jgeorge25

Members
  • Content Count

    25
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jgeorge25

  • Rank
    Member
  • Birthday 06/01/1987

Contact Methods

  • AIM
    coffeemancer
  • ICQ
    0

Profile Information

  • Location
    San Antonio, TX, USA
  1. Norton just told me that I have IEDefender on my computer. It says that it is quarantined, but how do I remove it before it downloads Trojan.Zlob? Also, for some reason my computer isn't recognizing it's speakers. when I checked my sounds & audio devices on the control panel, it said "No Audio Device". here is my HJT log; if you can help, it would be greatly appreciated: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:44:23 PM, on 12/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mnmsrvc.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\windows\system32\rundll32.exe C:\windows\System32\svchost.exe C:\windows\System32\svchost.exe C:\windows\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://pmms.hp.com (HKLM) O15 - Trusted Zone: http://pmms.americas.hp.com (HKLM) O16 - DPF: HPVC component - http://vrm06.win2000.hpe-learning.com/hpvc...mponent4100.cab O16 - DPF: HPVC resources - http://vrm06.win2000.hpe-learning.com/hpvc...sources4100.cab O16 - DPF: HPVC signed - http://vrm06.win2000.hpe-learning.com/hpvc.../signed4100.cab O16 - DPF: HPVC support - http://vrm06.win2000.hpe-learning.com/hpvc...support4100.cab O16 - DPF: HPVC vminfo - http://vrm06.win2000.hpe-learning.com/Room...ents/vminfo.cab O16 - DPF: {00000004-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms4 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall4.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games â€â€œ Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5335BAE0-268B-4629-99D7-AEEE8D78A00D} (WFAGTREE.WFAGTreeControl) - https://vincasproa.cce.hp.com/WAAG/scripts/WFAGTree.CAB O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124310247660 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171837592781 O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games â€â€œ Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {DF7B8990-6141-4677-B0B2-977169DB4A7E} (HPPptDropProj.HPPptDrop) - http://vrm07.win2000.hpe-learning.com/Room...c/HPPptDrop.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F83D3463-DB57-4F85-8228-465B1262F73A} (OWC Helper Excel Print Object) - http://pmms.americas.hp.com/scripts/owc10/OWCHelper.cab O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 11731 bytes
  2. I've been having some problems with my computer; none of the scans are coming up with anything, so I think I have a rootkit. However, I have no idea how to fix it. Here's my HJT log as of today: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:04:48 PM, on 11/26/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\windows\Explorer.EXE C:\WINDOWS\System32\mnmsrvc.exe C:\windows\system32\rundll32.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://pmms.hp.com (HKLM) O15 - Trusted Zone: http://pmms.americas.hp.com (HKLM) O16 - DPF: HPVC component - http://vrm06.win2000.hpe-learning.com/hpvc...mponent4100.cab O16 - DPF: HPVC resources - http://vrm06.win2000.hpe-learning.com/hpvc...sources4100.cab O16 - DPF: HPVC signed - http://vrm06.win2000.hpe-learning.com/hpvc.../signed4100.cab O16 - DPF: HPVC support - http://vrm06.win2000.hpe-learning.com/hpvc...support4100.cab O16 - DPF: HPVC vminfo - http://vrm06.win2000.hpe-learning.com/Room...ents/vminfo.cab O16 - DPF: {00000004-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms4 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall4.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5335BAE0-268B-4629-99D7-AEEE8D78A00D} (WFAGTREE.WFAGTreeControl) - https://vincasproa.cce.hp.com/WAAG/scripts/WFAGTree.CAB O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124310247660 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171837592781 O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {DF7B8990-6141-4677-B0B2-977169DB4A7E} (HPPptDropProj.HPPptDrop) - http://vrm07.win2000.hpe-learning.com/Room...c/HPPptDrop.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F83D3463-DB57-4F85-8228-465B1262F73A} (OWC Helper Excel Print Object) - http://pmms.americas.hp.com/scripts/owc10/OWCHelper.cab O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 12786 bytes ----------------------------------------------------------------------------------------- Any suggestions?
  3. OK now I can't use Office, specifically, Word. I need some major help, please.
  4. I'm not able to update any of my definitions or windows, and my computer is running extraordinarily slow. Here is my HJT log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:01:42 PM, on 11/23/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\windows\system32\svchost.exe C:\windows\Explorer.EXE C:\windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mnmsrvc.exe C:\windows\system32\rundll32.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe C:\windows\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe C:\Program Files\Trend Micro\HijackThis\hijackthis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?wa=wsignin...px&id=64855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://pmms.hp.com (HKLM) O15 - Trusted Zone: http://pmms.americas.hp.com (HKLM) O16 - DPF: HPVC component - http://vrm06.win2000.hpe-learning.com/hpvc...mponent4100.cab O16 - DPF: HPVC resources - http://vrm06.win2000.hpe-learning.com/hpvc...sources4100.cab O16 - DPF: HPVC signed - http://vrm06.win2000.hpe-learning.com/hpvc.../signed4100.cab O16 - DPF: HPVC support - http://vrm06.win2000.hpe-learning.com/hpvc...support4100.cab O16 - DPF: HPVC vminfo - http://vrm06.win2000.hpe-learning.com/Room...ents/vminfo.cab O16 - DPF: {00000004-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms4 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall4.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5335BAE0-268B-4629-99D7-AEEE8D78A00D} (WFAGTREE.WFAGTreeControl) - https://vincasproa.cce.hp.com/WAAG/scripts/WFAGTree.CAB O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124310247660 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171837592781 O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {DF7B8990-6141-4677-B0B2-977169DB4A7E} (HPPptDropProj.HPPptDrop) - http://vrm07.win2000.hpe-learning.com/Room...c/HPPptDrop.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F83D3463-DB57-4F85-8228-465B1262F73A} (OWC Helper Excel Print Object) - http://pmms.americas.hp.com/scripts/owc10/OWCHelper.cab O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 12821 bytes Can anyone help me out with this?
  5. I'm trying to help my sister out. anytime she tries to open the internet (Explorer or Mozilla), something kills the process without any prompts. I already tried to fix it for her, but I couldn't even look at her controls. I am free, however, to use Windows Explorer. She doesn't have HJT, by the way, so I don't know how I can scan her computer. Can somebody help me, please?
  6. here are the two logfiles, as requested. F-Secure: Scanning Report Saturday, December 29, 2007 00:48:59 - 03:41:03 Computer name: GEORGEW2 Scanning type: Scan system for viruses, rootkits, spyware Target: C:\ F:\ -------------------------------------------------------------------------------- Result: 14 malware found Tracking Cookie (spyware) System (Disinfected) System System System System System System System System System System System W32/DLoader.CXND (virus) C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NEXONUS\NGM\NGM.EXE (Submitted) W32/DLoader.DAJD (virus) C:\PROGRAM FILES\BACKUPS\BACKUP-20071028-214026-449.DLL (Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 47855 System: 6119 Not scanned: 3 Actions: Disinfected: 1 Renamed: 0 Deleted: 0 None: 13 Submitted: 2 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{7DAEEC29-5E3A-4164-B93B-FC417EDE14AE}.BIN C:\WINDOWS\SYSTEM32\CONFIG\SECURITY -------------------------------------------------------------------------------- Options Scanning engines: F-Secure Libra: 2.4.2, 2007-12-26 F-Secure AVP: 7.0.171, 2007-12-28 F-Secure Orion: 1.2.37, 2007-12-28 F-Secure Blacklight: 1.0.64 F-Secure Draco: 1.0.35, 2007-11-28 F-Secure Pegasus: 1.19.0, 2007-11-18 Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQXSWF Use Advanced heuristics -------------------------------------------------------------------------------- Copyright © 1998-2006 Product support |Send virus sample to F-Secure F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability. HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:20:38 PM, on 12/30/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mnmsrvc.exe C:\windows\system32\rundll32.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.compaq.com:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.compaq.com;*.cpqcorp.net;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-21-515967899-1500820517-682003330-1008\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Jon') O4 - HKUS\S-1-5-21-515967899-1500820517-682003330-1008\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User 'Jon') O4 - HKUS\S-1-5-21-515967899-1500820517-682003330-1008\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe (User 'Jon') O4 - HKUS\S-1-5-21-515967899-1500820517-682003330-1008\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet (User 'Jon') O4 - HKUS\S-1-5-21-515967899-1500820517-682003330-1008\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart (User 'Jon') O4 - HKUS\S-1-5-21-515967899-1500820517-682003330-1008\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe (User 'Jon') O4 - HKUS\S-1-5-21-515967899-1500820517-682003330-1008\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'Jon') O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://pmms.hp.com (HKLM) O15 - Trusted Zone: http://pmms.americas.hp.com (HKLM) O16 - DPF: HPVC component - http://vrm06.win2000.hpe-learning.com/hpvc...mponent4100.cab O16 - DPF: HPVC resources - http://vrm06.win2000.hpe-learning.com/hpvc...sources4100.cab O16 - DPF: HPVC signed - http://vrm06.win2000.hpe-learning.com/hpvc.../signed4100.cab O16 - DPF: HPVC support - http://vrm06.win2000.hpe-learning.com/hpvc...support4100.cab O16 - DPF: HPVC vminfo - http://vrm06.win2000.hpe-learning.com/Room...ents/vminfo.cab O16 - DPF: {00000004-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms4 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall4.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5335BAE0-268B-4629-99D7-AEEE8D78A00D} (WFAGTREE.WFAGTreeControl) - https://vincasproa.cce.hp.com/WAAG/scripts/WFAGTree.CAB O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124310247660 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171837592781 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF7B8990-6141-4677-B0B2-977169DB4A7E} (HPPptDropProj.HPPptDrop) - http://vrm07.win2000.hpe-learning.com/Room...c/HPPptDrop.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F83D3463-DB57-4F85-8228-465B1262F73A} (OWC Helper Excel Print Object) - http://pmms.americas.hp.com/scripts/owc10/OWCHelper.cab O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 11486 bytes
  7. I had posted another related problem here, but i figured out how to alleviate it on my own.
  8. Thanks! Sorry about the delay in my response...finals . Here's a logfile from HJT, if you could please check it out and tell me if you spot anything wrong (I am currently using my back-up administrator account because it runs better. If you needme to run HJT from my primary admin account, please tell me). Logfile of HijackThis v1.99.1 Scan saved at 10:27:15 AM, on 12/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mnmsrvc.exe C:\windows\system32\rundll32.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\windows\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe C:\windows\system32\ntvdm.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\hijackthis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.compaq.com:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.compaq.com;*.cpqcorp.net;<local> O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] ???\WkDetect.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~3\SWHELP~1.EXE -Update -1020022 -iexplore.exe6.0 O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://pmms.hp.com (HKLM) O15 - Trusted Zone: http://pmms.americas.hp.com (HKLM) O16 - DPF: HPVC component - http://vrm06.win2000.hpe-learning.com/hpvc...mponent4100.cab O16 - DPF: HPVC resources - http://vrm06.win2000.hpe-learning.com/hpvc...sources4100.cab O16 - DPF: HPVC signed - http://vrm06.win2000.hpe-learning.com/hpvc.../signed4100.cab O16 - DPF: HPVC support - http://vrm06.win2000.hpe-learning.com/hpvc...support4100.cab O16 - DPF: HPVC vminfo - http://vrm06.win2000.hpe-learning.com/Room...ents/vminfo.cab O16 - DPF: {00000004-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms4 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall4.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5335BAE0-268B-4629-99D7-AEEE8D78A00D} (WFAGTREE.WFAGTreeControl) - https://vincasproa.cce.hp.com/WAAG/scripts/WFAGTree.CAB O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124310247660 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171837592781 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF7B8990-6141-4677-B0B2-977169DB4A7E} (HPPptDropProj.HPPptDrop) - http://vrm07.win2000.hpe-learning.com/Room...c/HPPptDrop.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F83D3463-DB57-4F85-8228-465B1262F73A} (OWC Helper Excel Print Object) - http://pmms.americas.hp.com/scripts/owc10/OWCHelper.cab O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\windows\system32\NavLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  9. I've been using HJT to protect my computer for a good while, now. However, I just recently tried to run it and it came up with a message that says something about an invalid picture. When I came here to re-download and install the program, I got this: any suggestions?
  10. The logs, as requested. Combofix: ComboFix 07-10-26.4 - Jon 2007-10-27 13:34:15.3 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.599 [GMT -5:00] Running from: C:\Documents and Settings\Jon\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\ISM2 C:\Program Files\ISM2\dictionary.gz C:\Program Files\ISM2\targets.gz . ((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 ))))))))))))))))))))))))))))))) . 2007-10-10 10:22 584,192 --------- C:\windows\SYSTEM32\dllcache\rpcrt4.dll 2007-10-01 23:13 <DIR> d-------- C:\Program Files\Microsoft ActiveSync 2007-09-29 01:58 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard 2007-09-29 01:53 19,545 --a------ C:\windows\hpoins01.dat 2007-09-29 01:53 16,606 --------- C:\windows\hpomdl01.dat 2007-09-29 01:45 <DIR> d-------- C:\TEMP\FixEngine . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-19 00:39 10,790 ----a-w C:\Program Files\hijackthis.log 2007-10-12 02:10 10,895 ----a-w C:\Program Files\hijackthis101107.txt 2007-10-10 16:33 10,747 ----a-w C:\Program Files\hijackthis101007.txt 2007-09-22 06:09 --------- d-----w C:\Program Files\Zinio 2007-09-22 06:09 --------- d-----w C:\Program Files\Common Files\Zinio 2007-09-22 06:09 --------- d-----w C:\Documents and Settings\Jon\Application Data\ContentGuard 2007-09-20 01:53 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-09-20 01:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2007-09-13 03:18 --------- d-----w C:\Program Files\Sun 2007-09-13 02:10 --------- d-----w C:\Program Files\Common Files\Java 2007-09-12 19:50 9,324 ----a-w C:\Program Files\hijackthislog091207-2.txt 2007-09-12 19:47 9,734 ----a-w C:\Program Files\hijackthislog091207-1.txt 2007-09-12 01:17 9,884 ----a-w C:\Program Files\hijackthislog091107-2.txt 2007-09-11 19:13 9,953 ----a-w C:\Program Files\hijackthis091107.txt 2007-09-11 16:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-09-10 01:02 10,082 ----a-w C:\Program Files\hijackthislog090907.txt 2007-09-04 02:53 --------- d-----w C:\Documents and Settings\Jon\Application Data\Inspiration Software 2007-08-27 15:43 --------- d-----w C:\Documents and Settings\Girls\Application Data\HP 2007-08-27 15:42 --------- d-----w C:\Documents and Settings\Girls\Application Data\MySpace 2007-08-22 12:55 96,256 ----a-w C:\windows\SYSTEM32\dllcache\inseng.dll 2007-08-22 12:55 665,600 ------w C:\windows\SYSTEM32\dllcache\wininet.dll 2007-08-22 12:55 617,984 ------w C:\windows\SYSTEM32\dllcache\urlmon.dll 2007-08-22 12:55 55,808 ----a-w C:\windows\SYSTEM32\dllcache\extmgr.dll 2007-08-22 12:55 532,480 ----a-w C:\windows\SYSTEM32\dllcache\mstime.dll 2007-08-22 12:55 474,112 ------w C:\windows\SYSTEM32\dllcache\shlwapi.dll 2007-08-22 12:55 449,024 ------w C:\windows\SYSTEM32\dllcache\mshtmled.dll 2007-08-22 12:55 39,424 ----a-w C:\windows\SYSTEM32\dllcache\pngfilt.dll 2007-08-22 12:55 357,888 ------w C:\windows\SYSTEM32\dllcache\dxtmsft.dll 2007-08-22 12:55 3,064,832 ------w C:\windows\SYSTEM32\dllcache\mshtml.dll 2007-08-22 12:55 251,904 ------w C:\windows\SYSTEM32\dllcache\iepeers.dll 2007-08-22 12:55 205,824 ------w C:\windows\SYSTEM32\dllcache\dxtrans.dll 2007-08-22 12:55 16,384 ------w C:\windows\SYSTEM32\dllcache\jsproxy.dll 2007-08-22 12:55 151,040 ----a-w C:\windows\SYSTEM32\dllcache\cdfview.dll 2007-08-22 12:55 146,432 ----a-w C:\windows\SYSTEM32\dllcache\msrating.dll 2007-08-22 12:55 1,498,112 ------w C:\windows\SYSTEM32\dllcache\shdocvw.dll 2007-08-22 12:55 1,054,208 ----a-w C:\windows\SYSTEM32\dllcache\danim.dll 2007-08-22 12:55 1,022,976 ------w C:\windows\SYSTEM32\dllcache\browseui.dll 2007-08-21 10:19 18,432 ----a-w C:\windows\SYSTEM32\dllcache\iedw.exe 2007-08-21 06:15 683,520 ----a-w C:\windows\SYSTEM32\inetcomm.dll 2007-08-21 06:15 683,520 ----a-w C:\windows\SYSTEM32\dllcache\inetcomm.dll 2007-07-31 00:19 92,504 ----a-w C:\windows\SYSTEM32\dllcache\cdm.dll 2007-07-31 00:19 92,504 ----a-w C:\windows\SYSTEM32\cdm.dll 2007-07-31 00:19 549,720 ----a-w C:\windows\SYSTEM32\wuapi.dll 2007-07-31 00:19 549,720 ----a-w C:\windows\SYSTEM32\dllcache\wuapi.dll 2007-07-31 00:19 53,080 ----a-w C:\windows\SYSTEM32\wuauclt.exe 2007-07-31 00:19 53,080 ----a-w C:\windows\SYSTEM32\dllcache\wuauclt.exe 2007-07-31 00:19 43,352 ----a-w C:\windows\SYSTEM32\wups2.dll 2007-07-31 00:19 325,976 ----a-w C:\windows\SYSTEM32\wucltui.dll 2007-07-31 00:19 325,976 ----a-w C:\windows\SYSTEM32\dllcache\wucltui.dll 2007-07-31 00:19 271,224 ----a-w C:\windows\SYSTEM32\mucltui.dll 2007-07-31 00:19 207,736 ----a-w C:\windows\SYSTEM32\muweb.dll 2007-07-31 00:19 203,096 ----a-w C:\windows\SYSTEM32\wuweb.dll 2007-07-31 00:19 203,096 ----a-w C:\windows\SYSTEM32\dllcache\wuweb.dll 2007-07-31 00:19 1,712,984 ----a-w C:\windows\SYSTEM32\wuaueng.dll 2007-07-31 00:19 1,712,984 ----a-w C:\windows\SYSTEM32\dllcache\wuaueng.dll 2007-07-31 00:18 33,624 ----a-w C:\windows\SYSTEM32\wups.dll 2007-07-31 00:18 33,624 ----a-w C:\windows\SYSTEM32\dllcache\wups.dll 2007-02-21 00:26 8,622 ----a-w C:\Program Files\hijackthislog0220075.txt 2007-02-21 00:20 8,741 ----a-w C:\Program Files\hijackthislog0220074.txt 2007-02-20 14:29 9,513 ----a-w C:\Program Files\hijackthislog0220072.txt 2007-02-20 14:17 9,606 ----a-w C:\Program Files\hijackthislog0220071.txt 2007-02-19 04:16 10,392 ----a-w C:\Program Files\hijackthislog0218075 2007-02-19 01:52 9,997 ----a-w C:\Program Files\hijackthislog0218074 2007-02-19 01:47 9,948 ----a-w C:\Program Files\hijackthis0218073 2006-10-20 06:46 6,064,640 ----a-w C:\Program Files\icq5_1_setup.exe 2006-10-15 07:01 2,855,080 ----a-w C:\Program Files\aawsepersonal.exe 2006-10-15 06:54 218,112 ----a-w C:\Program Files\HijackThis.exe 2006-10-11 21:50 3,334,485 ----a-w C:\Program Files\jcrea400.zip 2006-07-21 23:54 32 ----a-r C:\Documents and Settings\All Users\hash.dat 2005-01-07 15:39 70,400 ----a-w C:\Documents and Settings\georgew\Application Data\GDIPFONTCACHEV1.DAT 1999-05-24 19:53 266 --sh--w C:\Program Files\desktop.ini 1999-05-24 19:53 11,079 ------w C:\Program Files\folder.htt 2004-08-04 07:56:46 50,688 --sh--w C:\windows\twain_32.dll 2004-08-04 07:56:42 1,028,096 --sha-w C:\windows\SYSTEM32\mfc42.dll 2004-08-04 07:56:44 83,456 --sha-w C:\windows\SYSTEM32\olepro32.dll 2004-08-04 07:56:56 11,776 --sh--w C:\windows\SYSTEM32\regsvr32.exe 2007-05-17 11:28:06 549,376 --sh--w C:\windows\SYSTEM32\oleaut32.dll 2004-08-04 07:56:44 413,696 --sha-w C:\windows\SYSTEM32\msvcp60.dll 2004-08-04 07:56:44 54,784 --sh--w C:\windows\SYSTEM32\msvcirt.dll . ((((((((((((((((((((((((((((( [email protected]_10.55.37.85 ))))))))))))))))))))))))))))))))))))))))) . - 2007-09-28 14:06:10 135,168 ----a-w C:\windows\catchme.exe + 2007-10-20 11:03:32 136,192 ----a-w C:\windows\catchme.exe + 2007-03-13 15:57:12 163,328 ----a-w C:\windows\erdnt\subs\F3M\ERDNT.EXE - 2007-10-02 04:16:30 593,920 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2007-10-11 08:02:16 593,920 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2007-10-02 04:16:30 12,288 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2007-10-11 08:02:16 12,288 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2007-10-02 04:16:30 86,016 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2007-10-11 08:02:16 86,016 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2007-10-02 04:16:30 135,168 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe + 2007-10-11 08:02:16 135,168 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-10-02 04:16:32 11,264 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2007-10-11 08:02:16 11,264 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2007-10-02 04:16:32 27,136 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2007-10-11 08:02:16 27,136 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2007-10-02 04:16:32 4,096 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2007-10-11 08:02:18 4,096 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2007-10-02 04:16:32 794,624 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2007-10-11 08:02:18 794,624 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2007-10-02 04:16:30 249,856 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2007-10-11 08:02:16 249,856 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2007-10-02 04:16:30 61,440 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2007-10-11 08:02:16 61,440 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2007-10-02 04:16:32 23,040 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2007-10-11 08:02:18 23,040 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2007-10-02 04:16:30 286,720 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2007-10-11 08:02:16 286,720 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2007-10-02 04:16:30 409,600 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2007-10-11 08:02:16 409,600 ----a-r C:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2007-06-15 08:12:28 1,022,976 ----a-w C:\windows\SYSTEM32\browseui.dll + 2007-08-22 12:55:28 1,022,976 ----a-w C:\windows\SYSTEM32\browseui.dll - 2007-06-15 08:12:28 151,040 ----a-w C:\windows\SYSTEM32\cdfview.dll + 2007-08-22 12:55:30 151,040 ----a-w C:\windows\SYSTEM32\cdfview.dll - 2007-06-15 08:12:28 1,054,208 ----a-w C:\windows\SYSTEM32\danim.dll + 2007-08-22 12:55:30 1,054,208 ----a-w C:\windows\SYSTEM32\danim.dll - 2007-06-15 08:12:28 357,888 ----a-w C:\windows\SYSTEM32\dxtmsft.dll + 2007-08-22 12:55:30 357,888 ----a-w C:\windows\SYSTEM32\dxtmsft.dll - 2007-06-15 08:12:28 205,824 ----a-w C:\windows\SYSTEM32\dxtrans.dll + 2007-08-22 12:55:32 205,824 ----a-w C:\windows\SYSTEM32\dxtrans.dll - 2007-06-15 08:12:28 55,808 ------w C:\windows\SYSTEM32\extmgr.dll + 2007-08-22 12:55:32 55,808 ------w C:\windows\SYSTEM32\extmgr.dll - 2007-06-15 08:12:28 251,904 ----a-w C:\windows\SYSTEM32\iepeers.dll + 2007-08-22 12:55:32 251,904 ----a-w C:\windows\SYSTEM32\iepeers.dll - 2007-06-15 08:12:28 96,256 ----a-w C:\windows\SYSTEM32\inseng.dll + 2007-08-22 12:55:32 96,256 ----a-w C:\windows\SYSTEM32\inseng.dll - 2007-06-15 08:12:28 16,384 ----a-w C:\windows\SYSTEM32\jsproxy.dll + 2007-08-22 12:55:32 16,384 ----a-w C:\windows\SYSTEM32\jsproxy.dll - 2007-09-06 02:50:42 17,474,680 ----a-w C:\windows\SYSTEM32\MRT.exe + 2007-09-28 05:19:40 18,089,592 ----a-w C:\windows\SYSTEM32\MRT.exe - 2007-06-15 08:12:30 3,064,320 ----a-w C:\windows\SYSTEM32\mshtml.dll + 2007-08-22 12:55:36 3,064,832 ----a-w C:\windows\SYSTEM32\mshtml.dll - 2007-06-15 08:12:30 449,024 ----a-w C:\windows\SYSTEM32\mshtmled.dll + 2007-08-22 12:55:38 449,024 ----a-w C:\windows\SYSTEM32\mshtmled.dll - 2007-06-15 08:12:30 146,432 ----a-w C:\windows\SYSTEM32\msrating.dll + 2007-08-22 12:55:38 146,432 ----a-w C:\windows\SYSTEM32\msrating.dll - 2007-06-15 08:12:30 532,480 ----a-w C:\windows\SYSTEM32\mstime.dll + 2007-08-22 12:55:38 532,480 ----a-w C:\windows\SYSTEM32\mstime.dll - 2007-06-15 08:12:30 39,424 ----a-w C:\windows\SYSTEM32\pngfilt.dll + 2007-08-22 12:55:38 39,424 ----a-w C:\windows\SYSTEM32\pngfilt.dll - 2004-08-04 07:56:44 581,120 ----a-w C:\windows\SYSTEM32\rpcrt4.dll + 2007-07-09 13:09:42 584,192 ----a-w C:\windows\SYSTEM32\rpcrt4.dll - 2007-06-15 08:12:30 1,498,112 ----a-w C:\windows\SYSTEM32\shdocvw.dll + 2007-08-22 12:55:40 1,498,112 ----a-w C:\windows\SYSTEM32\shdocvw.dll - 2007-06-15 08:12:30 474,112 ----a-w C:\windows\SYSTEM32\shlwapi.dll + 2007-08-22 12:55:42 474,112 ----a-w C:\windows\SYSTEM32\shlwapi.dll - 2007-10-05 15:07:32 279,552 ----a-w C:\windows\SYSTEM32\swreg.exe + 2007-07-22 23:39:28 279,552 ----a-w C:\windows\SYSTEM32\swreg.exe - 2007-06-15 08:12:30 616,960 ----a-w C:\windows\SYSTEM32\urlmon.dll + 2007-08-22 12:55:44 617,984 ----a-w C:\windows\SYSTEM32\urlmon.dll - 2007-06-26 14:35:54 665,600 ----a-w C:\windows\SYSTEM32\wininet.dll + 2007-08-22 12:55:44 665,600 ----a-w C:\windows\SYSTEM32\wininet.dll - 2007-06-14 10:08:46 350,720 ----a-w C:\windows\SYSTEM32\xpsp3res.dll + 2007-08-21 10:13:34 350,720 ----a-w C:\windows\SYSTEM32\xpsp3res.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SystemTray"="SysTray.Exe" [2001-08-23 12:00 C:\windows\SYSTEM32\systray.exe] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2001-08-08 14:39] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 11:21] "vptray"="C:\PROGRA~1\SYMANT~2\VPTray.exe" [2005-08-22 10:33] "DVDTray"="C:\Program Files\HP DVD\Umbrella\DVDTray.exe" [2003-07-23 11:42] "DVDBitSet"="C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" [2003-07-18 11:49] "NvCplDaemon"="C:\windows\system32\NvCpl.dll" [2003-10-06 14:16] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-30 22:59] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-08-31 23:17] "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2006-11-07 09:29] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 20:34] "ctfmon.exe"="C:\windows\system32\ctfmon.exe" [2004-08-04 02:56] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-03-27 15:22] "Zinio DLM"="C:\Program Files\Zinio\ZinioReader.exe" [2007-05-04 15:52] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05] "ISMModule6"="C:\Program Files\ISM\ISMModule6.exe" [] "Vrgwegq"="C:\Documents and Settings\Jon\Application Data\?ssembly\n?tepad.exe" [] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "!CleanupNetMeetingDispDriver"="C:\windows\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-06-29 17:15:10] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10] hpoddt01.exe.lnk - C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe [2003-04-09 18:11:12] hp psc 2000 Series.lnk - C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe [2003-04-09 17:41:38] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Aim6"="C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "CXMon"="C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime "ViewMgr"=C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys] "LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme "Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe "Promon.exe"=Promon.exe "ChkAdmin"=C:\PROGRA~1\COMPAQ\COMPAQ~1\CHKADMIN.EXE R3 LinksysFVNETusbl(AR)®;Linksys FVNETusbl(AR)® Service for Instant Wireless USB Network Adapter ver.2.6;C:\windows\system32\DRIVERS\vnetusbl.sys S3 hpusbwdm;HP DVD Movie Writer dc3000;C:\windows\system32\DRIVERS\hpusbwdm.sys S3 magaService;Lan Discover Agent;C:\Program Files\Sygate\SSA\maga\maga.exe S3 USB200M;Linksys USB 2.0 Network Adapter ver.2;C:\windows\system32\DRIVERS\USB200M2.sys S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;C:\windows\system32\DRIVERS\netusbxp.sys S3 WUSB54GPV4SRV;Linksys Home Wireless-G USB Adaptor Driver;C:\windows\system32\DRIVERS\rt2500usb.sys [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d0983d2-0dda-11dc-a40c-0002a5e2134f}] AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc749b00-0eae-11dc-a40f-0002a5e2134f}] AutoRun\command - G:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser] RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}] rundll32.exeadvpack.dll . Contents of the 'Scheduled Tasks' folder "2007-10-25 04:10:02 c:\windows\Tasks\WebReg Deskjet D1400 series.job" "2007-09-29 07:03:00 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 2170 series#1191049308.job" - C:\Program Files\HP\Digital Imaging\Bin\hpqfrucl.exe . ************************************************************************** catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-27 13:37:31 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-27 13:38:25 C:\ComboFix-quarantined-files.txt ... 2007-10-10 10:56 C:\ComboFix3.txt ... 2007-09-11 20:05 C:\ComboFix2.txt ... 2007-10-10 10:56 . --- E O F --- HJT: Logfile of HijackThis v1.99.1 Scan saved at 1:39:45 PM, on 10/27/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mnmsrvc.exe C:\windows\system32\rundll32.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Real\RealOne Player\RealPlay.exe C:\windows\system32\ctfmon.exe C:\Program Files\Zinio\ZinioReader.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe C:\windows\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\windows\explorer.exe C:\windows\system32\notepad.exe C:\Program Files\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [iSMModule6] "C:\Program Files\ISM\ISMModule6.exe" O4 - HKCU\..\Run: [Vrgwegq] "C:\Documents and Settings\Jon\Application Data\?ssembly\n?tepad.exe" O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://pmms.hp.com (HKLM) O15 - Trusted Zone: http://pmms.americas.hp.com (HKLM) O16 - DPF: HPVC component - http://vrm06.win2000.hpe-learning.com/hpvc...mponent4100.cab O16 - DPF: HPVC resources - http://vrm06.win2000.hpe-learning.com/hpvc...sources4100.cab O16 - DPF: HPVC signed - http://vrm06.win2000.hpe-learning.com/hpvc.../signed4100.cab O16 - DPF: HPVC support - http://vrm06.win2000.hpe-learning.com/hpvc...support4100.cab O16 - DPF: HPVC vminfo - http://vrm06.win2000.hpe-learning.com/Room...ents/vminfo.cab O16 - DPF: {00000004-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms4 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall4.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5335BAE0-268B-4629-99D7-AEEE8D78A00D} (WFAGTREE.WFAGTreeControl) - https://vincasproa.cce.hp.com/WAAG/scripts/WFAGTree.CAB O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124310247660 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171837592781 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/chzl/default/p...ploader_v10.cab O16 - DPF: {DF7B8990-6141-4677-B0B2-977169DB4A7E} (HPPptDropProj.HPPptDrop) - http://vrm07.win2000.hpe-learning.com/Room...c/HPPptDrop.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F83D3463-DB57-4F85-8228-465B1262F73A} (OWC Helper Excel Print Object) - http://pmms.americas.hp.com/scripts/owc10/OWCHelper.cab O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\windows\system32\NavLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  11. I just received a notification From Norton Antivirus that I have Trojan.Vundo on my computer. I also have a previous topic that no one saw fit to respond to about the Internet Speed Monitor, adware that Ad-Aware can't remove. Someone please help! Logfile of HijackThis v1.99.1 Scan saved at 7:39:46 PM, on 10/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mnmsrvc.exe C:\windows\system32\rundll32.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\windows\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe C:\windows\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [iSMModule6] "C:\Program Files\ISM\ISMModule6.exe" O4 - HKCU\..\Run: [Vrgwegq] "C:\Documents and Settings\Jon\Application Data\?ssembly\n?tepad.exe" O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://pmms.hp.com (HKLM) O15 - Trusted Zone: http://pmms.americas.hp.com (HKLM) O16 - DPF: HPVC component - http://vrm06.win2000.hpe-learning.com/hpvc...mponent4100.cab O16 - DPF: HPVC resources - http://vrm06.win2000.hpe-learning.com/hpvc...sources4100.cab O16 - DPF: HPVC signed - http://vrm06.win2000.hpe-learning.com/hpvc.../signed4100.cab O16 - DPF: HPVC support - http://vrm06.win2000.hpe-learning.com/hpvc...support4100.cab O16 - DPF: HPVC vminfo - http://vrm06.win2000.hpe-learning.com/Room...ents/vminfo.cab O16 - DPF: {00000004-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms4 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall4.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5335BAE0-268B-4629-99D7-AEEE8D78A00D} (WFAGTREE.WFAGTreeControl) - https://vincasproa.cce.hp.com/WAAG/scripts/WFAGTree.CAB O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124310247660 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171837592781 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/chzl/default/p...ploader_v10.cab O16 - DPF: {DF7B8990-6141-4677-B0B2-977169DB4A7E} (HPPptDropProj.HPPptDrop) - http://vrm07.win2000.hpe-learning.com/Room...c/HPPptDrop.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F83D3463-DB57-4F85-8228-465B1262F73A} (OWC Helper Excel Print Object) - http://pmms.americas.hp.com/scripts/owc10/OWCHelper.cab O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\windows\system32\NavLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  12. I keep having a pop-up labeled Internet Speed Monitor on the title bar come up. How do I rid myself of it? I created a HJT log, and it is displayed below. Also, I've tried to update my Internet Explorer from v6 to v7, but as i begin the download it dies. any suggestions on that? Logfile of HijackThis v1.99.1 Scan saved at 9:00:07 PM, on 10/11/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\windows\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\mnmsrvc.exe C:\windows\system32\rundll32.exe C:\windows\System32\nvsvc32.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\windows\System32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\windows\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~2\VPTray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\windows\system32\ctfmon.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\ISM2\ISMPack6.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe C:\windows\system32\HPZipm12.exe C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe C:\PROGRA~1\Yahoo!\MESSEN~1\yupdater.exe C:\windows\system32\wuauclt.exe C:\Program Files\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.compaq.com/1Q00CDT/0409/bl7.asp R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll O4 - HKLM\..\Run: [systemTray] SysTray.Exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe O4 - HKLM\..\Run: [DVDTray] C:\Program Files\HP DVD\Umbrella\DVDTray.exe O4 - HKLM\..\Run: [DVDBitSet] C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe /NOUI O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [iSMModule6] "C:\Program Files\ISM\ISMModule6.exe" O4 - HKCU\..\Run: [Vrgwegq] "C:\Documents and Settings\Jon\Application Data\?ssembly\n?tepad.exe" O4 - HKCU\..\Run: [iSMPack6] "C:\Program Files\ISM2\ISMPack6.exe" O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\HP\Digital Imaging\bin\hpobnz08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: http://pmms.hp.com (HKLM) O15 - Trusted Zone: http://pmms.americas.hp.com (HKLM) O16 - DPF: HPVC component - http://vrm06.win2000.hpe-learning.com/hpvc...mponent4100.cab O16 - DPF: HPVC resources - http://vrm06.win2000.hpe-learning.com/hpvc...sources4100.cab O16 - DPF: HPVC signed - http://vrm06.win2000.hpe-learning.com/hpvc.../signed4100.cab O16 - DPF: HPVC support - http://vrm06.win2000.hpe-learning.com/hpvc...support4100.cab O16 - DPF: HPVC vminfo - http://vrm06.win2000.hpe-learning.com/Room...ents/vminfo.cab O16 - DPF: {00000004-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms4 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall4.cab O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {5335BAE0-268B-4629-99D7-AEEE8D78A00D} (WFAGTREE.WFAGTreeControl) - https://vincasproa.cce.hp.com/WAAG/scripts/WFAGTree.CAB O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124310247660 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1171837592781 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/chzl/default/p...ploader_v10.cab O16 - DPF: {DF7B8990-6141-4677-B0B2-977169DB4A7E} (HPPptDropProj.HPPptDrop) - http://vrm07.win2000.hpe-learning.com/Room...c/HPPptDrop.CAB O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab O16 - DPF: {F83D3463-DB57-4F85-8228-465B1262F73A} (OWC Helper Excel Print Object) - http://pmms.americas.hp.com/scripts/owc10/OWCHelper.cab O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: NavLogon - C:\windows\system32\NavLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS O23 - Service: Pml Driver HPZ12 - HP - C:\windows\system32\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  13. I just emptied the Recycle bin and i'm rerunning the scan...i'll update you in the morning of its success or failure.
  14. unfortunately, i don't think that we're done yet. Norton Antivirus just came back at me with ~7 instances of Adware.purityscan. I told the program to delete all instances, but i have very little faith that it has...i'm currenly running a full scan to make sure that it has done as i requested. Any suggestions should it find anymore instances?