royalg

Members
  • Content Count

    7
  • Joined

  • Last visited

Community Reputation

0 Neutral

About royalg

  • Rank
    Newbie
  1. Hi, I've done all you've asked for. Norton is running correctly. Computer is still slow, but isn't showing signs of virus infection. I probably need to defrag, etc. Thanks for all the help so far. Here are the logs you asked for, starting with the ESET scan (it found one threat) and followed by the HijackThis scan: # version=4 # OnlineScanner.ocx=1.0.0.56 # OnlineScannerDLLA.dll=1, 0, 0, 51 # OnlineScannerDLLW.dll=1, 0, 0, 51 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=2665 (20071117) # vers_arch_module=1.059 (20071108) # vers_adv_heur_module=1.060 (20070601) # EOSSerial=bfeaf1aa68734f40ad7f62a21d2bff14 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2007-11-17 10:36:07 # local_time=2007-11-17 03:36:07 (-0700, US Mountain Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 2 # scanned=678959 # found=1 # scan_time=17815 C:\RECYCLER\S-1-5-21-2502462651-1460304000-1292286586-1005\Dc3.exe Win32/TrojanDownloader.Nurech.NBU trojan A36EBCE2BDA60AD5D8378EFFCC721AC7 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:41:07 PM, on 11/17/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\Hijac.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>;comments.myspace.com;www.msnusers.com R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://azexpress3.orbital.com/dwa7W.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10563 bytes
  2. Hi, I didn't recognize the file, so here are the results of the VirusTotal scan. I haven't noticed any difference yet in computer performance, although HijackThis does generate a scan now. Thank you for your help: File sysriby.exe received on 11.17.2007 05:42:53 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Antivirus Version Last Update Result AhnLab-V3 2007.11.17.0 2007.11.16 Win-Trojan/Downloader.6656.IY AntiVir 7.6.0.34 2007.11.16 TR/Dldr.iBill.AN Authentium 4.93.8 2007.11.17 W32/Downldr2.ABYC Avast 4.7.1074.0 2007.11.16 Win32:Small-HRZ AVG 7.5.0.503 2007.11.17 Downloader.Generic6.BQY BitDefender 7.2 2007.11.17 Trojan.Downloader.Nurech.BW CAT-QuickHeal 9.00 2007.11.16 TrojanDownloader.Small.fkm ClamAV 0.91.2 2007.11.17 Trojan.Small-3668 DrWeb 4.44.0.09170 2007.11.16 Trojan.DownLoader.31984 eSafe 7.0.15.0 2007.11.14 - eTrust-Vet 31.2.5302 2007.11.17 Win32/Behdevy.H Ewido 4.0 2007.11.16 Downloader.Small.fkm FileAdvisor 1 2007.11.17 - Fortinet 3.11.0.0 2007.10.19 W32/DwnLdr.FKM!tr.dldr F-Prot 4.4.2.54 2007.11.16 W32/Downldr2.ABYC F-Secure 6.70.13030.0 2007.11.16 Trojan-Downloader.Win32.Small.fkm Ikarus T3.1.1.12 2007.11.17 Trojan-Downloader.Win32.Small.fkm Kaspersky 7.0.0.125 2007.11.17 Trojan-Downloader.Win32.Small.fkm McAfee 5165 2007.11.16 - Microsoft 1.3007 2007.11.17 TrojanDownloader:Win32/Nurech.R NOD32v2 2665 2007.11.17 Win32/TrojanDownloader.Nurech.NBU Norman 5.80.02 2007.11.16 - Panda 9.0.0.4 2007.11.17 Trj/Downloader.QCO Prevx1 V2 2007.11.17 TROJAN.DOWNLOADER.GEN Rising 20.18.40.00 2007.11.16 Trojan.DL.Win32.Small.fkm Sophos 4.23.0 2007.11.17 Troj/DwnLdr-GXQ Sunbelt 2.2.907.0 2007.11.17 Trojan-Downloader.Win32.Small.fkm Symantec 10 2007.11.17 - TheHacker 6.2.9.132 2007.11.16 Trojan/Downloader.Small.fkm VBA32 3.12.2.5 2007.11.16 Trojan-Downloader.Win32.Small.fkm VirusBuster 4.3.26:9 2007.11.16 Trojan.DL.Small.VKS Webwasher-Gateway 6.0.1 2007.11.16 Trojan.Dldr.iBill.AN Additional information File size: 6656 bytes MD5: a36ebce2bda60ad5d8378effcc721ac7 SHA1: 2bc39fa719dc52606935c8e43b426777344c3a84 Prevx info: http://fileinfo.prevx.com/fileinfo.asp?PX5...957C00062305A73
  3. OK, here are the results of the latest scan: Deckard's System Scanner v20071014.68 Run by Mom and Dad on 2007-11-16 06:15:34 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 255 MiB (512 MiB recommended). -- HijackThis (run as Mom and Dad.exe) ----------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:15:52 AM, on 11/16/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Mom and Dad\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\MOMAND~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>;comments.myspace.com;www.msnusers.com R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://azexpress3.orbital.com/dwa7W.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10342 bytes -- Files created between 2007-10-16 and 2007-11-16 ----------------------------- 2007-10-25 12:32:13 0 d-------- C:\WINDOWS\network diagnostic 2007-10-25 10:47:26 0 d-------- C:\Documents and Settings\Mom and Dad\SecurityScans 2007-10-25 10:45:35 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2007-10-25 10:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -- Find3M Report --------------------------------------------------------------- 2007-11-15 12:07:15 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-10 13:25:05 0 d-------- C:\Program Files\Autodesk 2007-10-09 12:55:57 0 d-------- C:\Program Files\iTunes 2007-10-09 12:24:41 0 d-------- C:\Program Files\iPod 2007-10-09 12:21:38 0 d-------- C:\Program Files\QuickTime 2007-10-09 12:18:37 0 d-------- C:\Program Files\Apple Software Update 2007-10-09 12:16:06 0 d-------- C:\Program Files\Common Files 2007-10-09 12:16:06 0 d-------- C:\Program Files\Common Files\Apple 2007-10-07 21:13:28 0 d-------- C:\Program Files\Symantec 2007-10-07 12:15:42 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Symantec 2007-10-07 12:11:10 0 d-------- C:\Program Files\Norton Internet Security 2007-10-04 15:53:57 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\MSN6 2007-10-03 10:08:40 0 d-------- C:\Program Files\Windows Sidebar 2007-10-03 06:47:33 0 d-------- C:\Program Files\Norton AntiVirus 2007-10-03 06:16:31 0 d-------- C:\Program Files\HP 2007-09-24 22:28:57 0 d-------- C:\Program Files\Messenger 2007-09-22 19:26:21 0 d-------- C:\Program Files\Movie Maker 2007-09-22 19:23:24 0 d-------- C:\Program Files\Windows NT 2007-09-21 21:36:20 0 d-------- C:\Program Files\Lavasoft 2007-09-21 17:00:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-19 10:31:53 6656 --a------ C:\sysriby.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 08/24/2007 08:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 10/07/2007 12:04 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 08:51 PM 316784] [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/03/2003 08:29 PM] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [10/16/2006 06:40 PM] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/28/2006 01:16 PM] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [10/11/2006 12:45 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/23/2007 04:18 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM] C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\ Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [6/6/1998 8:33:30 AM] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2007-11-16 06:16:45 ------------
  4. OK, here are the HJT and combofix logs: Deckard's System Scanner v20071014.68 Run by Mom and Dad on 2007-11-15 20:39:12 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 255 MiB (512 MiB recommended). -- HijackThis (run as Mom and Dad.exe) ----------------------------------------- Unable to find log (file not found); running clone. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2007-11-15 20:42:15 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE C:\WINDOWS\explorer.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Mom and Dad\Desktop\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {0D615C03-2202-4B95-BF17-D5B291FA3600} - (no file) O2 - BHO: (no name) - {3B839F24-320B-4928-8C0A-0715E96BBEB6} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O2 - BHO: (no name) - {61715F22-7146-479F-82BF-79D783AEAF9B} - (no file) O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O2 - BHO: (no name) - {8D6C016A-4093-415E-834D-EE14CE29EFBD} - (no file) O2 - BHO: (no name) - {9B6DE9B8-897C-4A30-8A14-4B5AAC9F5322} - \ O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: (no name) - {CEA8854C-7892-4CC1-9825-3D9B96A0D727} - (no file) O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} () - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O16 - DPF: {50BD5CDA-4BA8-4048-8FAA-763F222E41D8} () - ms-its:mhtml:file://c:\\nores.mht!http://adxrnet.net/code/chm/xpre.chm::/xpreload.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis/plugin/mgaxctrl.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab34246.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} () - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get/flash...ent/swflash.cab O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://azexpress3.orbital.com/dwa7W.cab O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: nnljg - C:\WINDOWS\system32\nnljg.dll (file missing) O20 - Winlogon Notify: nnnnnop - C:\WINDOWS\system32\nnnnnop.dll (file missing) O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\system32\WRLogonNTF.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11736 bytes -- Files created between 2007-10-15 and 2007-11-15 ----------------------------- 2007-10-25 12:32:13 0 d-------- C:\WINDOWS\network diagnostic 2007-10-25 10:47:26 0 d-------- C:\Documents and Settings\Mom and Dad\SecurityScans 2007-10-25 10:45:35 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2007-10-25 10:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -- Find3M Report --------------------------------------------------------------- 2007-11-15 12:07:15 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-10 13:25:05 0 d-------- C:\Program Files\Autodesk 2007-10-09 12:55:57 0 d-------- C:\Program Files\iTunes 2007-10-09 12:24:41 0 d-------- C:\Program Files\iPod 2007-10-09 12:21:38 0 d-------- C:\Program Files\QuickTime 2007-10-09 12:18:37 0 d-------- C:\Program Files\Apple Software Update 2007-10-09 12:16:06 0 d-------- C:\Program Files\Common Files 2007-10-09 12:16:06 0 d-------- C:\Program Files\Common Files\Apple 2007-10-07 21:13:28 0 d-------- C:\Program Files\Symantec 2007-10-07 12:15:42 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Symantec 2007-10-07 12:11:10 0 d-------- C:\Program Files\Norton Internet Security 2007-10-04 15:53:57 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\MSN6 2007-10-03 10:08:40 0 d-------- C:\Program Files\Windows Sidebar 2007-10-03 06:47:33 0 d-------- C:\Program Files\Norton AntiVirus 2007-10-03 06:16:31 0 d-------- C:\Program Files\HP 2007-09-24 22:28:57 0 d-------- C:\Program Files\Messenger 2007-09-22 19:26:21 0 d-------- C:\Program Files\Movie Maker 2007-09-22 19:23:24 0 d-------- C:\Program Files\Windows NT 2007-09-21 21:36:20 0 d-------- C:\Program Files\Lavasoft 2007-09-21 17:00:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-19 10:31:53 6656 --a------ C:\sysriby.exe -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D615C03-2202-4B95-BF17-D5B291FA3600}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B839F24-320B-4928-8C0A-0715E96BBEB6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 08/24/2007 08:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61715F22-7146-479F-82BF-79D783AEAF9B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 10/07/2007 12:04 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D6C016A-4093-415E-834D-EE14CE29EFBD}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B6DE9B8-897C-4A30-8A14-4B5AAC9F5322}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEA8854C-7892-4CC1-9825-3D9B96A0D727}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 08:51 PM 316784] [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/03/2003 08:29 PM] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [10/16/2006 06:40 PM] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/28/2006 01:16 PM] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [10/11/2006 12:45 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/23/2007 04:18 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM] C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\ Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [6/6/1998 8:33:30 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnljg] nnljg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnnop] nnnnnop.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime *Newly Created Service* - COMHOST -- End of Deckard's System Scanner: finished at 2007-11-15 20:43:29 ------------ ComboFix 07-11-08.1 - Mom and Dad 2007-11-15 18:11:54.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.56 [GMT -7:00] Running from: C:\Documents and Settings\Mom and Dad\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\check_LSA7.txt C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Internet Speed Monitor C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk C:\Temp\1cb C:\Temp\1cb\syscheck.log C:\Temp\fse C:\Temp\fse\tmpZTF.log C:\WINDOWS\cookies.ini C:\WINDOWS\system32\A1 C:\WINDOWS\system32\bosgobwt.dll C:\WINDOWS\system32\elllhssx.ini C:\WINDOWS\system32\f02WtR C:\WINDOWS\system32\fkwpnjmv.ini C:\WINDOWS\system32\jmlnn.bak1 C:\WINDOWS\system32\jmlnn.bak2 C:\WINDOWS\system32\jmlnn.ini C:\WINDOWS\system32\jmlnn.ini2 C:\WINDOWS\system32\jmlnn.tmp C:\WINDOWS\system32\ndktrkwn.dll C:\WINDOWS\system32\nwkrtkdn.ini C:\WINDOWS\system32\tmbyhhpv.dll C:\WINDOWS\system32\twbogsob.ini C:\WINDOWS\system32\vmjnpwkf.dll C:\WINDOWS\system32\vphhybmt.ini C:\WINDOWS\system32\vyotuwgo.dll C:\WINDOWS\system32\wiousvmy.dll C:\WINDOWS\system32\xsshllle.dll C:\WINDOWS\system32\ymvsuoiw.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR -------\LEGACY_SMTPDRV ((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))) . 2007-11-15 18:02 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-11-14 21:00 <DIR> d-------- C:\Deckard 2007-10-25 12:56 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2007-10-25 12:56 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2007-10-25 12:56 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2007-10-25 12:55 6,058,496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2007-10-25 12:55 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2007-10-25 12:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2007-10-25 12:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2007-10-25 12:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2007-10-25 12:31 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll 2007-10-25 10:47 <DIR> d-------- C:\Documents and Settings\Mom and Dad\SecurityScans 2007-10-25 10:45 <DIR> d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-16 01:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2007-11-15 19:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-10 20:25 --------- d-----w C:\Program Files\Autodesk 2007-10-09 19:55 --------- d-----w C:\Program Files\iTunes 2007-10-09 19:24 --------- d-----w C:\Program Files\iPod 2007-10-09 19:21 --------- d-----w C:\Program Files\QuickTime 2007-10-09 19:18 --------- d-----w C:\Program Files\Apple Software Update 2007-10-09 19:16 --------- d-----w C:\Program Files\Common Files\Apple 2007-10-09 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-08 04:13 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2007-10-08 04:13 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2007-10-08 04:13 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-10-08 04:13 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2007-10-08 04:13 --------- d-----w C:\Program Files\Symantec 2007-10-07 19:15 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\Symantec 2007-10-07 19:11 --------- d-----w C:\Program Files\Norton Internet Security 2007-10-04 22:53 --------- d-----w C:\Documents and Settings\Mom and Dad\Application Data\MSN6 2007-10-03 17:08 --------- d-----w C:\Program Files\Windows Sidebar 2007-10-03 13:47 --------- d-----w C:\Program Files\Norton AntiVirus 2007-10-03 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee 2007-10-03 13:16 --------- d-----w C:\Program Files\HP 2007-09-22 04:36 --------- d-----w C:\Program Files\Lavasoft 2007-09-22 04:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-09-22 00:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2007-09-19 17:31 6,656 ----a-w C:\sysriby.exe 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat 2007-09-18 21:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat 2007-09-18 21:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat 2007-09-18 21:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf 2007-09-18 21:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf 2007-09-18 21:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf 2007-09-18 21:43 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys 2007-09-18 21:43 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys 2007-09-18 21:43 278,576 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys 2007-09-18 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-08-29 21:18 577,928 ----a-w C:\WINDOWS\system32\SymNeti.dll 2007-08-23 23:57 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll 2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\inetcomm.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D615C03-2202-4B95-BF17-D5B291FA3600}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B839F24-320B-4928-8C0A-0715E96BBEB6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 2007-08-24 20:51 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61715F22-7146-479F-82BF-79D783AEAF9B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 2007-10-07 12:04 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D6C016A-4093-415E-834D-EE14CE29EFBD}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B6DE9B8-897C-4A30-8A14-4B5AAC9F5322}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEA8854C-7892-4CC1-9825-3D9B96A0D727}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784] [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 20:51 316784] [HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-03 20:29] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 18:40] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 13:16] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 12:45] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-10-23 16:18] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56] C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\ Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [1998-06-06 08:33:30] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnljg] nnljg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnnop] nnnnnop.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys R3 SymIMMP;SymIMMP;C:\WINDOWS\system32\DRIVERS\SymIM.sys R3 WinDriver6;WinDriver6;C:\WINDOWS\system32\drivers\windrvr6.sys S3 COH_Mon;COH_Mon;\??\C:\WINDOWS\system32\Drivers\COH_Mon.sys S3 SymIM;Symantec Network Security Intermediate Filter Service;C:\WINDOWS\system32\DRIVERS\SymIM.sys *Newly Created Service* - COMHOST . Contents of the 'Scheduled Tasks' folder "2007-11-13 01:54:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2007-11-13 04:38:06 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Mom and Dad.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 18:20:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-15 18:24:50 - machine was rebooted . --- E O F ---
  5. Hi, the Deckard scan did work. During the scan I got an AV message that Bloodhound.Exploit.6 was blocked. Here are the main.txt results: Deckard's System Scanner v20071014.68 Run by Mom and Dad on 2007-11-14 21:00:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 200: 2007-11-15 04:00:53 UTC - RP721 - Deckard's System Scanner Restore Point 199: 2007-11-14 17:06:00 UTC - RP720 - System Checkpoint 198: 2007-11-13 00:28:00 UTC - RP719 - System Checkpoint 197: 2007-11-12 00:00:42 UTC - RP718 - System Checkpoint 196: 2007-11-10 23:19:42 UTC - RP717 - System Checkpoint -- First Restore Point -- 1: 2007-09-17 04:10:21 UTC - RP522 - System Checkpoint Backed up registry hives. Performed disk cleanup. Percentage of Memory in Use: 77% (more than 75%). Total Physical Memory: 255 MiB (512 MiB recommended). -- HijackThis (run as Mom and Dad.exe) ----------------------------------------- -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R2 ASCTRM - c:\windows\system32\drivers\asctrm.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service> R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2007-11-12 21:38:06 634 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Mom and Dad.job 2007-11-12 18:54:08 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -- Files created between 2007-10-14 and 2007-11-14 ----------------------------- 2007-10-25 12:32:13 0 d-------- C:\WINDOWS\network diagnostic 2007-10-25 10:47:26 0 d-------- C:\Documents and Settings\Mom and Dad\SecurityScans 2007-10-25 10:45:35 0 d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2007-10-25 10:42:12 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -- Find3M Report --------------------------------------------------------------- 2007-11-14 21:05:48 0 d-------- C:\Program Files\Common Files\Symantec Shared 2007-10-10 13:25:05 0 d-------- C:\Program Files\Autodesk 2007-10-09 12:55:57 0 d-------- C:\Program Files\iTunes 2007-10-09 12:24:41 0 d-------- C:\Program Files\iPod 2007-10-09 12:21:38 0 d-------- C:\Program Files\QuickTime 2007-10-09 12:18:37 0 d-------- C:\Program Files\Apple Software Update 2007-10-09 12:16:06 0 d-------- C:\Program Files\Common Files 2007-10-09 12:16:06 0 d-------- C:\Program Files\Common Files\Apple 2007-10-07 21:13:28 0 d-------- C:\Program Files\Symantec 2007-10-07 12:59:45 2028938 --ahs---- C:\WINDOWS\system32\jmlnn.ini2 2007-10-07 12:15:42 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\Symantec 2007-10-07 12:11:10 0 d-------- C:\Program Files\Norton Internet Security 2007-10-07 09:45:08 85056 --a------ C:\WINDOWS\system32\xsshllle.dll 2007-10-06 08:04:37 1505318 --ahs---- C:\WINDOWS\system32\jmlnn.bak2 2007-10-05 20:44:23 86080 --a------ C:\WINDOWS\system32\tmbyhhpv.dll 2007-10-05 12:51:58 86080 --a------ C:\WINDOWS\system32\bosgobwt.dll 2007-10-04 19:06:17 86080 --a------ C:\WINDOWS\system32\ndktrkwn.dll 2007-10-04 15:53:57 0 d-------- C:\Documents and Settings\Mom and Dad\Application Data\MSN6 2007-10-03 10:08:40 0 d-------- C:\Program Files\Windows Sidebar 2007-10-03 09:06:57 86080 --a------ C:\WINDOWS\system32\vmjnpwkf.dll 2007-10-03 07:02:27 77376 --a------ C:\WINDOWS\system32\vyotuwgo.dll 2007-10-03 07:02:21 86080 --a------ C:\WINDOWS\system32\wiousvmy.dll 2007-10-03 06:47:33 0 d-------- C:\Program Files\Norton AntiVirus 2007-10-03 06:16:31 0 d-------- C:\Program Files\HP 2007-09-24 22:28:57 0 d-------- C:\Program Files\Messenger 2007-09-22 19:26:21 0 d-------- C:\Program Files\Movie Maker 2007-09-22 19:23:24 0 d-------- C:\Program Files\Windows NT 2007-09-21 21:36:20 0 d-------- C:\Program Files\Lavasoft 2007-09-21 17:00:01 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2007-09-19 10:31:53 6656 --a------ C:\sysriby.exe 2007-09-16 21:11:16 6448 --ahs---- C:\WINDOWS\system32\jmlnn.bak1 -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D615C03-2202-4B95-BF17-D5B291FA3600}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3B839F24-320B-4928-8C0A-0715E96BBEB6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}] 08/24/2007 08:51 PM 316784 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{61715F22-7146-479F-82BF-79D783AEAF9B}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}] 10/07/2007 12:04 PM 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D6C016A-4093-415E-834D-EE14CE29EFBD}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9B6DE9B8-897C-4A30-8A14-4B5AAC9F5322}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C3352FCD-CFE5-4F35-831A-19C68DDB7CF4}] C:\WINDOWS\System32\nnnnnop.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEA8854C-7892-4CC1-9825-3D9B96A0D727}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F2FA09FB-EE7A-46d8-9145-A1EEF7850052}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [08/24/2007 08:51 PM 316784] [-HKEY_CLASSES_ROOT\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1] [HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [06/03/2003 08:29 PM] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [10/16/2006 06:40 PM] "SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [09/28/2006 01:16 PM] "OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [10/11/2006 12:45 PM] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [09/26/2007 02:42 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06/29/2007 06:24 AM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/23/2007 04:18 PM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 09:24 AM] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM] C:\Documents and Settings\Mom and Dad\Start Menu\Programs\Startup\ Event Reminder.lnk - C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE [6/6/1998 8:33:30 AM] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{C3352FCD-CFE5-4F35-831A-19C68DDB7CF4}"= C:\WINDOWS\System32\nnnnnop.dll [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnljg] nnljg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnnop] nnnnnop.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\\WINDOWS\\System32\\nnlmj [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime *Newly Created Service* - COMHOST -- Hosts ----------------------------------------------------------------------- 127.0.0.1 babe.the-killer.bz 127.0.0.1 www.babe.the-killer.bz 127.0.0.1 did.i-used.cc 127.0.0.1 www.did.i-used.cc 127.0.0.1 babeweb.de 127.0.0.1 www.babeweb.de 127.0.0.1 toriii.cc 127.0.0.1 www.toriii.cc 127.0.0.1 xtipp.de 127.0.0.1 www.xtipp.de 2845 more entries in hosts file. -- End of Deckard's System Scanner: finished at 2007-11-14 21:08:49 ------------ and here is the extra.txt file: Deckard's System Scanner v20071014.68 Extra logfile - please post this as an attachment with your post. -------------------------------------------------------------------------------- -- System Information ---------------------------------------------------------- Microsoft Windows XP Home Edition (build 2600) SP 2.0 Architecture: X86; Language: English CPU 0: Intel Celeron processor Percentage of Memory in Use: 75% Physical Memory (total/avail): 254.48 MiB / 63.46 MiB Pagefile Memory (total/avail): 625.64 MiB / 274.57 MiB Virtual Memory (total/avail): 2047.88 MiB / 1932.46 MiB A: is Removable (No Media) C: is Fixed (NTFS) - 74.53 GiB total, 53.27 GiB free. D: is CDROM (CDFS) \\.\PHYSICALDRIVE0 - WDC WD800JB-00ETA0 - 74.53 GiB - 1 partition \PARTITION0 (bootable) - Installable File System - 74.53 GiB - C: -- Security Center ------------------------------------------------------------- AUOptions is scheduled to auto-install. Windows Internal Firewall is disabled. FW: Norton Internet Security v15.0.0.60 (Symantec Corporation) AV: Norton Internet Security v15.0.0.60 (Symantec Corporation) [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\WINDOWS\\system32\\cnvreewq.exe"="C:\\WINDOWS\\system32\\cnv" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" -- Environment Variables ------------------------------------------------------- ALLUSERSPROFILE=C:\Documents and Settings\All Users APPDATA=C:\Documents and Settings\Mom and Dad\Application Data CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip CLIENTNAME=Console CommonProgramFiles=C:\Program Files\Common Files COMPUTERNAME=ROYAL ComSpec=C:\WINDOWS\system32\cmd.exe FP_NO_HOST_CHECK=NO HOMEDRIVE=C: HOMEPATH=\Documents and Settings\Mom and Dad LOGONSERVER=\\ROYAL NUMBER_OF_PROCESSORS=1 OS=Windows_NT Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH PROCESSOR_ARCHITECTURE=x86 PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 10, GenuineIntel PROCESSOR_LEVEL=6 PROCESSOR_REVISION=080a ProgramFiles=C:\Program Files PROMPT=$P$G QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip SESSIONNAME=Console SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp TMP=C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp USERDOMAIN=ROYAL USERNAME=Mom and Dad USERPROFILE=C:\Documents and Settings\Mom and Dad windir=C:\WINDOWS -- User Profiles --------------------------------------------------------------- Owner (admin) Mom and Dad (admin) Ali Amy -- Add/Remove Programs --------------------------------------------------------- --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Download Manager 2.2 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe" Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log American Greetings® Art & More Store --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Mindscape\Art & More Store\Uninst.isu" AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM= AOL Toolbar 2.0 --> "C:\Program Files\AOL\AOL Toolbar 2.0\uninstall.exe" AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B} Apple Mobile Device Support --> MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217} Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} ArcSoft PhotoStudio 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9 Blue's Art Time Activities --> C:\WINDOWS\IsUninst.exe -fC:\HEGames\ArtTime\Uninst.isu -c"C:\HEGames\ArtTime\Uninst.dll Canon MP Navigator 3.0 --> "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini Canon MP160 --> "C:\WINDOWS\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009 Canon MP160 User Registration --> C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini ccCommon --> MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118} Component Framework --> MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09} Conexant SoftK56 Modem(M) --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D\hxfSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_8D8B155D Easy-WebPrint --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" EZface ActiveX 90 --> C:\PROGRA~1\EZFace\ActiveX\uninst.bat 90 C:\PROGRA~1\EZFace\ActiveX FATE --> "C:\Program Files\WildGames\FATE\Uninstall.exe" Funny Faces --> "C:\Program Files\Media Art\Funny Faces\unins000.exe" Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll" Graphical Analysis 3.4 Demo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{035668E7-6ABB-43F8-A0F2-6F10C84F67E6}\Setup.exe" -l0x9 HijackThis 2.0.2 --> "C:\DOCUME~1\MOMAND~1\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis.zip\HijackThis.exe" /uninstall Hoyle Card Games 5 --> C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Card Games 5\Uninst.isu" iPod for Windows 2005-09-23 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC} /l1033 iTunes --> MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306} JumpStart Kindergarten 2001 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Knowledge Adventure\JSKG2001\DeIsL1.isu" JumpStart Numbers --> C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSNumberUn.exe LiveUpdate (Symantec Corporation) --> MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate" LiveUpdate (Symantec Corporation) --> MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206} MathPlayer --> C:\Program Files\Design Science\MathPlayer\Setup.exe -u Maya 8.5 Personal Learning Edition --> MsiExec.exe /I{2D8ECB5E-9F6C-4332-AEE6-0E4EE1DEC926} Maya 8.5 Personal Learning Edition Documentation (en_US) --> MsiExec.exe /I{6A829DA3-E377-4BC0-938F-F453C6BB3F67} Microsoft Baseline Security Analyzer 2.0.1 --> MsiExec.exe /I{7F231232-C309-4401-964A-2A002B6E1ED9} Microsoft Digital Image Library 9 --> C:\WINDOWS\System32\msiexec.exe /i {9F7FC79B-3059-4264-9450-39EB368E3225} Microsoft Digital Image Pro 9 --> C:\WINDOWS\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0905} Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Press Interactive Training --> C:\Program Files\MSPress\Training\lunins32_s.exe Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Web Publishing Wizard 1.52 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall Microsoft Works 2000 --> MsiExec.exe /I{56364334-9530-11D2-BFFC-00C04FA329AA} Microsoft XML Parser and SDK --> MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07} MSN --> C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP Norton AntiVirus --> MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2} Norton AntiVirus Help --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555} Norton Confidential Core --> MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2} Norton Internet Security --> MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D} Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X Norton Protection Center --> MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB} Pdf995 --> C:\Program Files\pdf995\setup.exe uninstall Personal Ancestral File 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe" PrintMaster 7.00 --> c:\PROGRA~1\MINDSC~1\PRINTM~1\uninst32.exe /IFirst Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} RealPlayer Basic --> C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0 ScanSoft OmniPage SE 4.0 --> MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184} Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Serif DrawPlus 3.0 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp30\DrawPlus_uninst.isu" SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56} Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe" SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2} Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Zoo Tycoon: Complete Collection --> "C:\Program Files\Microsoft Games\Zoo Tycoon\UNINSTAL.EXE" /runtemp /addremove -- Application Event Log ------------------------------------------------------- Event Record #/Type40949 / Warning Event Submitted/Written: 11/14/2007 01:28:28 PM Event ID/Source: 1001 / MsiInstaller Event Description: Detection of product '{91120409-6000-11D3-8CFE-0150048383C9}', feature 'TCWP5Files' failed during request for component '{D362F5FA-9939-40E1-BC1F-EF575164DAB9}' Event Record #/Type40910 / Error Event Submitted/Written: 11/13/2007 09:32:21 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16544, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Event Record #/Type40909 / Error Event Submitted/Written: 11/13/2007 09:31:58 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. Processing media-specific event for [drwtsn32.exe!ws!] Event Record #/Type40908 / Error Event Submitted/Written: 11/13/2007 09:31:42 PM Event ID/Source: 1000 / Application Error Event Description: Faulting application iexplore.exe, version 7.0.6000.16544, faulting module unknown, version 0.0.0.0, fault address 0x08ff032d. Processing media-specific event for [iexplore.exe!ws!] Event Record #/Type40894 / Error Event Submitted/Written: 11/13/2007 05:43:04 PM Event ID/Source: 1002 / Application Hang Event Description: Hanging application iexplore.exe, version 7.0.6000.16544, hang module hungapp, version 0.0.0.0, hang address 0x00000000. -- Security Event Log ---------------------------------------------------------- No Errors/Warnings found. -- System Event Log ------------------------------------------------------------ Event Record #/Type79475 / Warning Event Submitted/Written: 11/13/2007 07:40:17 PM Event ID/Source: 36 / W32Time Event Description: The time service has not been able to synchronize the system time for 49152 seconds because none of the time providers has been able to provide a usable time stamp. The system clock is unsynchronized. Event Record #/Type79213 / Error Event Submitted/Written: 11/10/2007 02:17:21 PM Event ID/Source: 10010 / DCOM Event Description: The server {03E0E6C2-363B-11D3-B536-00902771A435} did not register with DCOM within the required timeout. Event Record #/Type79206 / Error Event Submitted/Written: 11/10/2007 00:59:28 PM Event ID/Source: 7009 / Service Control Manager Event Description: Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect. Event Record #/Type79205 / Error Event Submitted/Written: 11/10/2007 00:59:26 PM / 11/10/2007 00:59:27 PM Event ID/Source: 10005 / DCOM Event Description: DCOM got error "%%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} Event Record #/Type79145 / Warning Event Submitted/Written: 11/09/2007 05:54:25 PM Event ID/Source: 1007 / Dhcp Event Description: Your computer has automatically configured the IP address for the Network Card with network address 0014BF5C59D7. The IP address being used is 169.254.244.81. -- End of Deckard's System Scanner: finished at 2007-11-14 21:08:49 ------------ Thank you for your help!
  6. Hi, I have down loaded HiJackThis and have run a scan, but cannot get it to save a log file. Every time I click the save button, Notepad opens but says it can't find the file. Any suggestions?
  7. My AV subscription expired, and I have purchased a new version of NAV to install, but it doesn't install. I have run AdAware scan, which found numerous threats, but can't remove them. What now? Thanks!