[adams0423]

I'm trying to determine what virus my friend has, and how to resolve it. On the desktop I get a message "Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer " on a blue background. I've tried to run Malwarebytes and HJT, but when I doubleclick them it just refreshes the screen and the programs don't launch. I've tried in Safemode but get the same results. If I try to go into Control Panel it starts to launch and then closes itself (in Safe or Regular mode). I can navigate the registry.

Where can I begin?

Thanks to the team!

[Advertisements]

While continuing to research this problem, I was able to run ComboFix. This found and repaired many viruses, and after reboot I'm successfully able to run Malwarebytes. After that I will attach an HJT and see if there is anything else I need to do.

For reference I'm posting the ComboFix log below.
BEST forum on the net.

ComboFix 08-11-02.05 - Jake's Music 2008-11-03 10:52:56.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.137 [GMT -5:00]Running from: c:\documents and settings\Jake's Music\Desktop\ComboFix.exe * Created a new restore point<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!</strong>.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Start Menu\Programs\AntiMalwareGuardc:\documents and settings\All Users\Start Menu\Programs\AntiMalwareGuard\AntiMalwareGuard.lnkc:\documents and settings\All Users\Start Menu\Programs\AntiMalwareGuard\Uninstall AntiMalwareGuard.lnkc:\documents and settings\Jake's Music\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnkc:\documents and settings\Jake's Music\Application Data\rhcp43j0e39nc:\documents and settings\Jake's Music\Desktop\Error Cleaner.urlc:\documents and settings\Jake's Music\Desktop\Privacy Protector.urlc:\documents and settings\Jake's Music\Desktop\Spyware&Malware Protection.urlc:\documents and settings\Jake's Music\Favorites\Error Cleaner.urlc:\documents and settings\Jake's Music\Favorites\Privacy Protector.urlc:\documents and settings\Jake's Music\Favorites\Spyware&Malware Protection.urlc:\documents and settings\MassageTherapyStudio\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnkc:\documents and settings\MassageTherapyStudio\Application Data\rhcp43j0e39nc:\documents and settings\MassageTherapyStudio\Favorites\Error Cleaner.urlc:\documents and settings\MassageTherapyStudio\Favorites\Privacy Protector.urlc:\program files\AntiMalwareGuardc:\program files\AntiMalwareGuard\BL.datc:\program files\AntiMalwareGuard\WL.datc:\windows\cookies.inic:\windows\privacy_dangerc:\windows\privacy_danger\images\capt.gifc:\windows\privacy_danger\images\danger.jpgc:\windows\privacy_danger\images\down.gifc:\windows\privacy_danger\images\spacer.gifc:\windows\privacy_danger\index.htmc:\windows\rs.txtc:\windows\system32\_000111_.tmp.dllc:\windows\system32\akdscfma.inic:\windows\system32\bgjbokay.inic:\windows\system32\bjadtokl.inic:\windows\system32\blphct43j0e39n.scrc:\windows\system32\dmcypkjc.inic:\windows\system32\efhdtelo.inic:\windows\system32\ehorbghx.inic:\windows\system32\esndiege.inic:\windows\system32\gkpromau.inic:\windows\system32\grbjvnjp.inic:\windows\system32\hjmVxyay.inic:\windows\system32\hjmVxyay.ini2c:\windows\system32\htmrjeer.inic:\windows\system32\hxjaylrh.inic:\windows\system32\iiqcfsoe.inic:\windows\system32\jhkonsfa.inic:\windows\system32\jomahhsl.inic:\windows\system32\jxrynoci.inic:\windows\system32\kreecsyj.inic:\windows\system32\lixivrho.inic:\windows\system32\lphct43j0e39n.exec:\windows\system32\ltxfmlih.inic:\windows\system32\lujgmkdp.inic:\windows\system32\mcrh.tmpc:\windows\system32\nowbvimi.inic:\windows\system32\ohqeaihp.inic:\windows\system32\opfpwufh.inic:\windows\system32\qvfrkc.dllc:\windows\system32\sobylnjs.inic:\windows\system32\tehqvrpo.inic:\windows\system32\xglaxueo.inic:\windows\system32\xndgmcej.inic:\windows\system32\yokhhong.iniD:\Autorun.inf.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_SYSREST.SYS-------\Service_sysrest.sys(((((((((((((((((((((((((   Files Created from 2008-10-03 to 2008-11-03  ))))))))))))))))))))))))))))))).2008-11-03 09:56 . 2008-11-03 09:56	24,576	--a------	c:\windows\system32\VundoFixSVC.exe2008-11-03 09:38 . 2008-11-03 09:56	<DIR>	d--------	C:\VundoFix Backups2008-11-03 09:32 . 2008-11-03 09:06	102,664	--a------	c:\windows\system32\drivers\tmcomm.sys2008-11-03 09:09 . 2008-11-03 09:10	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware2008-11-03 09:09 . 2008-11-03 09:09	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes2008-11-03 09:09 . 2008-10-22 16:10	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys2008-11-03 09:09 . 2008-10-22 16:10	15,504	--a------	c:\windows\system32\drivers\mbam.sys2008-11-03 09:06 . 2008-11-03 09:46	<DIR>	d--------	c:\documents and settings\MassageTherapyStudio\.housecall6.62008-11-03 08:21 . 2006-08-24 22:22	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Symantec2008-11-03 08:21 . 2006-08-24 22:22	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Intuit2008-11-03 08:21 . 2008-11-03 08:21	<DIR>	d--------	c:\documents and settings\Administrator2008-11-03 08:15 . 2004-08-03 23:08	26,496	--a------	c:\windows\system32\dllcache\usbstor.sys.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-30 16:51	0	----a-w	c:\documents and settings\MassageTherapyStudio\Application Data\wklnhst.dat2008-09-30 16:51	---------	d-----w	c:\documents and settings\MassageTherapyStudio\Application Data\Template2008-09-29 18:30	---------	d-----w	c:\program files\Common Files\Symantec Shared2008-08-28 16:27	119,808	------w	c:\windows\system32\skpgza.dll2008-08-28 15:24	119,808	------w	c:\windows\system32\nshxzu.dll2008-08-27 14:59	119,808	------w	c:\windows\system32\vtddnn.dll2008-08-26 14:54	120,832	------w	c:\windows\system32\fraewo.dll2008-08-25 14:55	120,320	------w	c:\windows\system32\oomrnd.dll2008-08-22 17:29	119,808	------w	c:\windows\system32\ywereb.dll2008-08-21 14:50	120,320	------w	c:\windows\system32\zzgtot.dll2008-08-19 13:01	119,808	------w	c:\windows\system32\ksviou.dll2008-08-19 12:59	119,808	------w	c:\windows\system32\klgfmy.dll2008-08-17 17:56	119,296	------w	c:\windows\system32\pbbfrf.dll2008-08-17 17:55	119,296	------w	c:\windows\system32\ezcjdj.dll2008-08-15 14:57	120,832	------w	c:\windows\system32\thqkao.dll2008-08-12 02:30	94,208	----a-w	c:\windows\system32\pphct43j0e39n.old.exe2008-08-04 21:14	60,800	----a-w	c:\windows\system32\S32EVNT1.DLL.------- Sigcheck -------2004-08-04 03:00  17408  3c7d059f4e88f789a51aa9ec0f04d2cc	c:\windows\system32\svchost.exe2004-08-04 03:00  506368  6649a93477be79327f18fa0014b26c66	c:\windows\system32\winlogon.exe2007-06-13 05:23  1035776  834e00b4bb57466e6f62cc396fee73b0	c:\windows\explorer.exe2007-06-13 06:26  1033216  7712df0cdde3a5ac89843e61cd5b3658	c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe2004-08-04 03:00  1032192  a0732187050030ae399b241436565e64	c:\windows\$NtUninstallKB938828$\explorer.exe2004-08-04 03:00  110592  f3b599145be9784fd67813f218fd7c6c	c:\windows\system32\services.exe2004-08-04 03:00  14848  01716d7b664d2da30a64d2ea9d9bba0e	c:\windows\system32\lsass.exe2005-06-10 19:17  57856  ad3d9d191aea7b5445fe1d82ffbb4788	c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe2004-08-04 03:00  57856  7435b108b935e42ea92ca94f59c8e717	c:\windows\$NtUninstallKB896423$\spoolsv.exe2005-06-10 18:53  58880  dc2c8cb9c145e1f7f1e657099536d223	c:\windows\system32\spoolsv.exe.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 68856]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2005-10-28 679936]"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\AGRSMMSG.exe]c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]MiniMavis.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe [2006-08-25 2392064][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"SetAdm"= {71744302-53F0-F0A5-D1D2-0BC3229264F8} - c:\program files\fiqsn\SetAdm.dll [2008-08-04 102400][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=*Newly Created Service* - COMHOST.Contents of the 'Scheduled Tasks' folder2008-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 20:13]2006-12-23 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Jake Home School.job- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 11:13].- - - - ORPHANS REMOVED - - - -BHO-{779e9c67-6e3d-48e3-ac30-e14dca239199} - c:\windows\system32\qvfrkc.dllBHO-{CBBA3825-12D5-4A03-AC48-2B9DBDE9F282} - c:\windows\system32\yayxVmjh.dllHKCU-Run-UiChkApl - c:\windows\system32\rcvelkzo.exeHKLM-Explorer_Run-u1M6E7lEcY - c:\documents and settings\All Users\Application Data\aripkzih\clmdadyj.exeSSODL-vadokmxt-{08754393-49BD-4E86-BDF2-3820F96FCD58} - c:\windows\vadokmxt.dllSSODL-wdpoefan-{9F582AB1-07A4-4E22-BD7E-8A97C63A7A4D} - c:\windows\wdpoefan.dllSSODL-CpKmwpvg-{2C818440-862B-2EEA-42C6-FC805FD6C4F2} - c:\windows\system32\enlgu.dllNotify-urqQkhGx - urqQkhGx.dll.------- Supplementary Scan -------.R0 -: HKCU-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptopR0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.safenavweb.com/index.php?sid=0&aid=1241&said=0&pn=0&pid=0R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%sO8 -: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 -: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 -: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 -: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.htmlO8 -: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 -: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-11-03 10:57:14Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe???????????????|?P???? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Symantec Shared\CCSETMGR.EXEc:\program files\Common Files\Symantec Shared\CCEVTMGR.EXEc:\program files\Common Files\Symantec Shared\CCPROXY.EXEc:\program files\Common Files\Symantec Shared\SNDSrvc.exec:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exec:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXEc:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEc:\program files\Analog Devices\SoundMAX\SMAgent.exec:\windows\system32\wdfmgr.exec:\program files\Hewlett-Packard\Shared\hpqwmiex.exec:\windows\system32\wscntfy.exec:\program files\Apoint2K\ApntEx.exec:\program files\Hp\Digital Imaging\bin\hpqimzone.exec:\progra~1\HPQ\Shared\HPQTOA~1.EXEc:\program files\Hp\HP Software Update\HPWUCli.exec:\windows\system32\wbem\wmiadap.exe.**************************************************************************.Completion time: 2008-11-03 11:01:30 - machine was rebootedComboFix-quarantined-files.txt  2008-11-03 16:01:22Pre-Run: 60,176,113,664 bytes freePost-Run: 60,410,130,432 bytes free234	--- E O F ---	2008-06-23 23:38:09

[adams0423]

While continuing to research this problem, I was able to run ComboFix. This found and repaired many viruses, and after reboot I'm successfully able to run Malwarebytes. After that I will attach an HJT and see if there is anything else I need to do.

For reference I'm posting the ComboFix log below.
BEST forum on the net.

ComboFix 08-11-02.05 - Jake's Music 2008-11-03 10:52:56.1 - NTFSx86Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.137 [GMT -5:00]Running from: c:\documents and settings\Jake's Music\Desktop\ComboFix.exe * Created a new restore point<strong class='bbc'>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!</strong>.(((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))).c:\documents and settings\All Users\Start Menu\Programs\AntiMalwareGuardc:\documents and settings\All Users\Start Menu\Programs\AntiMalwareGuard\AntiMalwareGuard.lnkc:\documents and settings\All Users\Start Menu\Programs\AntiMalwareGuard\Uninstall AntiMalwareGuard.lnkc:\documents and settings\Jake's Music\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnkc:\documents and settings\Jake's Music\Application Data\rhcp43j0e39nc:\documents and settings\Jake's Music\Desktop\Error Cleaner.urlc:\documents and settings\Jake's Music\Desktop\Privacy Protector.urlc:\documents and settings\Jake's Music\Desktop\Spyware&Malware Protection.urlc:\documents and settings\Jake's Music\Favorites\Error Cleaner.urlc:\documents and settings\Jake's Music\Favorites\Privacy Protector.urlc:\documents and settings\Jake's Music\Favorites\Spyware&Malware Protection.urlc:\documents and settings\MassageTherapyStudio\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiMalwareGuard.lnkc:\documents and settings\MassageTherapyStudio\Application Data\rhcp43j0e39nc:\documents and settings\MassageTherapyStudio\Favorites\Error Cleaner.urlc:\documents and settings\MassageTherapyStudio\Favorites\Privacy Protector.urlc:\program files\AntiMalwareGuardc:\program files\AntiMalwareGuard\BL.datc:\program files\AntiMalwareGuard\WL.datc:\windows\cookies.inic:\windows\privacy_dangerc:\windows\privacy_danger\images\capt.gifc:\windows\privacy_danger\images\danger.jpgc:\windows\privacy_danger\images\down.gifc:\windows\privacy_danger\images\spacer.gifc:\windows\privacy_danger\index.htmc:\windows\rs.txtc:\windows\system32\_000111_.tmp.dllc:\windows\system32\akdscfma.inic:\windows\system32\bgjbokay.inic:\windows\system32\bjadtokl.inic:\windows\system32\blphct43j0e39n.scrc:\windows\system32\dmcypkjc.inic:\windows\system32\efhdtelo.inic:\windows\system32\ehorbghx.inic:\windows\system32\esndiege.inic:\windows\system32\gkpromau.inic:\windows\system32\grbjvnjp.inic:\windows\system32\hjmVxyay.inic:\windows\system32\hjmVxyay.ini2c:\windows\system32\htmrjeer.inic:\windows\system32\hxjaylrh.inic:\windows\system32\iiqcfsoe.inic:\windows\system32\jhkonsfa.inic:\windows\system32\jomahhsl.inic:\windows\system32\jxrynoci.inic:\windows\system32\kreecsyj.inic:\windows\system32\lixivrho.inic:\windows\system32\lphct43j0e39n.exec:\windows\system32\ltxfmlih.inic:\windows\system32\lujgmkdp.inic:\windows\system32\mcrh.tmpc:\windows\system32\nowbvimi.inic:\windows\system32\ohqeaihp.inic:\windows\system32\opfpwufh.inic:\windows\system32\qvfrkc.dllc:\windows\system32\sobylnjs.inic:\windows\system32\tehqvrpo.inic:\windows\system32\xglaxueo.inic:\windows\system32\xndgmcej.inic:\windows\system32\yokhhong.iniD:\Autorun.inf.(((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Legacy_SYSREST.SYS-------\Service_sysrest.sys(((((((((((((((((((((((((   Files Created from 2008-10-03 to 2008-11-03  ))))))))))))))))))))))))))))))).2008-11-03 09:56 . 2008-11-03 09:56	24,576	--a------	c:\windows\system32\VundoFixSVC.exe2008-11-03 09:38 . 2008-11-03 09:56	<DIR>	d--------	C:\VundoFix Backups2008-11-03 09:32 . 2008-11-03 09:06	102,664	--a------	c:\windows\system32\drivers\tmcomm.sys2008-11-03 09:09 . 2008-11-03 09:10	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware2008-11-03 09:09 . 2008-11-03 09:09	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes2008-11-03 09:09 . 2008-10-22 16:10	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys2008-11-03 09:09 . 2008-10-22 16:10	15,504	--a------	c:\windows\system32\drivers\mbam.sys2008-11-03 09:06 . 2008-11-03 09:46	<DIR>	d--------	c:\documents and settings\MassageTherapyStudio\.housecall6.62008-11-03 08:21 . 2006-08-24 22:22	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Symantec2008-11-03 08:21 . 2006-08-24 22:22	<DIR>	d--------	c:\documents and settings\Administrator\Application Data\Intuit2008-11-03 08:21 . 2008-11-03 08:21	<DIR>	d--------	c:\documents and settings\Administrator2008-11-03 08:15 . 2004-08-03 23:08	26,496	--a------	c:\windows\system32\dllcache\usbstor.sys.((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-09-30 16:51	0	----a-w	c:\documents and settings\MassageTherapyStudio\Application Data\wklnhst.dat2008-09-30 16:51	---------	d-----w	c:\documents and settings\MassageTherapyStudio\Application Data\Template2008-09-29 18:30	---------	d-----w	c:\program files\Common Files\Symantec Shared2008-08-28 16:27	119,808	------w	c:\windows\system32\skpgza.dll2008-08-28 15:24	119,808	------w	c:\windows\system32\nshxzu.dll2008-08-27 14:59	119,808	------w	c:\windows\system32\vtddnn.dll2008-08-26 14:54	120,832	------w	c:\windows\system32\fraewo.dll2008-08-25 14:55	120,320	------w	c:\windows\system32\oomrnd.dll2008-08-22 17:29	119,808	------w	c:\windows\system32\ywereb.dll2008-08-21 14:50	120,320	------w	c:\windows\system32\zzgtot.dll2008-08-19 13:01	119,808	------w	c:\windows\system32\ksviou.dll2008-08-19 12:59	119,808	------w	c:\windows\system32\klgfmy.dll2008-08-17 17:56	119,296	------w	c:\windows\system32\pbbfrf.dll2008-08-17 17:55	119,296	------w	c:\windows\system32\ezcjdj.dll2008-08-15 14:57	120,832	------w	c:\windows\system32\thqkao.dll2008-08-12 02:30	94,208	----a-w	c:\windows\system32\pphct43j0e39n.old.exe2008-08-04 21:14	60,800	----a-w	c:\windows\system32\S32EVNT1.DLL.------- Sigcheck -------2004-08-04 03:00  17408  3c7d059f4e88f789a51aa9ec0f04d2cc	c:\windows\system32\svchost.exe2004-08-04 03:00  506368  6649a93477be79327f18fa0014b26c66	c:\windows\system32\winlogon.exe2007-06-13 05:23  1035776  834e00b4bb57466e6f62cc396fee73b0	c:\windows\explorer.exe2007-06-13 06:26  1033216  7712df0cdde3a5ac89843e61cd5b3658	c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe2004-08-04 03:00  1032192  a0732187050030ae399b241436565e64	c:\windows\$NtUninstallKB938828$\explorer.exe2004-08-04 03:00  110592  f3b599145be9784fd67813f218fd7c6c	c:\windows\system32\services.exe2004-08-04 03:00  14848  01716d7b664d2da30a64d2ea9d9bba0e	c:\windows\system32\lsass.exe2005-06-10 19:17  57856  ad3d9d191aea7b5445fe1d82ffbb4788	c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe2004-08-04 03:00  57856  7435b108b935e42ea92ca94f59c8e717	c:\windows\$NtUninstallKB896423$\spoolsv.exe2005-06-10 18:53  58880  dc2c8cb9c145e1f7f1e657099536d223	c:\windows\system32\spoolsv.exe.(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 68856]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2005-10-28 679936]"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 53096]"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]"ISUSScheduler"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" [2004-07-27 81920]"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\AGRSMMSG.exe]c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk - c:\program files\Hp\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728]MiniMavis.lnk - c:\program files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exe [2006-08-25 2392064][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]"SetAdm"= {71744302-53F0-F0A5-D1D2-0BC3229264F8} - c:\program files\fiqsn\SetAdm.dll [2008-08-04 102400][HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\iTunes\\iTunes.exe"=*Newly Created Service* - COMHOST.Contents of the 'Scheduled Tasks' folder2008-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 20:13]2006-12-23 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Jake Home School.job- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-23 11:13].- - - - ORPHANS REMOVED - - - -BHO-{779e9c67-6e3d-48e3-ac30-e14dca239199} - c:\windows\system32\qvfrkc.dllBHO-{CBBA3825-12D5-4A03-AC48-2B9DBDE9F282} - c:\windows\system32\yayxVmjh.dllHKCU-Run-UiChkApl - c:\windows\system32\rcvelkzo.exeHKLM-Explorer_Run-u1M6E7lEcY - c:\documents and settings\All Users\Application Data\aripkzih\clmdadyj.exeSSODL-vadokmxt-{08754393-49BD-4E86-BDF2-3820F96FCD58} - c:\windows\vadokmxt.dllSSODL-wdpoefan-{9F582AB1-07A4-4E22-BD7E-8A97C63A7A4D} - c:\windows\wdpoefan.dllSSODL-CpKmwpvg-{2C818440-862B-2EEA-42C6-FC805FD6C4F2} - c:\windows\system32\enlgu.dllNotify-urqQkhGx - urqQkhGx.dll.------- Supplementary Scan -------.R0 -: HKCU-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptopR0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.safenavweb.com/index.php?sid=0&aid=1241&said=0&pn=0&pid=0R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%sO8 -: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 -: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 -: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 -: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.htmlO8 -: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 -: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html.**************************************************************************catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-11-03 10:57:14Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe???????????????|?P???? ???B?????????????hLC? ?????? scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.------------------------ Other Running Processes ------------------------.c:\program files\Common Files\Symantec Shared\CCSETMGR.EXEc:\program files\Common Files\Symantec Shared\CCEVTMGR.EXEc:\program files\Common Files\Symantec Shared\CCPROXY.EXEc:\program files\Common Files\Symantec Shared\SNDSrvc.exec:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exec:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exec:\program files\Common Files\LightScribe\LSSrvc.exec:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXEc:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEc:\program files\Analog Devices\SoundMAX\SMAgent.exec:\windows\system32\wdfmgr.exec:\program files\Hewlett-Packard\Shared\hpqwmiex.exec:\windows\system32\wscntfy.exec:\program files\Apoint2K\ApntEx.exec:\program files\Hp\Digital Imaging\bin\hpqimzone.exec:\progra~1\HPQ\Shared\HPQTOA~1.EXEc:\program files\Hp\HP Software Update\HPWUCli.exec:\windows\system32\wbem\wmiadap.exe.**************************************************************************.Completion time: 2008-11-03 11:01:30 - machine was rebootedComboFix-quarantined-files.txt  2008-11-03 16:01:22Pre-Run: 60,176,113,664 bytes freePost-Run: 60,410,130,432 bytes free234	--- E O F ---	2008-06-23 23:38:09

[adams0423]

I believe I'm out of the woods. ComboFix saved me, it seems.
Can you review my HJT to confirm?

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:45:35 PM, on 11/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16735)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\Common Files\Symantec Shared\ccSetMgr.exec:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exec:\Program Files\Common Files\Symantec Shared\ccProxy.exec:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exec:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\HP\QuickPlay\QPService.exeC:\WINDOWS\system32\igfxtray.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\Program Files\Hp\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Apoint2K\Apoint.exeC:\WINDOWS\AGRSMMSG.exeC:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\internet explorer\iexplore.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\SoftwareDistribution\Download\8434d48f46ed0f72046e730a838b6254\update\update.exeF:\Repair Tools\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://charter.net/"]http://charter.net/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dllO3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exeO4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exeO4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeO4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -startO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqthb08.exeO4 - Global Startup: MiniMavis.lnk = C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Standard\MiniMavis.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptopO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [url="http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab"]http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab[/url]O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - [url="https://webdl.symantec.com/activex/symdlmgr.cab"]https://webdl.symantec.com/activex/symdlmgr.cab[/url]O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url="http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217982479546"]http://www.update.microsoft.com/microsoftu...b?1217982479546[/url]O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXEO23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe--End of file - 9065 bytes