\WINDOWS\system32\drivers\NETw4x32.sys
2007-11-20 21:42 2,777,088 ----a-w C:\WINDOWS\system32\NETw4r32.dll
2007-11-20 21:41 749,568 ----a-w C:\WINDOWS\system32\NETw4c32.dll
2007-11-19 19:45 208,896 ----a-w C:\WINDOWS\system32\NetProvCredMan.dll
2007-11-07 09:50 727,040 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:35 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 22:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-27_15.10.47.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-27 21:35:34 77,824 ----a-w C:\WINDOWS\assembly\GAC\AxInterop.LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\AxInterop.LTRASTERVIEWLib.dll
+ 2008-01-27 21:35:44 45,056 ----a-w C:\WINDOWS\assembly\GAC\AxInterop.SHDocVw\1.1.0.0__a53cf5803f4c3827\AxInterop.SHDocVw.dll
+ 2008-01-27 21:36:04 31,744 ----a-w C:\WINDOWS\assembly\GAC\hplMosaicNet\1.3.1.0__0d5444959b41355f\hplMosaicNet.dll
+ 2008-01-27 21:35:28 28,672 ----a-w C:\WINDOWS\assembly\GAC\HPODMmcLib\1.0.0.0__a53cf5803f4c3827\HPODMmcLib.dll
+ 2008-01-27 21:35:35 9,728 ----a-w C:\WINDOWS\assembly\GAC\hpqactiv.resources\3.0.0.0_en_a53cf5803f4c3827\hpqactiv.resources.dll
+ 2008-01-27 21:35:35 131,072 ----a-w C:\WINDOWS\assembly\GAC\hpqactiv\3.0.0.0__a53cf5803f4c3827\hpqactiv.dll
+ 2008-01-27 21:35:26 28,672 ----a-w C:\WINDOWS\assembly\GAC\hpqalb\3.0.0.0__a53cf5803f4c3827\hpqalb.dll
+ 2008-01-27 21:35:26 24,576 ----a-w C:\WINDOWS\assembly\GAC\hpqasset\3.0.0.0__a53cf5803f4c3827\hpqasset.dll
+ 2008-01-27 21:36:05 90,112 ----a-w C:\WINDOWS\assembly\GAC\hpqcalp.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcalp.resources.dll
+ 2008-01-27 21:36:04 237,568 ----a-w C:\WINDOWS\assembly\GAC\hpqcalp\3.0.0.0__a53cf5803f4c3827\hpqcalp.dll
+ 2008-01-27 21:36:06 4,096 ----a-w C:\WINDOWS\assembly\GAC\hpqcalrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcalrsc.resources.dll
+ 2008-01-27 21:36:06 24,576 ----a-w C:\WINDOWS\assembly\GAC\hpqcalrsc\3.0.0.0__a53cf5803f4c3827\hpqcalrsc.dll
+ 2008-01-27 21:34:39 184,320 ----a-w C:\WINDOWS\assembly\GAC\hpqccrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqccrsc.resources.dll
+ 2008-01-27 21:34:39 196,608 ----a-w C:\WINDOWS\assembly\GAC\hpqccrsc\3.0.0.0__a53cf5803f4c3827\hpqccrsc.dll
+ 2008-01-27 21:34:39 98,304 ----a-w C:\WINDOWS\assembly\GAC\hpqcmctl.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcmctl.resources.dll
+ 2008-01-27 21:34:39 475,136 ----a-w C:\WINDOWS\assembly\GAC\hpqcmctl\3.0.0.0__a53cf5803f4c3827\hpqcmctl.dll
+ 2008-01-27 21:36:03 32,768 ----a-w C:\WINDOWS\assembly\GAC\hpqcpint\3.0.0.0__a53cf5803f4c3827\hpqcpint.dll
+ 2008-01-27 21:36:03 7,168 ----a-w C:\WINDOWS\assembly\GAC\hpqcprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqcprsc.resources.dll
+ 2008-01-27 21:36:03 32,768 ----a-w C:\WINDOWS\assembly\GAC\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
+ 2008-01-27 21:35:34 49,152 ----a-w C:\WINDOWS\assembly\GAC\hpqdcprf.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdcprf.resources.dll
+ 2008-01-27 21:35:34 94,208 ----a-w C:\WINDOWS\assembly\GAC\hpqdcprf\3.0.0.0__a53cf5803f4c3827\hpqdcprf.dll
+ 2008-01-27 21:35:34 36,864 ----a-w C:\WINDOWS\assembly\GAC\hpqdcrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdcrsc.resources.dll
+ 2008-01-27 21:35:34 147,456 ----a-w C:\WINDOWS\assembly\GAC\hpqdcrsc\3.0.0.0__a53cf5803f4c3827\hpqdcrsc.dll
+ 2008-01-27 21:35:35 16,384 ----a-w C:\WINDOWS\assembly\GAC\hpqdocpt.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdocpt.resources.dll
+ 2008-01-27 21:35:35 98,304 ----a-w C:\WINDOWS\assembly\GAC\hpqdocpt\3.0.0.0__a53cf5803f4c3827\hpqdocpt.dll
+ 2008-01-27 21:35:34 110,592 ----a-w C:\WINDOWS\assembly\GAC\hpqdocvw.resources\3.0.0.0_en_a53cf5803f4c3827\hpqdocvw.resources.dll
+ 2008-01-27 21:35:34 278,528 ----a-w C:\WINDOWS\assembly\GAC\hpqdocvw\3.0.0.0__a53cf5803f4c3827\hpqdocvw.dll
+ 2008-01-27 21:35:35 24,576 ----a-w C:\WINDOWS\assembly\GAC\hpqeal\3.0.0.0__a53cf5803f4c3827\hpqeal.dll
+ 2008-01-27 21:36:06 24,576 ----a-w C:\WINDOWS\assembly\GAC\hpqedppi\3.0.0.0__a53cf5803f4c3827\hpqedppi.dll
+ 2008-01-27 21:35:26 6,656 ----a-w C:\WINDOWS\assembly\GAC\hpqfmrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqfmrsc.resources.dll
+ 2008-01-27 21:35:26 28,672 ----a-w C:\WINDOWS\assembly\GAC\hpqfmrsc\3.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
+ 2008-01-27 21:35:26 61,440 ----a-w C:\WINDOWS\assembly\GAC\hpqgldlg.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgldlg.resources.dll
+ 2008-01-27 21:35:26 126,976 ----a-w C:\WINDOWS\assembly\GAC\hpqgldlg\3.0.0.0__a53cf5803f4c3827\hpqgldlg.dll
+ 2008-01-27 21:35:26 32,768 ----a-w C:\WINDOWS\assembly\GAC\hpqglutl.resources\3.0.0.0_en_a53cf5803f4c3827\hpqglutl.resources.dll
+ 2008-01-27 21:35:26 65,536 ----a-w C:\WINDOWS\assembly\GAC\hpqglutl\3.0.0.0__a53cf5803f4c3827\hpqglutl.dll
+ 2008-01-27 21:36:06 10,752 ----a-w C:\WINDOWS\assembly\GAC\hpqgprsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgprsc.resources.dll
+ 2008-01-27 21:36:06 110,592 ----a-w C:\WINDOWS\assembly\GAC\hpqgprsc\3.0.0.0__a53cf5803f4c3827\hpqgprsc.dll
+ 2008-01-27 21:34:40 73,728 ----a-w C:\WINDOWS\assembly\GAC\hpqgskin\3.0.0.0__a53cf5803f4c3827\hpqgskin.dll
+ 2008-01-27 21:36:06 40,960 ----a-w C:\WINDOWS\assembly\GAC\hpqgtpin.resources\3.0.0.0_en_a53cf5803f4c3827\hpqgtpin.resources.dll
+ 2008-01-27 21:36:06 151,552 ----a-w C:\WINDOWS\assembly\GAC\hpqgtpin\3.0.0.0__a53cf5803f4c3827\hpqgtpin.dll
+ 2008-01-27 21:36:02 245,760 ----a-w C:\WINDOWS\assembly\GAC\hpqietpz.resources\3.0.0.0_en_a53cf5803f4c3827\hpqietpz.resources.dll
+ 2008-01-27 21:36:01 798,720 ----a-w C:\WINDOWS\assembly\GAC\hpqietpz\3.0.0.0__a53cf5803f4c3827\hpqietpz.dll
+ 2008-01-27 21:35:26 16,384 ----a-w C:\WINDOWS\assembly\GAC\hpqiface\3.0.0.0__a53cf5803f4c3827\hpqiface.dll
+ 2008-01-27 21:36:00 24,576 ----a-w C:\WINDOWS\assembly\GAC\hpqimgrc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqimgrc.resources.dll
+ 2008-01-27 21:35:27 167,936 ----a-w C:\WINDOWS\assembly\GAC\hpqimgrc\3.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
+ 2008-01-27 21:35:35 49,152 ----a-w C:\WINDOWS\assembly\GAC\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
+ 2008-01-27 21:35:45 32,768 ----a-w C:\WINDOWS\assembly\GAC\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
+ 2008-01-27 21:35:45 229,376 ----a-w C:\WINDOWS\assembly\GAC\hpqistab\4.0.0.0__a53cf5803f4c3827\hpqistab.dll
+ 2008-01-27 21:35:35 20,480 ----a-w C:\WINDOWS\assembly\GAC\hpqltutl\3.0.0.0__a53cf5803f4c3827\hpqltutl.dll
+ 2008-01-27 21:35:30 8,704 ----a-w C:\WINDOWS\assembly\GAC\hpqmdmr.resources\3.0.0.0_en_a53cf5803f4c3827\hpqmdmr.resources.dll
+ 2008-01-27 21:35:30 65,536 ----a-w C:\WINDOWS\assembly\GAC\hpqmdmr\3.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
+ 2008-01-27 21:35:30 36,864 ----a-w C:\WINDOWS\assembly\GAC\hpqmpvad\3.0.0.0__a53cf5803f4c3827\hpqmpvad.dll
+ 2008-01-27 21:35:34 266,240 ----a-w C:\WINDOWS\assembly\GAC\hpqmydoc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqmydoc.resources.dll
+ 2008-01-27 21:35:34 651,264 ----a-w C:\WINDOWS\assembly\GAC\hpqmydoc\3.0.0.0__a53cf5803f4c3827\hpqmydoc.dll
+ 2008-01-27 21:36:00 16,384 ----a-w C:\WINDOWS\assembly\GAC\hpqmyint\3.0.0.0__a53cf5803f4c3827\hpqmyint.dll
+ 2008-01-27 21:34:40 57,344 ----a-w C:\WINDOWS\assembly\GAC\hpqntrop\3.0.0.0__a53cf5803f4c3827\hpqntrop.dll
+ 2008-01-27 21:36:06 77,824 ----a-w C:\WINDOWS\assembly\GAC\hpqpanop.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpanop.resources.dll
+ 2008-01-27 21:36:06 364,544 ----a-w C:\WINDOWS\assembly\GAC\hpqpanop\3.0.0.0__a53cf5803f4c3827\hpqpanop.dll
+ 2008-01-27 21:35:36 172,032 ----a-w C:\WINDOWS\assembly\GAC\hpqpdmdl\3.0.0.0__a53cf5803f4c3827\hpqpdmdl.dll
+ 2008-01-27 21:35:36 13,312 ----a-w C:\WINDOWS\assembly\GAC\hpqpel10.resources\3.0.0.0_en_a53cf5803f4c3827\hpqpel10.resources.dll
+ 2008-01-27 21:35:36 131,072 ----a-w C:\WINDOWS\assembly\GAC\hpqpel10\3.0.0.0__a53cf5803f4c3827\hpqpel10.dll
+ 2008-01-27 21:35:36 20,480 ----a-w C:\WINDOWS\assembly\GAC\hpqprif\3.0.0.0__a53cf5803f4c3827\hpqprif.dll
+ 2008-01-27 21:36:03 98,304 ----a-w C:\WINDOWS\assembly\GAC\hpqprjfx.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprjfx.resources.dll
+ 2008-01-27 21:36:03 307,200 ----a-w C:\WINDOWS\assembly\GAC\hpqprjfx\3.0.0.0__a53cf5803f4c3827\hpqprjfx.dll
+ 2008-01-27 21:35:36 11,264 ----a-w C:\WINDOWS\assembly\GAC\hpqprrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprrsc.resources.dll
+ 2008-01-27 21:35:36 53,248 ----a-w C:\WINDOWS\assembly\GAC\hpqprrsc\3.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
+ 2008-01-27 21:35:36 86,016 ----a-w C:\WINDOWS\assembly\GAC\hpqprutl.resources\3.0.0.0_en_a53cf5803f4c3827\hpqprutl.resources.dll
+ 2008-01-27 21:35:36 294,912 ----a-w C:\WINDOWS\assembly\GAC\hpqprutl\3.0.0.0__a53cf5803f4c3827\hpqprutl.dll
+ 2008-01-27 21:34:40 16,384 ----a-w C:\WINDOWS\assembly\GAC\hpqptfnd\3.0.0.0__a53cf5803f4c3827\hpqptfnd.dll
+ 2008-01-27 21:35:36 303,104 ----a-w C:\WINDOWS\assembly\GAC\hpqptfx.resources\3.0.0.0_en_a53cf5803f4c3827\hpqptfx.resources.dll
+ 2008-01-27 21:35:36 1,044,480 ----a-w C:\WINDOWS\assembly\GAC\hpqptfx\3.0.0.0__a53cf5803f4c3827\hpqptfx.dll
+ 2008-01-27 21:35:36 8,192 ----a-w C:\WINDOWS\assembly\GAC\hpqptint.resources\3.0.0.0_en_a53cf5803f4c3827\hpqptint.resources.dll
+ 2008-01-27 21:35:36 61,440 ----a-w C:\WINDOWS\assembly\GAC\hpqptint\3.0.0.0__a53cf5803f4c3827\hpqptint.dll
+ 2008-01-27 21:35:35 49,152 ----a-w C:\WINDOWS\assembly\GAC\hpqshfop.resources\3.0.0.0_en_a53cf5803f4c3827\hpqshfop.resources.dll
+ 2008-01-27 21:35:35 77,824 ----a-w C:\WINDOWS\assembly\GAC\hpqshfop\3.0.0.0__a53cf5803f4c3827\hpqshfop.dll
+ 2008-01-27 21:35:27 3,584 ----a-w C:\WINDOWS\assembly\GAC\hpqthrsc.resources\3.0.0.0_en_a53cf5803f4c3827\hpqthrsc.resources.dll
+ 2008-01-27 21:35:27 28,672 ----a-w C:\WINDOWS\assembly\GAC\hpqthrsc\3.0.0.0__a53cf5803f4c3827\hpqthrsc.dll
+ 2008-01-27 21:35:27 45,056 ----a-w C:\WINDOWS\assembly\GAC\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
+ 2008-01-27 21:35:27 86,016 ----a-w C:\WINDOWS\assembly\GAC\hpqtray.resources\3.0.0.0_en_a53cf5803f4c3827\hpqtray.resources.dll
+ 2008-01-27 21:35:27 229,376 ----a-w C:\WINDOWS\assembly\GAC\hpqtray\3.0.0.0__a53cf5803f4c3827\hpqtray.dll
+ 2008-01-27 21:34:40 163,840 ----a-w C:\WINDOWS\assembly\GAC\hpqutils\3.0.0.0__a53cf5803f4c3827\hpqutils.dll
+ 2008-01-27 21:35:31 73,728 ----a-w C:\WINDOWS\assembly\GAC\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
+ 2008-01-27 21:34:40 36,864 ----a-w C:\WINDOWS\assembly\GAC\Interop.HPDarc\1.0.0.0__19565c63d39c2842\Interop.hpdarc.dll
+ 2008-01-27 21:34:40 98,304 ----a-w C:\WINDOWS\assembly\GAC\Interop.hpocxi08\1.0.0.0__3b766a3b3d2dc385\Interop.hpocxi08.dll
+ 2008-01-27 21:35:28 24,576 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodae\2.0.588.1728__a53cf5803f4c3827\interop.hpodae.dll
+ 2008-01-27 21:35:28 53,248 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodai\2.0.588.1728__a53cf5803f4c3827\interop.hpodai.dll
+ 2008-01-27 21:35:28 12,800 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodaud\2.0.588.1728__a53cf5803f4c3827\interop.hpodaud.dll
+ 2008-01-27 21:34:40 94,208 ----a-w C:\WINDOWS\assembly\GAC\Interop.hpodeb08\3.0.0.0__a53cf5803f4c3827\Interop.hpodeb08.dll
+ 2008-01-27 21:34:40 10,240 ----a-w C:\WINDOWS\assembly\GAC\Interop.hpodev08\3.0.0.0__a53cf5803f4c3827\Interop.hpodev08.dll
+ 2008-01-27 21:34:40 172,032 ----a-w C:\WINDOWS\assembly\GAC\Interop.hpodio08\3.0.0.0__a53cf5803f4c3827\Interop.hpodio08.dll
+ 2008-01-27 21:35:28 15,360 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodmmc\1.0.0.0__a53cf5803f4c3827\interop.hpodmmc.dll
+ 2008-01-27 21:35:28 6,656 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodmp\2.0.588.1728__a53cf5803f4c3827\interop.hpodmp.dll
+ 2008-01-27 21:35:28 7,680 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodmpv\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv.dll
+ 2008-01-27 21:35:28 12,800 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodmpv_md\2.0.588.1728__a53cf5803f4c3827\interop.hpodmpv_md.dll
+ 2008-01-27 21:36:04 4,608 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodprint2\4.0.0.0__a53cf5803f4c3827\interop.hpodprint2.dll
+ 2008-01-27 21:35:28 13,312 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodtrk\2.0.588.1728__a53cf5803f4c3827\interop.hpodtrk.dll
+ 2008-01-27 21:35:28 13,312 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodvid\2.0.588.1728__a53cf5803f4c3827\interop.hpodvid.dll
+ 2008-01-27 21:35:28 15,872 ----a-w C:\WINDOWS\assembly\GAC\interop.hpodxmlutil\2.0.588.1728__a53cf5803f4c3827\interop.hpodxmlutil.dll
+ 2008-01-27 21:35:27 5,632 ----a-w C:\WINDOWS\assembly\GAC\interop.hpqcldat\1.0.0.0__a53cf5803f4c3827\interop.hpqcldat.dll
+ 2008-01-27 21:34:40 36,864 ----a-w C:\WINDOWS\assembly\GAC\Interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\Interop.hpqcxm08.dll
+ 2008-01-27 21:34:40 28,672 ----a-w C:\WINDOWS\assembly\GAC\Interop.hpqdstcp\3.0.0.0__a53cf5803f4c3827\Interop.hpqdstcp.dll
+ 2008-01-27 21:35:28 10,240 ----a-w C:\WINDOWS\assembly\GAC\interop.hpqimgr\1.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
+ 2008-01-27 21:35:28 7,680 ----a-w C:\WINDOWS\assembly\GAC\Interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\Interop.hpqvideo.dll
+ 2008-01-27 21:36:00 4,096 ----a-w C:\WINDOWS\assembly\GAC\Interop.hprblog\3.0.0.0__a53cf5803f4c3827\Interop.hprblog.dll
+ 2008-01-27 21:35:32 90,112 ----a-w C:\WINDOWS\assembly\GAC\Interop.LTANNLib\1.0.0.0__a53cf5803f4c3827\Interop.LTANNLib.dll
+ 2008-01-27 21:35:44 18,944 ----a-w C:\WINDOWS\assembly\GAC\Interop.MsHtmHst\0.0.0.0__a53cf5803f4c3827\Interop.MsHtmHst.dll
+ 2008-01-27 21:35:44 126,976 ----a-w C:\WINDOWS\assembly\GAC\Interop.SHDocVw\1.1.0.0__a53cf5803f4c3827\Interop.SHDocVw.dll
+ 2008-01-27 21:35:28 81,920 ----a-w C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Codecs\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.Codecs.dll
+ 2008-01-27 21:35:29 90,112 ----a-w C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.ImageProcessing\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.ImageProcessing.dll
+ 2008-01-27 21:35:28 102,400 ----a-w C:\WINDOWS\assembly\GAC\LEAD.Drawing.Imaging.Twain\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.Imaging.Twain.dll
+ 2008-01-27 21:35:29 86,016 ----a-w C:\WINDOWS\assembly\GAC\LEAD.Drawing\13.0.0.89__9cf889f53ea9b907\LEAD.Drawing.dll
+ 2008-01-27 21:35:29 106,496 ----a-w C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.CommonDialogs\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.CommonDialogs.dll
+ 2008-01-27 21:35:29 69,632 ----a-w C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms.DrawingContainer\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.DrawingContainer.dll
+ 2008-01-27 21:35:29 40,960 ----a-w C:\WINDOWS\assembly\GAC\LEAD.Windows.Forms\13.0.0.89__9cf889f53ea9b907\LEAD.Windows.Forms.dll
+ 2008-01-27 21:35:29 430,080 ----a-w C:\WINDOWS\assembly\GAC\LEAD.Wrapper\13.0.0.89__9cf889f53ea9b907\LEAD.Wrapper.dll
+ 2008-01-27 21:35:29 77,824 ----a-w C:\WINDOWS\assembly\GAC\LEAD\13.0.0.89__9cf889f53ea9b907\LEAD.dll
+ 2008-01-27 21:35:33 73,728 ----a-w C:\WINDOWS\assembly\GAC\LTRASTERIOLib\1.0.0.0__a53cf5803f4c3827\LTRASTERIOLib.dll
+ 2008-01-27 21:35:33 40,960 ----a-w C:\WINDOWS\assembly\GAC\LTRASTERLib\1.0.0.0__a53cf5803f4c3827\LTRASTERLib.dll
+ 2008-01-27 21:35:34 90,112 ----a-w C:\WINDOWS\assembly\GAC\LTRASTERVIEWLib\1.0.0.0__a53cf5803f4c3827\LTRASTERVIEWLib.dll
+ 2008-01-27 21:35:44 8,007,680 ----a-w C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
+ 2008-01-27 21:35:29 3,584 ----a-w C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.Codecs\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.Codecs.dll
+ 2008-01-27 21:35:29 3,584 ----a-w C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.Imaging.ImageProcessing.dll
+ 2008-01-27 21:35:29 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Drawing\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Drawing.dll
+ 2008-01-27 21:35:29 3,584 ----a-w C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.CommonDialogs\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.CommonDialogs.dll
+ 2008-01-27 21:35:29 3,584 ----a-w C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms.DrawingContainer\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.DrawingContainer.dll
+ 2008-01-27 21:35:29 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Windows.Forms\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Windows.Forms.dll
+ 2008-01-27 21:35:29 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.13.0.LEAD.Wrapper\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.Wrapper.dll
+ 2008-01-27 21:35:29 3,072 ----a-w C:\WINDOWS\assembly\GAC\policy.13.0.LEAD\13.0.0.89__9cf889f53ea9b907\policy.13.0.LEAD.dll
- 2008-01-27 20:01:45 757,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-27 21:47:14 757,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-27 20:01:45 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-27 21:47:14 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-27 20:01:45 753,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-27 21:47:14 753,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-27 20:01:45 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-27 21:47:14 8,192 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-27 20:01:45 5,353,472 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
+ 2008-01-27 21:47:14 5,353,472 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000005\ntuser.dat
- 2008-01-27 20:01:45 196,608 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-27 21:47:14 196,608 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-27 18:41:01 40,960 ----a-r C:\WINDOWS\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2008-01-27 21:34:31 40,960 ----a-r C:\WINDOWS\Installer\{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2001-08-17 18:53:32 6,784 ----a-w C:\WINDOWS\LastGood\system32\drivers\serscan.sys
+ 2004-09-30 23:44:49 278,528 ----a-r C:\WINDOWS\LastGood\system32\hpgwiamd.dll
+ 2004-09-30 23:44:52 708,608 ----a-r C:\WINDOWS\LastGood\system32\hpotiop.dll
+ 2004-10-04 23:29:01 274,432 ----a-r C:\WINDOWS\LastGood\system32\HPZc3212.dll
+ 2004-09-30 23:46:36 196,608 ----a-w C:\WINDOWS\LastGood\system32\hpzcoi12.dll
+ 2004-09-30 23:46:41 393,216 ----a-w C:\WINDOWS\LastGood\system32\hpzcon12.dll
+ 2004-09-30 23:43:13 185,913 ----a-r C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpof7212.dat
+ 2004-09-30 23:42:43 40,960 ----a-r C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpofax08.dll
+ 2004-09-30 23:44:25 185,646 ----a-r C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpop7212.dat
+ 2004-09-30 23:46:33 212,992 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpz2ku12.dll
+ 2004-10-01 00:03:43 659,456 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzeng12.exe
+ 2004-10-01 00:02:57 69,632 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzflt12.dll
+ 2004-10-01 00:03:03 1,597,440 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzimc12.dll
+ 2004-10-01 00:03:07 352,256 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzime12.dll
+ 2004-10-01 00:03:21 225,280 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzjui12.dll
+ 2004-10-01 00:01:33 139,345 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzlnt12.dll
+ 2004-10-01 00:01:36 507,904 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzpm312.dll
+ 2004-09-30 23:59:03 3,203,072 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzr3212.dll
+ 2004-10-01 00:03:27 372,736 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzres12.dll
+ 2004-10-01 00:01:39 180,315 ----a-w C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hpzsnt12.dll
- 2004-09-30 23:44:49 278,528 ----a-r C:\WINDOWS\system32\hpgwiamd.dll
+ 2004-10-01 11:44:50 278,528 ----a-w C:\WINDOWS\system32\hpgwiamd.dll
- 2004-06-11 18:27:32 118,784 ----a-r C:\WINDOWS\system32\HPODXPAT.DLL
+ 2004-06-11 17:27:32 118,784 ----a-r C:\WINDOWS\system32\HPODXPAT.DLL
- 2004-09-30 23:44:52 708,608 ----a-r C:\WINDOWS\system32\hpotiop.dll
+ 2004-10-01 11:44:52 708,608 ----a-w C:\WINDOWS\system32\hpotiop.dll
- 2004-09-30 23:45:00 229,376 ----a-r C:\WINDOWS\system32\hpovst08.dll
+ 2004-10-01 11:45:00 229,376 ----a-w C:\WINDOWS\system32\hpovst08.dll
- 2004-10-04 23:29:01 274,432 ----a-r C:\WINDOWS\system32\HPZc3212.dll
+ 2004-10-05 11:29:02 274,432 ----a-w C:\WINDOWS\system32\HPZc3212.dll
- 2004-09-30 23:46:36 196,608 ----a-w C:\WINDOWS\system32\hpzcoi12.dll
+ 2004-10-01 11:46:36 196,608 ----a-w C:\WINDOWS\system32\hpzcoi12.dll
- 2004-09-30 23:46:41 393,216 ----a-w C:\WINDOWS\system32\hpzcon12.dll
+ 2004-10-01 11:46:42 393,216 ----a-w C:\WINDOWS\system32\hpzcon12.dll
+ 2002-01-05 09:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-05 09:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2002-01-05 08:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
+ 2002-01-05 08:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2004-09-30 23:43:13 185,913 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpof7212.dat
+ 2004-10-01 11:43:14 185,913 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpof7212.dat
- 2004-09-30 23:42:43 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpofax08.dll
+ 2004-10-01 11:42:44 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpofax08.dll
- 2004-09-30 23:44:25 185,646 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpop7212.dat
+ 2004-10-01 11:44:26 185,646 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpop7212.dat
- 2004-09-30 23:46:33 212,992 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz2ku12.dll
+ 2004-10-01 11:46:34 212,992 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpz2ku12.dll
- 2004-10-01 00:03:40 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg12.exe
+ 2004-10-01 12:03:40 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg12.exe
- 2004-09-30 23:46:36 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcoi12.dll
+ 2004-10-01 11:46:36 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcoi12.dll
- 2004-09-30 23:46:41 393,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcon12.dll
+ 2004-10-01 11:46:42 393,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcon12.dll
- 2004-10-01 00:03:43 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng12.exe
+ 2004-10-01 12:03:44 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng12.exe
- 2004-10-01 00:02:57 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzflt12.dll
+ 2004-10-01 12:02:58 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzflt12.dll
- 2004-10-01 00:03:03 1,597,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzimc12.dll
+ 2004-10-01 12:03:04 1,597,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzimc12.dll
- 2004-10-01 00:03:07 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzime12.dll
+ 2004-10-01 12:03:08 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzime12.dll
- 2004-10-01 00:03:14 2,150,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzims12.dll
+ 2004-10-01 12:03:14 2,150,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzims12.dll
- 2004-10-01 00:03:21 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzjui12.dll
+ 2004-10-01 12:03:22 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzjui12.dll
- 2004-10-01 00:01:33 139,345 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzlnt12.dll
+ 2004-10-01 12:01:34 139,345 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzlnt12.dll
- 2004-10-01 00:03:24 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpcl12.dll
+ 2004-10-01 12:03:24 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpcl12.dll
- 2004-10-01 00:01:36 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpm312.dll
+ 2004-10-01 12:01:36 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpm312.dll
- 2004-10-01 00:03:46 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre12.exe
+ 2004-10-01 12:03:46 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre12.exe
- 2004-09-30 23:59:03 3,203,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzr3212.dll
+ 2004-10-01 11:59:04 3,203,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzr3212.dll
- 2004-10-01 00:03:27 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzres12.dll
+ 2004-10-01 12:03:28 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzres12.dll
- 2004-09-30 23:59:07 1,761,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrm312.dll
+ 2004-10-01 11:59:08 1,761,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzrm312.dll
- 2004-10-01 00:03:30 679,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzslk12.dll
+ 2004-10-01 12:03:30 679,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzslk12.dll
- 2004-10-01 00:01:39 180,315 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsnt12.dll
+ 2004-10-01 12:01:40 180,315 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzsnt12.dll
- 2004-10-01 00:03:49 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc12.exe
+ 2004-10-01 12:03:50 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc12.exe
- 2004-10-01 00:03:53 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw12.exe
+ 2004-10-01 12:03:54 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw12.exe
- 2004-10-01 00:03:34 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbi12.dll
+ 2004-10-01 12:03:34 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbi12.dll
- 2004-10-01 00:03:56 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu12.exe
+ 2004-10-01 12:03:56 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu12.exe
- 2004-10-01 00:03:59 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx12.exe
+ 2004-10-01 12:04:00 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx12.exe
- 2004-10-01 00:03:37 176,188 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzvip12.dll
+ 2004-10-01 12:03:38 176,188 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzvip12.dll
- 2004-09-30 23:43:13 185,913 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\hpof7212.dat
+ 2004-10-01 11:43:14 185,913 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpof7212.dat
- 2004-09-30 23:42:43 40,960 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\hpofax08.dll
+ 2004-10-01 11:42:44 40,960 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpofax08.dll
- 2004-09-30 23:44:25 185,646 ----a-r C:\WINDOWS\system32\spool\drivers\w32x86\hpop7212.dat
+ 2004-10-01 11:44:26 185,646 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpop7212.dat
- 2004-09-30 23:46:33 212,992 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpz2ku12.dll
+ 2004-10-01 11:46:34 212,992 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpz2ku12.dll
- 2004-10-01 00:03:40 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzcfg12.exe
+ 2004-10-01 12:03:40 299,008 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzcfg12.exe
- 2004-09-30 23:46:36 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzcoi12.dll
+ 2004-10-01 11:46:36 196,608 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzcoi12.dll
- 2004-09-30 23:46:41 393,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzcon12.dll
+ 2004-10-01 11:46:42 393,216 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzcon12.dll
- 2004-10-01 00:03:43 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzeng12.exe
+ 2004-10-01 12:03:44 659,456 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzeng12.exe
- 2004-10-01 00:02:57 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzflt12.dll
+ 2004-10-01 12:02:58 69,632 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzflt12.dll
- 2004-10-01 00:03:03 1,597,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzimc12.dll
+ 2004-10-01 12:03:04 1,597,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzimc12.dll
- 2004-10-01 00:03:07 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzime12.dll
+ 2004-10-01 12:03:08 352,256 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzime12.dll
- 2004-10-01 00:03:14 2,150,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzims12.dll
+ 2004-10-01 12:03:14 2,150,400 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzims12.dll
- 2004-10-01 00:03:21 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzjui12.dll
+ 2004-10-01 12:03:22 225,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzjui12.dll
- 2004-10-01 00:01:33 139,345 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzlnt12.dll
+ 2004-10-01 12:01:34 139,345 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzlnt12.dll
- 2004-10-01 00:03:24 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzpcl12.dll
+ 2004-10-01 12:03:24 143,360 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzpcl12.dll
- 2004-10-01 00:01:36 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzpm312.dll
+ 2004-10-01 12:01:36 507,904 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzpm312.dll
- 2004-10-01 00:03:46 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzpre12.exe
+ 2004-10-01 12:03:46 331,776 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzpre12.exe
- 2004-09-30 23:59:03 3,203,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzr3212.dll
+ 2004-10-01 11:59:04 3,203,072 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzr3212.dll
- 2004-10-01 00:03:27 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzres12.dll
+ 2004-10-01 12:03:28 372,736 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzres12.dll
- 2004-09-30 23:59:07 1,761,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzrm312.dll
+ 2004-10-01 11:59:08 1,761,280 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzrm312.dll
- 2004-10-01 00:03:30 679,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzslk12.dll
+ 2004-10-01 12:03:30 679,936 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzslk12.dll
- 2004-10-01 00:01:39 180,315 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzsnt12.dll
+ 2004-10-01 12:01:40 180,315 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzsnt12.dll
- 2004-10-01 00:03:49 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzstc12.exe
+ 2004-10-01 12:03:50 401,408 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzstc12.exe
- 2004-10-01 00:03:53 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzstw12.exe
+ 2004-10-01 12:03:54 180,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzstw12.exe
- 2004-10-01 00:03:34 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbi12.dll
+ 2004-10-01 12:03:34 61,440 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbi12.dll
- 2004-10-01 00:03:56 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbu12.exe
+ 2004-10-01 12:03:56 176,128 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbu12.exe
- 2004-10-01 00:03:59 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbx12.exe
+ 2004-10-01 12:04:00 7,348,224 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpztbx12.exe
- 2004-10-01 00:03:37 176,188 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzvip12.dll
+ 2004-10-01 12:03:38 176,188 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\hpzvip12.dll
+ 2008-01-27 21:35:30 1,230,336 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

#11
Rorschach112

Posted 27 January 2008 - 06:25 PM

Ralphie

Retired Staff
47,710 posts

Your logs are clean ! We need to do a few things

You can delete the tools that we used

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here

Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#12
Rorschach112

Posted 02 February 2008 - 07:31 AM

Ralphie

Retired Staff
47,710 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.