COMBOFIX:
ComboFix 08-05-15.3 - HP_Administrator 2008-05-19 16:37:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.633 [GMT -4:00]
Running from: C:\Documents and Settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrator\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\BM2b9cc505.xml
C:\WINDOWS\system32\awttsSMD.dll
C:\WINDOWS\system32\brsvjqox.dll
C:\WINDOWS\system32\byXRklIB.dll
C:\WINDOWS\system32\pvrxbcug.dll
C:\WINDOWS\system32\wjmiqifw.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\BM2b9cc505.xml
C:\WINDOWS\system32\awttsSMD.dll
C:\WINDOWS\system32\brsvjqox.dll
C:\WINDOWS\system32\byXRklIB.dll
C:\WINDOWS\system32\pvrxbcug.dll
C:\WINDOWS\system32\wjmiqifw.dll
.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.
2008-05-17 18:06 . 2008-05-17 18:06 <DIR> d-------- C:\WINDOWS\Sun
2008-05-17 15:20 . 2008-05-17 15:20 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-17 15:20 . 2008-05-17 15:20 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-05-17 15:20 . 2008-05-17 15:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-17 15:20 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-17 15:20 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-16 16:55 . 2008-05-16 16:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 21:01 . 2008-05-15 21:01 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Media Player Classic
2008-05-15 20:58 . 2008-05-15 20:58 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-05-15 20:01 . 2008-05-15 20:01 <DIR> d-------- C:\Program Files\LimeWire
2008-05-15 20:01 . 2008-05-17 15:09 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
2008-05-14 16:09 . 2008-05-15 21:00 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Azureus
2008-05-14 16:09 . 2008-05-14 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-14 16:08 . 2008-05-14 16:09 <DIR> d-------- C:\Program Files\Azureus
2008-05-08 21:57 . 2008-05-08 21:57 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Template
2008-05-08 21:57 . 2008-05-15 17:30 1,802 --a------ C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat
2008-05-08 21:36 . 2008-05-08 21:36 <DIR> d-------- C:\Program Files\QuickTime
2008-05-08 21:36 . 2008-05-08 21:37 <DIR> d-------- C:\Program Files\Bonjour
2008-05-08 21:35 . 2008-05-08 21:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-05-08 21:35 . 2008-05-08 21:35 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-08 21:35 . 2008-05-08 21:35 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-08 21:35 . 2008-05-08 21:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-08 19:46 . 2008-05-08 19:46 <DIR> d---s---- C:\Documents and Settings\HP_Administrator\UserData
2008-05-08 18:16 . 2008-05-08 18:16 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-05-08 17:48 . 2008-05-08 17:48 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Aim
2008-05-08 17:47 . 2008-05-08 19:49 <DIR> d-------- C:\Program Files\Viewpoint
2008-05-08 17:47 . 2008-05-08 17:47 <DIR> d-------- C:\Program Files\AOD
2008-05-08 17:47 . 2008-05-16 20:00 <DIR> d-------- C:\Program Files\AIM
2008-05-08 17:47 . 2008-05-08 17:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-08 16:57 . 2008-05-08 16:57 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-08 16:57 . 2008-05-08 16:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-08 16:57 . 2008-05-08 16:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 00:49 . 2008-05-08 00:49 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-05-08 00:49 . 2008-05-08 00:52 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-05-08 00:49 . 2008-05-08 00:50 12,532 --a------ C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
2008-05-08 00:48 . 2008-05-08 00:52 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-08 00:48 . 2008-05-08 00:52 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-08 00:48 . 2008-05-08 00:52 10,563 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-08 00:48 . 2008-05-08 00:52 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-08 00:24 . 2008-05-08 00:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-05-08 00:18 . 2008-05-08 00:19 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-05-08 00:18 . 2008-05-08 00:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-05-08 00:18 . 2008-05-08 00:18 10,363,034 --a------ C:\BellSouthIW.re~
2008-05-08 00:18 . 2003-07-15 12:37 1,073,152 --a------ C:\WINDOWS\system32\ActiveUtils.dll
2008-05-08 00:18 . 2003-07-11 14:14 327,680 --a------ C:\WINDOWS\system32\snmpaxctrl.dll
2008-05-08 00:18 . 2003-07-11 14:12 87,040 --a------ C:\WINDOWS\system32\WebFlowIDPersist.dll
2008-05-08 00:18 . 2003-07-11 14:11 86,016 --a------ C:\WINDOWS\system32\BJInstaller.dll
2008-05-08 00:18 . 2003-07-15 12:38 73,728 --a------ C:\WINDOWS\system32\BinaryAggregator1.dll
2008-05-08 00:18 . 2003-07-11 14:19 40,448 --a------ C:\WINDOWS\system32\BJAXSecurityManager.dll
2008-05-08 00:18 . 2003-07-11 14:13 37,376 --a------ C:\WINDOWS\system32\ReportReader.dll
2008-05-08 00:18 . 2002-02-13 02:53 6,345 -ra------ C:\WINDOWS\system32\DevMngr.vxd
2008-05-08 00:16 . 2008-05-08 00:16 419 --a------ C:\WINDOWS\BRWMARK.INI
2008-05-08 00:16 . 2008-05-08 00:16 184 --a------ C:\WINDOWS\system32\brsvc01a.bsi
2008-05-08 00:16 . 2008-05-08 00:16 30 --a------ C:\WINDOWS\system32\brss01a.ini
2008-05-08 00:16 . 2008-05-08 00:16 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-05-08 00:15 . 2008-05-08 00:15 1,925 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EG136AA-ABA a1240n_YC_0Pavi_QCNH539_E54NAsyMPC1_48_IGoldfish3_SASUSTeK Computer INC._V1.xx_B3.25_T050906_WXP2_L409_M1016_J200_7Intel_8Pentium 4_93_#060115_N10EC8139_Z10573052_G80862582.MRK
2008-05-08 00:13 . 2005-08-16 08:27 <DIR> d-------- C:\Documents and Settings\HP_Administrator\WINDOWS
2008-05-08 00:13 . 2008-05-08 00:52 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2008-05-08 00:13 . 2005-08-16 08:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\SampleView
2008-05-08 00:13 . 2005-08-16 08:30 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2008-05-08 00:13 . 2005-08-16 08:26 <DIR> d-------- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2008-05-08 00:13 . 2008-05-19 16:31 <DIR> d-------- C:\Documents and Settings\HP_Administrator
2008-05-08 00:13 . 2008-05-19 16:39 53,248 --ah----- C:\Documents and Settings\HP_Administrator\ntuser.dat.LOG
2008-05-08 00:12 . 2005-08-16 08:27 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-05-08 00:12 . 2005-08-16 08:27 <DIR> d-------- C:\Documents and Settings\Default User\WINDOWS
2008-05-08 00:12 . 2008-05-08 00:12 1,024 --ah----- C:\Documents and Settings\Default User\ntuser.dat.LOG
2008-05-08 00:12 . 2008-05-08 00:12 1,024 --ah----- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
2008-05-07 23:58 . 2008-05-07 23:58 <DIR> d-------- C:\WINDOWS\Motorola
2008-05-07 23:58 . 2004-08-04 02:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-07 23:58 . 2004-08-04 02:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-05-07 23:56 . 2008-05-18 13:38 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
2008-05-07 23:55 . 2008-05-19 16:34 248 --a------ C:\WINDOWS\system\hpsysdrv.dat
2008-05-07 23:54 . 2008-05-08 00:46 <DIR> d-------- C:\WINDOWS\I386
2008-05-07 23:47 . 2008-05-07 23:54 <DIR> dr-h----- C:\MSOCache
2008-05-07 23:47 . 2008-05-08 19:50 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-05-07 23:44 . 2008-05-13 21:54 <DIR> dr-hs---- C:\WINDOWS\system32\dllcache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 20:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-18 18:29 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-18 18:28 --------- d-----w C:\Program Files\Sonic
2008-05-18 18:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 18:27 --------- d-----w C:\Program Files\Quicken
2008-05-17 19:45 --------- d-----w C:\Program Files\Easy Internet signup
2008-05-11 12:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-09 01:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-08 04:52 --------- d-----w C:\Program Files\Symantec
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-18_13.55.41.70 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 17:53:35 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-19 20:33:15 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-06 20:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-08 00:49 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-06 20:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-06 20:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\PROGRA~1\AIM\aim.exe" [2005-08-05 15:08 67160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 22:04 59392]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 03:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-08 13:59 77824]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 14:03 114688]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 02:35 49152]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 01:34 245760]
"SMSERIAL"="sm56hlpr.exe" [2005-01-24 05:56 544768 C:\WINDOWS\sm56hlpr.exe]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2005-05-10 20:50 253952]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 09:12 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 17:47 51048]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-06 22:49 718704]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-16 08:11 180269]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-12 09:23:26 282624]
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2005-08-16 08:33:49 36903]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
R3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 23:21:58 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-19 16:39:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-19 16:39:37
ComboFix-quarantined-files.txt 2008-05-19 20:39:34
ComboFix2.txt 2008-05-18 17:56:00
Pre-Run: 172,188,188,672 bytes free
Post-Run: 172,217,581,568 bytes free
225 --- E O F --- 2008-05-14 01:54:28
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:28 PM, on 5/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\sm56hlpr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCMTR.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Desktop\TeamViewerPortable_en\TeamViewer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...arm1=seconduserR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://my.att.net/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...arm1=seconduserR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...arm1=seconduserR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
--
End of file - 8848 bytes