Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer given to me 100% cpu usage [RESOLVED]

Started by jws0a9 , Mar 22 2008 04:27 PM

  • This topic is locked This topic is locked

#1
jws0a9
Posted 22 March 2008 - 04:27 PM

jws0a9

    New Member

  • Member
  • Pip
  • 4 posts
Had a computer given to me and it is in bad shape. Panda found 7 and spybot found a ton of things. I didn't want to tackle this problem on my own. The computer is at 100% cpu usage. Any help that you could provide would be great. Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:17 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Charlie.Payne\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\printer.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ACU_QSB] C:\Program Files\Atheros\ACU\Utility\ACU.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB010" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB003" /M "Stylus C88"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P32 "EPSON Stylus C88 Series (Copy 1)" /O6 "USB009" /M "Stylus C88"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKLM\..\Run: [startdrv] C:\WINDOWS\Temp\startdrv.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AudioPlus] "C:\Program Files\WebEx\WebEx Connect\wbxap.exe"
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKCU\..\Run: [autorun] C:\Documents and Settings\Charlie.Payne\smss.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: *.crmondemand.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usccg.com
O17 - HKLM\Software\..\Telephony: DomainName = usccg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usccg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = usccg.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = usccg.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InFocus Mirror Driver Service - Unknown owner - C:\Program Files\InFocus\LiteShow\ifclsmrsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 8236 bytes
  • 0

Advertisements

#2
Tigger93
Posted 22 March 2008 - 05:17 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo! :)

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#3
jws0a9
Posted 22 March 2008 - 06:31 PM

jws0a9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for the quick reply. Here is the information you asked for.

ComboFix 08-03-22.1 - Charlie.Payne 2008-03-22 18:15:30.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.333 [GMT -6:00]
Running from: C:\Documents and Settings\Charlie.Payne\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\skbar.log
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1055738.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1067133.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\1383582.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\2763663.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\321263.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\3720811.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\3786200.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\3859588.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\396502.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\508511.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\534912.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\600583.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\859800.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\876417.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\878262.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\993536.sdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ASPL1.dat
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\domains.txt
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\hstat\3525.dat
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\10537
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\11213
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\12457
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\12772
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\13036
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\13546
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\13617
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\15040
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\16176
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\16182
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\16204
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\16211
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\16284
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\17025
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\17040
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\19650
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\2020
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\2021
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\202699
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\20478
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\21060
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\24625
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\25708
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\26077
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\270795
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\27505
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\28065
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\29115
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\29569
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\30739
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\32024
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\32171
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\33096
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\3338
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34174
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34326
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\3496
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\349801
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\35410
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\36079
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\38868
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\39228
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\39245
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\401332
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\403305
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\41421
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\41499
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\4382
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\44293
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\44789
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\44878
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\475788
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\50001
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\51824
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\528235
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\53481
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\53842
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\53849
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\54492
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\555618
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\56445
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\579123
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\579718
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\59234
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\6292
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\63169
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\63770
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\64517
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\64966
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\65782
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\66851
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\68102
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\6873
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\69118
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\69325
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\69625
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\69626
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\70608
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\744479
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\744617
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\745144
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\745220
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\745340
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\745865
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\7652
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\78220
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79257
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79596
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79972
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79977
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79986
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\79989
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\80670
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\80689
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\86050
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\87215
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\89200
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\89673
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\90389
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\916
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\924
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\93899
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\93910
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\93934
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\94407
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\95692
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\95774
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\95803
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\96961
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\97347
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\97498
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\97734
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\97741
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\99008
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\99163
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ustat\3525.dat
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\btntrans.idx
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\btntrans1.dat
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\buttondir.txt
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\components.cdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_1000.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_2000.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_3000.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_bar.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_bbar1.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_logos.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_other.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_weather.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\default.cdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_511745-514279.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_categorize.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_comparison.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_explorer-Mails.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_explorer-people.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_favorites.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Games.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Hide.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_hotbarcom.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Hotmail.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_hsskin.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemster.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemsterie.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemsteruk.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jobsearch.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Mails.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_MobileSidewalk.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_MobileSW-US.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_new.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_premium.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_reun.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_ringtones.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_searchfor.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_searchgo.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_weather.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_yellowpages.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-def-511724-548964.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-def-511724-9595.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-t1-bg.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\icons2.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\keywords.idx
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\keywords1.dat
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\layout.cdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\linkpathlegal.txt
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\progress.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\s_icons_buttons.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\sales_buttons.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\seekmo.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\t2_bg.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\theweb.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\top7.cdf
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Top7_theweb.mnu
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\tsd_bg.res
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans1.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\buttondir.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_weather.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\default.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\email-t1-bg.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\icons2.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords1.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\layout.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\linkpathlegal.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\progress.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\s_icons_buttons.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\sales_buttons.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.txt
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\seekmo.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\t2_bg.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\top7.xip
C:\Documents and Settings\Charlie.Payne\Application Data\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\tsd_bg.xip
C:\Documents and Settings\Charlie.Payne\g2mdlhlpx.exe
C:\Program Files\ISM2
C:\Program Files\ISM2\cringupd.exe
C:\Program Files\ISM2\dictionary.gz
C:\Program Files\ISM2\targets.gz
C:\WINDOWS\system32\sulimo.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RUNTIME
-------\Legacy_RUNTIME2


((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-22 17:43 . 2008-03-22 17:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-22 16:26 . 2008-03-22 16:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 15:37 . 2008-03-22 15:37 <DIR> d-------- C:\Program Files\FreeFixer
2008-03-18 22:44 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-03-18 22:44 . 2008-03-18 22:44 65 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2008-03-18 21:57 . 2008-03-18 22:41 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-18 21:57 . 2008-03-18 21:57 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-03-18 21:57 . 2008-03-18 21:57 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-03-18 21:57 . 2008-03-18 21:57 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-03-16 13:34 . 2008-03-16 13:34 <DIR> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-03-16 13:27 . 2008-03-16 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 11:46 . 2008-03-16 11:46 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-16 11:30 . 2008-03-19 07:47 520 --a------ C:\WINDOWS\wininit.ini
2008-03-16 10:26 . 2008-03-16 10:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-16 10:26 . 2008-03-16 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 00:20 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-13 16:37 6 ----a-w C:\Documents and Settings\Charlie.Payne\del.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 12:12 630784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"AudioPlus"="C:\Program Files\WebEx\WebEx Connect\wbxap.exe" [2005-03-25 13:05 573440]
"ISMPack6"="C:\Program Files\ISM2\ISMPack6.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 10:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 20:10 335872]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 12:05 200766]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 13:09 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 13:08 618496]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 15:19 290816]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 10:01 88267 C:\WINDOWS\AGRSMMSG.exe]
"ACU_QSB"="C:\Program Files\Atheros\ACU\Utility\ACU.exe" [2003-09-24 08:53 1716224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 17:02 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 13:19 120640]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe" [2003-05-27 01:00 99840]
"EPSON Stylus C84 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe" [2003-05-27 01:00 99840]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [2005-01-27 03:00 98304]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 00:41 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-06 22:22 282624]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2006-01-13 18:28 172032]
"EPSON Stylus C88 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [2005-01-27 03:00 98304]
"plite731"="C:\WINDOWS\plite731.exe" [2007-10-09 00:01 13824]

C:\Documents and Settings\Charlie.Payne\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\Palm\register.exe [2006-01-12 13:20:52 2367488]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-06-02 16:48:22 565309]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-03-24 15:49:47 1421328]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34 471040]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 02:21:22 288472]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2004-11-01 10:50 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPipe P2P Loader]
C:\Program Files\p2pnetworks\mpp2pl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"C:\\Program Files\\WebEx\\WebEx Connect\\wbxap.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\system32\\winav.exe"=

R2 InFocus Mirror Driver Service;InFocus Mirror Driver Service;C:\Program Files\InFocus\LiteShow\ifclsmrsvc.exe [2004-03-26 16:18]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 00:27]
R2 Wprotd51;Intel NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\WPROTD51.sys [2003-10-01 09:18]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-28 18:49]
R3 ifclsmr;ifclsmr;C:\WINDOWS\system32\DRIVERS\ifclsmr.sys [2003-10-08 18:32]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 08:50]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2003-07-17 16:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-22 18:21:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????7?2?3?0??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe
.
**************************************************************************
.
Completion time: 2008-03-22 18:27:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 00:27:13
.
2008-03-16 17:46:37 --- E O F ---



HJT



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29, on 2008-03-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\InFocus\LiteShow\ifclsmrsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Atheros\ACU\Utility\ACU.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\WINDOWS\plite731.exe
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWUCli.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ACU_QSB] C:\Program Files\Atheros\ACU\Utility\ACU.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB010" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB003" /M "Stylus C88"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P32 "EPSON Stylus C88 Series (Copy 1)" /O6 "USB009" /M "Stylus C88"
O4 - HKLM\..\Run: [plite731] C:\WINDOWS\plite731.exe
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AudioPlus] "C:\Program Files\WebEx\WebEx Connect\wbxap.exe"
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: *.crmondemand.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usccg.com
O17 - HKLM\Software\..\Telephony: DomainName = usccg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usccg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = usccg.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = usccg.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InFocus Mirror Driver Service - Unknown owner - C:\Program Files\InFocus\LiteShow\ifclsmrsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Pr
  • 0

#4
Tigger93
Posted 22 March 2008 - 07:09 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\Help.ico
C:\Documents and Settings\Charlie.Payne\del.bat
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\winav.exe

Folder::
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
C:\Program Files\p2pnetworks\

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"plite731"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaPipe P2P Loader]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\winav.exe"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by Tigger93, 22 March 2008 - 07:10 PM.

  • 0

#5
jws0a9
Posted 23 March 2008 - 12:49 AM

jws0a9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks again for the help. Already seeing some good results. here is the info you asked for.

ComboFix 08-03-22.1 - Charlie.Payne 2008-03-23 0:38:06.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.127 [GMT -6:00]
Running from: C:\Documents and Settings\Charlie.Payne\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Charlie.Payne\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Charlie.Payne\del.bat
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\Uninstall.ico
C:\WINDOWS\system32\winav.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Charlie.Payne\del.bat
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustCall64.dll
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCall.dll
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla.dll
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseCustomCalla1.dll
C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP\WiseData.ini
C:\WINDOWS\plite731.exe
C:\WINDOWS\system32\drivers\runtime2.sys
C:\WINDOWS\system32\Help.ico
C:\WINDOWS\system32\pavas.ico
C:\WINDOWS\system32\Uninstall.ico

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-22 17:43 . 2008-03-22 17:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-22 16:26 . 2008-03-22 16:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-22 15:37 . 2008-03-22 15:37 <DIR> d-------- C:\Program Files\FreeFixer
2008-03-18 22:44 . 2006-06-30 14:13 8,704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2008-03-18 22:44 . 2008-03-18 22:44 65 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys
2008-03-18 21:57 . 2008-03-18 22:41 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-03-16 13:27 . 2008-03-16 13:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 11:46 . 2008-03-16 11:46 127 --a------ C:\WINDOWS\system32\MRT.INI
2008-03-16 11:30 . 2008-03-19 07:47 520 --a------ C:\WINDOWS\wininit.ini
2008-03-16 10:26 . 2008-03-16 10:26 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-16 10:26 . 2008-03-16 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 06:42 --------- d-----w C:\Program Files\Symantec AntiVirus
.

((((((((((((((((((((((((((((( snapshot@2008-03-22_18.26.50.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-23 00:23:19 70,934 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-23 06:30:05 70,934 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-23 00:23:19 422,366 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-23 06:30:05 422,366 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-23 06:42:27 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2dc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Mobile Printing"="C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE" [2003-05-23 12:12 630784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:00 15360]
"AudioPlus"="C:\Program Files\WebEx\WebEx Connect\wbxap.exe" [2005-03-25 13:05 573440]
"ISMPack6"="C:\Program Files\ISM2\ISMPack6.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 10:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 20:10 335872]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 12:05 200766]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 13:09 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 13:08 618496]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-09-17 15:19 290816]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-30 10:01 88267 C:\WINDOWS\AGRSMMSG.exe]
"ACU_QSB"="C:\Program Files\Atheros\ACU\Utility\ACU.exe" [2003-09-24 08:53 1716224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 17:02 67184]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 13:19 120640]
"EPSON Stylus C84 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe" [2003-05-27 01:00 99840]
"EPSON Stylus C84 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.exe" [2003-05-27 01:00 99840]
"EPSON Stylus C88 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [2005-01-27 03:00 98304]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-02-19 00:41 49152]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-06 22:22 282624]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2006-01-13 18:28 172032]
"EPSON Stylus C88 Series (Copy 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.exe" [2005-01-27 03:00 98304]

C:\Documents and Settings\Charlie.Payne\Start Menu\Programs\Startup\
palmOne Registration.lnk - C:\Program Files\Palm\register.exe [2006-01-12 13:20:52 2367488]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 03:44:06 29696]
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-06-02 16:48:22 565309]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2005-03-24 15:49:47 1421328]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\Hotsync.exe [2004-06-09 13:27:34 471040]
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-02-19 02:21:22 288472]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 15:23:32 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2004-11-01 10:50 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"=
"C:\\Program Files\\WebEx\\WebEx Connect\\wbxap.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=

R2 InFocus Mirror Driver Service;InFocus Mirror Driver Service;C:\Program Files\InFocus\LiteShow\ifclsmrsvc.exe [2004-03-26 16:18]
R2 Machnm32;Machnm32 Driver;C:\WINDOWS\System32\Machnm32.sys [2003-08-13 00:27]
R2 Wprotd51;Intel NDIS Usermode I/O Protocol;C:\WINDOWS\system32\DRIVERS\WPROTD51.sys [2003-10-01 09:18]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-07-28 18:49]
R3 ifclsmr;ifclsmr;C:\WINDOWS\system32\DRIVERS\ifclsmr.sys [2003-10-08 18:32]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-07-24 08:50]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\ar5211.sys [2003-07-17 16:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.
**************************************************************************





HJT





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:50, on 2008-03-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\InFocus\LiteShow\ifclsmrsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Atheros\ACU\Utility\ACU.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ACU_QSB] C:\Program Files\Atheros\ACU\Utility\ACU.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB010" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P32 "EPSON Stylus C84 Series (Copy 1)" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P23 "EPSON Stylus C88 Series" /O6 "USB003" /M "Stylus C88"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [EPSON Stylus C88 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE /P32 "EPSON Stylus C88 Series (Copy 1)" /O6 "USB009" /M "Stylus C88"
O4 - HKCU\..\Run: [HP Mobile Printing] C:\Program Files\Hewlett-Packard\HP Mobile Printing\HPBMOBIL.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AudioPlus] "C:\Program Files\WebEx\WebEx Connect\wbxap.exe"
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: *.crmondemand.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usccg.com
O17 - HKLM\Software\..\Telephony: DomainName = usccg.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usccg.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = usccg.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = usccg.com
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InFocus Mirror Driver Service - Unknown owner - C:\Program Files\InFocus\LiteShow\ifclsmrsvc.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe

--
End of file - 10297 bytes
  • 0

#6
Tigger93
Posted 23 March 2008 - 09:39 AM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Open HijackThis and fix this:
O3 - Toolbar: (no name) - {5CBE2611-C31B-401F-89BC-4CBB25E853D7} - (no file)

Everything looks good now. :) Still having any problems?
  • 0

#7
jws0a9
Posted 23 March 2008 - 12:18 PM

jws0a9

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Things are running considerably better. Thanks for all the help.
  • 0

#8
Tigger93
Posted 23 March 2008 - 04:09 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP