Sponsored By

El Cool

Members
  • Content Count

    10
  • Joined

  • Last visited

About El Cool

  • Rank
    Member
  • Birthday 06/29/1983

Profile Information

  • Gender
    Male
  • Location
    Puerto Rico
  1. Thanks for looking this up MoNsTeReNeRgY22. Didn't have time to reply yesterday, but I solved the wireless problem. It was one value in a register =). I'm still gonna try this program you suggested, in case other stuff got changed. Like I said, I'm saving this thread, a lot of good solutions in here . Thanks a lot for helping me solve this problem without having to reinstall from scratch. And also for the fast replies. Thx, El Cool.
  2. Thanks a lot. It seems all the symptoms of the virus are gone! No more popups, and I can use some programs I couldn't before. I have Avast installed now and I've reinstalled Sygate Firewall. Both are working. But... I still can't use my wireless network, so I cross-checked services with a working WinXP and saw that I had services disabled and stopped in my laptop, so I started them. The main service for this to be Wireless Zero Configuation, and is the one I still can't turn on. This two I need on, and are giving me the following erros: IPSEC Services. error 10048 Wireless Zero Configuartion. error 1068 I don't know if you provide help for this, or where should I ask. Everything else seems to be in working condition. I have bookmarked this thread for future reference. Again, thanks for your knowledge and the virus help, i'll await a reply on the other problem. Thx.
  3. Kaspersky Log ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, November 05, 2007 8:04:05 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 5/11/2007 Kaspersky Anti-Virus database records: 451806 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 367772 Number of viruses found: 6 Number of infected objects: 34 Number of suspicious objects: 0 Duration of the scan process: 09:09:54 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Intuit\Quicken\Log\qw.log Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Macromedia\Shockwave Player\Shockwave Log Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab~ Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\ARPPRODUCTICON.exe Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My HP Games.lnk Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1960408961-1580436667-839522115-500\794683b1-4d4e-4bef-a1f9-78789a3606b7 Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1960408961-1580436667-839522115-500\Preferred Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2884375415-3876599502-1020652433-500\8ab480b5-2343-4207-a72d-e3bc0fcb7fdf Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2884375415-3876599502-1020652433-500\Preferred Object is locked skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Desktop\3 Month Trial AOL Music Now.lnk Object is locked skipped C:\Documents and Settings\Administrator\Desktop\Help and Support.lnk Object is locked skipped C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Accessories.URL Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Favorites\eBay.URL Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Home.URL Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Links\Windows Marketplace.url Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Links\Windows.url Object is locked skipped C:\Documents and Settings\Administrator\Favorites\MSN.com.url Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Online Photos First 25 Free.URL Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Search.URL Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Shop.URL Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Sonic Solutions.URL Object is locked skipped C:\Documents and Settings\Administrator\Favorites\Symantec Security.URL Object is locked skipped C:\Documents and Settings\Administrator\History\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\History\History.IE5\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\History\History.IE5\MSHist012007031820070319\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\IEActivex.exe.cccdbce.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL1E7.tmp.e45845ec.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL70.tmp.a0a11ca2.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL84.tmp.c67ef9e5.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\cache\LastWrite.txt Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\handle.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\oov1_skindefV3.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage\5ipgvyxa.22c\jaeew141.voz\StrongName.xitmqsrqvpqpovqi5kx5u3ghwej4ru23\AssemFiles\hpqedit.settings Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage\5ipgvyxa.22c\jaeew141.voz\StrongName.xitmqsrqvpqpovqi5kx5u3ghwej4ru23\identity.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage\5ipgvyxa.22c\jaeew141.voz\StrongName.xitmqsrqvpqpovqi5kx5u3ghwej4ru23\info.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Works\Portfolio\wsbsamp.wsb Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent\Cdacache\cdacache.odds Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\1033.MST Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\CFG3F.tmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\CFG44.tmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\CFG49.tmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\CFG4E.tmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8eaa6.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8eaa7.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8eaa8.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\PDFCreator\PDFCreatorSpool\~PS77.inf Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\PDFCreator\PDFCreatorSpool\~PS77.tmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8DF5.tmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\My Documents\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk Object is locked skipped C:\Documents and Settings\Administrator\My Documents\My Music\Samples.lnk Object is locked skipped C:\Documents and Settings\Administrator\My Documents\My Pictures\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped C:\Documents and Settings\Administrator\My Documents\My Pictures\Samples.lnk Object is locked skipped C:\Documents and Settings\Administrator\My Documents\My Videos\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\My Documents\My Videos\Samples.lnk Object is locked skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped C:\Documents and Settings\Administrator\Recent\Desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped C:\Documents and Settings\Administrator\SendTo\My Documents.mydocs Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Program Updates.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\9HMLFV0L\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\CMJU4A8C\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\PROXEY6F\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\U1AJWFEX\desktop.ini Object is locked skipped C:\Documents and Settings\Administrator\Temporary Internet Files\desktop.ini Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\14688046.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\14717500.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\14726281.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\18132046.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\258203.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\270937.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\29126000.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\29168406.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\295093.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\29866015.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\310031.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\3714578.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\919875.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\hidr.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fc skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\srosa.sys.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fc skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\wintems.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\wmpnscfg.exe.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fc skipped C:\Documents and Settings\PET3R\Cookies\index.dat Object is locked skipped C:\Documents and Settings\PET3R\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\PET3R\History\History.IE5\MSHist012007110520071106\index.dat Object is locked skipped C:\Documents and Settings\PET3R\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\PET3R\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\PET3R\Local Settings\Temp\jar_cache64323.tmp Object is locked skipped C:\Documents and Settings\PET3R\Local Settings\Temp\jar_cache64324.tmp Object is locked skipped C:\Documents and Settings\PET3R\Local Settings\Temp\Perflib_Perfdata_35c.dat Object is locked skipped C:\Documents and Settings\PET3R\Local Settings\Temp\Perflib_Perfdata_420.dat Object is locked skipped C:\Documents and Settings\PET3R\Local Settings\Temp\~._cmt57630.tmp Object is locked skipped C:\Documents and Settings\PET3R\Local Settings\Temp\~._cmt57630.tmp.lck Object is locked skipped C:\Documents and Settings\PET3R\NTUSER.DAT Object is locked skipped C:\Documents and Settings\PET3R\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\PET3R\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Downloads\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Downloads\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Downloads\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Downloads\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Downloads\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped C:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\mIRC\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\mIRC\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped C:\mIRC\mirc621.exe NSIS: infected - 2 skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped C:\Program Files\IBM\Client Access\eclipse\configuration\org.eclipse.core.runtime\.manager\.tmp64320.instance Object is locked skipped C:\Program Files\IBM\Client Access\eclipse\workspace\.metadata\.applicationlock Object is locked skipped C:\Program Files\IBM\Client Access\eclipse\workspace\.metadata\.plugins\org.eclipse.tomcat\catalina.2007-11-05.log Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\eclipse\configuration\org.eclipse.core.runtime\.manager\.tmp57629.instance Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\native_stderr.log Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\native_stdout.log Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\SystemErr.log Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\SystemOut.log Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\trace.log Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\tranlog\PeterLappyNode01Cell\PeterLappyNode01\server1\transaction\partnerlog\log1 Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\tranlog\PeterLappyNode01Cell\PeterLappyNode01\server1\transaction\partnerlog\log2 Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\tranlog\PeterLappyNode01Cell\PeterLappyNode01\server1\transaction\tranlog\log1 Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\tranlog\PeterLappyNode01Cell\PeterLappyNode01\server1\transaction\tranlog\log2 Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\wstemp\events\eventbuffer0.ser Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\wstemp\events\eventbuffer1.ser Object is locked skipped C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\wstemp\events\eventbuffer2.ser Object is locked skipped C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped C:\Program Files\MySQL\MySQL Server 5.0\data\PeterLappy.err Object is locked skipped C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.Comet.bl skipped C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe.vir NSIS: infected - 1 skipped C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\SSSInstaller.dll.vir Infected: not-a-virus:AdWare.Win32.Comet.bl skipped C:\qoobox\Quarantine\C\WINDOWS\exefld\271250.exe.vir Infected: Trojan-Spy.Win32.Banker.fon skipped C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{92C59AFD-37DD-4258-9A65-0C972A6EBD14}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\TEMP\ib2 Object is locked skipped C:\WINDOWS\TEMP\ib3 Object is locked skipped C:\WINDOWS\TEMP\ib4 Object is locked skipped C:\WINDOWS\TEMP\ib5 Object is locked skipped C:\WINDOWS\TEMP\ib6 Object is locked skipped C:\WINDOWS\TEMP\Perflib_Perfdata_278.dat Object is locked skipped C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.
  4. Avast has finished. Since I ran it from Safe Mode, the file aswBoot.txt is empty. I'm still looking around if it has a way of making a report of this. It found and moved and deleted some threats. Most I had to delete them, because it wouldn't move them to the chest. I registered Avast now... before it wouldn't take me to the site, just keep getting error messages. I now have Avast running in Normal Mode, which I couldn't do before. I also installed the Sygate Firewall I had before, finally! I'm not getting any popups for now, but I've been on for about half an hour only. And the wireless is still not working. Here's the HiJack This Log: HiJack This Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:22:45 AM, on 11/5/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark 9300 Series\lxcqmon.exe C:\Program Files\Lexmark 9300 Series\ezprint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\msiexec.exe C:\WINDOWS\system32\lxcqcoms.exe C:\Program Files\Alwil Software\Avast4\ashSimpl.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected] O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servlet/P...00001f.0000005e O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe -- End of file - 13746 bytes
  5. Step 1 - I uninstalled norton with the removal tool. Folders were deleted in the process. Step 2 - Ran housecall. It took a while and 3 times my browser closed on its own and I had to start it again, but it finished. Deleted some worms and trojans. Step 3 - I'm currently running the scanning. After the first installation and restart, the .exe was deleted upon entering Windows. So I tried running in Safe mode, but couldn't get in it. So I ran ComboFix again, then updated the registry with the fix you gave me, installed Avast again, and now I'm in Safe Mode running a Thorough Scan. I'll update the post when its done. Just letting you now my status.
  6. OK. Done. Did Step 1, Step 2, and Step 3 of your last post. I am still not able to run an AntiVirus. I tried reinstalling Norton but it gets cancelled due to missing files and Panda says I don't have permissions to install ActiveX. Anyways, I uninstalled Norton, got an error in the process of a missing file, but it still uninstalled. I did the Jotti procedure but the file C:\Program.exe does not exist, so nothing happened. This is what I got back from www.virustotal.com: 0 bytes size received / Se ha recibido un archivo vacio Here is the new HJT log: HiJackThis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:23:41 PM, on 11/3/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Lexmark 9300 Series\lxcqmon.exe C:\Program Files\Lexmark 9300 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxcqcoms.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\HiJackThis\HiJackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe -- End of file - 12435 bytes
  7. Oh. Interesting. =) Ok. Here it is: Step 1 List: ABBYY FineReader 6.0 Sprint Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Reader 8.1.1 Adobe Stock Photos 1.0 Adobe® Photoshop® Album Starter Edition 3.2 Altova MissionKit for Enterprise XML Developers Antechinus JavaScript Editor v9.0 Apache HTTP Server 2.0.59 Apple Mobile Device Support Apple Software Update AtomixMP3 v2.1 BitTornado 0.3.17 ccCommon Conexant HD Audio Crystal Enterprise Crystal Enterprise APS Admin Plugin Crystal Enterprise Favorites Folder Plugin Customer Experience Enhancement CVSNT 2.5.03.2382 DivX eMule Enterprise Information Portal for Multiplatforms exPressit S.E. 2.1 ffdshow (remove only) FutureDecks Pro 1.0.0 Google Talk (remove only) HijackThis 2.0.2 Hotfix for Microsoft .NET Framework 3.0 (KB932471) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB896256) Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB909095) Hotfix for Windows XP (KB910728) Hotfix for Windows XP (KB912436) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB914906) Hotfix for Windows XP (KB915326) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB918005) Hotfix for Windows XP (KB926239) HP Help and Support HP Imaging Device Functions 6.0 HP Photosmart Premier Software 6.0 HP Quick Launch Buttons 6.10 A2 HP QuickPlay 2.3 HP Update HP User Guides 0035 HP Wireless Assistant 2.00 G2 IBM Content Manager for iSeries Client for Windows IBM iSeries Access for Windows IBM WebSphere Development Studio Client for iSeries V6.0 IBM WebSphere Studio Application Developer 5.1 Image Page Procesor Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers Internet Worm Protection iTunes J2SE Runtime Environment 5.0 Update 11 Java 6 Update 3 Java SE Runtime Environment 6 Update 1 Karaoke Builder CD+G Player Lemonade Tycoon Lexmark 9300 Series LiveReg (Symantec Corporation) LiveUpdate 3.0 (Symantec Corporation) Macromedia Contribute 3.11 Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Macromedia Flash Player 8 Macromedia Flash Player 8 Plugin Macromedia Shockwave Player Magic ISO Maker v5.4 (build 0239) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Project MUI (English) 2007 Microsoft Office Project Professional 2007 Microsoft Office Project Professional 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2007 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Works mIRC Mozilla Firefox (2.0.0.8) MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) MSXML4 Parser My HP Games MySQL Connector/ODBC 3.51 MySQL Server 5.0 MySQL Tools for 5.0 NetScreen Remote Login NetScreen-Remote NetWaiting No-IP.com DUC (remove only) Norton AntiVirus 2005 Norton AntiVirus Parent MSI Norton CleanSweep Norton SystemWorks Norton SystemWorks 2005 (Symantec Corporation) Norton Utilities Norton WMI Update NoteTab Light (Remove only) NSW_DRM_COLLECTION Office 2003 Trial Assistant PDFCreator PDFCreator Toolbar PowerISO Presto! Forms 3.50.02 Presto! PageManager 7.12.10 QuickTime RealPlayer REM 1.2.2 Rise of Nations Roxio Easy Media Creator 7 Sandlot Games Client Services Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901190) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917537) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921503) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925454) Security Update for Windows XP (KB925902) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928090) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Security Update for Windows XP (KB929123) Security Update for Windows XP (KB929969) Security Update for Windows XP (KB930178) Security Update for Windows XP (KB931261) Security Update for Windows XP (KB931768) Security Update for Windows XP (KB931784) Security Update for Windows XP (KB932168) Security Update for Windows XP (KB933566) Security Update for Windows XP (KB933729) Security Update for Windows XP (KB935839) Security Update for Windows XP (KB935840) Security Update for Windows XP (KB936021) Security Update for Windows XP (KB937143) Security Update for Windows XP (KB938127) Security Update for Windows XP (KB938829) Security Update for Windows XP (KB939373) Security Update for Windows XP (KB941202) SmartFTP Client 2.0 SnagIt 8 Soft Data Fax Modem with SmartCP Sonic Audio Module Sonic Copy Module Sonic Data Module Sonic Express Labeler Sonic MyDVD Plus Sonic Update Manager SPBBC Super Mp3 Editor 5.0 Symantec KB-DocID:2003093015493306 Symantec Script Blocking Installer SymNet Synaptics Pointing Device Driver Tank-o-Box TortoiseCVS 1.8.30 Trillian Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB925720) Update for Windows XP (KB925876) Update for Windows XP (KB927891) Update for Windows XP (KB929338) Update for Windows XP (KB930916) Update for Windows XP (KB931836) Update for Windows XP (KB933360) Update for Windows XP (KB936357) Update for Windows XP (KB938828) VNC Free Edition 4.1.2 Vongo WildTangent Web Driver Windows Communication Foundation Windows Imaging Component Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player 11 Windows Presentation Foundation Windows Workflow Foundation Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB884575 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885464 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885855 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888239 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB888402 Windows XP Hotfix - KB889673 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB892559 WinMerge 2.2.4.0 WinRAR archiver Wireless Home Network Setup Ok.. In Step 2, the first two O2 on the list are not in the scan. I do have one listed from the previous scan: O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) The third O2 is there for checking and so is O3. I want to note that the O16 one, fortisslvpn, I remember it being installed in summer for work. It allows me to connect to a vpn. If you believe it has to be fixed, i'll click it and have them install it again later on. I kept on reading to see if I could do anything else, but I think I shouldn't. I didn't click Fix Checked yet, since this situation came up, so I'll wait until you give me the go. Here is the HiJackThis I'm getting now. HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:20:07 PM, on 11/2/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Lexmark 9300 Series\lxcqmon.exe C:\Program Files\Lexmark 9300 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxcqcoms.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\IBM\Rational\SDP\6.0\eclipse\eclipse.exe C:\Program Files\IBM\Rational\SDP\6.0\eclipse\jre\bin\javaw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\java\bin\java.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\IBM\Client Access\cwbunnav.exe C:\Program Files\IBM\Client Access\jre\bin\javaw.exe C:\Program Files\iTunes\iTunes.exe C:\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll (file missing) O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe -- End of file - 13571 bytes
  8. Done. I fixed the registry, and I am now able to boot in Safe Mode. *Awaiting further instructions* Just curious, where do you find out the original/correct values for each registry ?
  9. Thx MoNsTeReNeRgY22 Downloaded HiJackThis and Combofix. Here are the logs: HiJack This log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:57:07 PM, on 11/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\Lexmark 9300 Series\lxcqmon.exe C:\Program Files\Lexmark 9300 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\lxcqcoms.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\IBM\Rational\SDP\6.0\eclipse\eclipse.exe C:\Program Files\IBM\Rational\SDP\6.0\eclipse\jre\bin\javaw.exe C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\java\bin\java.exe C:\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 176.185.1.1 iseries O1 - Hosts: 98.19.1.11 odysseus O1 - Hosts: 98.19.1.4 aux400 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {18AA4575-67E5-4807-92AF-A4923D98E974} - (no file) O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe -- End of file - 14041 bytes ComboFix log: ComboFix 07-11-01.1** - PET3R 2007-11-01 16:06:40.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1297 [GMT -4:00]Running from: C:\Documents and Settings\PET3R\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data.\Starware316 C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\775_button_1b_def.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindIt.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindItHot.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\findithotxp.png C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\finditxp.png C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Free_Credit_Score0.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Free_Music0.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logo.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logoxp.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Reference.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\ReferenceHot.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencehotxp.png C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencexp.png C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Ringtones0.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Screensavers0.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Weather.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\WeatherHot.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherhotxp.png C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherxp.png C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\error.xml C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Related.xml C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Travel.xml C:\Documents and Settings\All Users\Application Data.\Starware316\images\walert.bmp C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup C:\Documents and Settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml C:\Documents and Settings\All Users\Application Data\Starware316\images\walert.bmp C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316 C:\Documents and Settings\PET3R\Application Data\Starware316\BrowserSearch\BrowserSearch.xml C:\Documents and Settings\PET3R\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Configurator\Configurator.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Configurator\Configurator.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Free_Music\Free_MusicOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Layouts\ToolbarLayout.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Manager\ManagerOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Manager\ManagerOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Reference\ReferenceOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Reference\ReferenceOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Ringtones\RingtonesOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Screensavers\ScreensaversOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Toolbar\TBProductsOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup C:\Documents and Settings\PET3R\Application Data\Starware316\Weather\AlertArchive.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Weather\WeatherOptions.xml C:\Documents and Settings\PET3R\Application Data\Starware316\Weather\WeatherOptions.xml.backup C:\Program Files\screensavers.com C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe C:\Program Files\screensavers.com\SSSInstaller\bin\screensavers.exe C:\Program Files\screensavers.com\SSSInstaller\bin\sinstaller3.exe C:\Program Files\screensavers.com\SSSInstaller\bin\SSSInstaller.dll C:\Program Files\screensavers.com\SSSUninst.exe C:\Program Files\Starware316 C:\Program Files\Starware316\bin\Starware316.dll C:\Program Files\Starware316\icons\star_16.ico C:\Program Files\Starware316\Starware316Config.xml C:\Program Files\Starware316\Starware316Uninstall.exe C:\WINDOWS\exefld C:\WINDOWS\exefld\14688046.exe C:\WINDOWS\exefld\14717500.exe C:\WINDOWS\exefld\14726281.exe C:\WINDOWS\exefld\18132046.exe C:\WINDOWS\exefld\258203.exe C:\WINDOWS\exefld\270937.exe C:\WINDOWS\exefld\271250.exe C:\WINDOWS\exefld\29126000.exe C:\WINDOWS\exefld\29168406.exe C:\WINDOWS\exefld\295093.exe C:\WINDOWS\exefld\29866015.exe C:\WINDOWS\exefld\310031.exe C:\WINDOWS\exefld\3714578.exe C:\WINDOWS\exefld\919875.exe C:\WINDOWS\system32\drivers\hidr.exe C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA -------\srosa ((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 ))))))))))))))))))))))))))))))) . 2007-11-01 15:59 51,200 --a------ C:\WINDOWS\NirCmd.exe 2007-10-31 14:03 <DIR> d-------- C:\Documents and Settings\PET3R\Application Data\PlayFirst 2007-10-31 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst 2007-10-29 00:58 <DIR> d-------- C:\HiJackThis 2007-10-27 13:04 <DIR> d-------- C:\Documents and Settings\PET3R\FutureDecks Data 2007-10-27 13:04 126,976 --a------ C:\WINDOWS\system32\HDJAPI.dll 2007-10-27 13:04 86,016 --a------ C:\WINDOWS\system32\HRFDongle.dll 2007-10-27 13:03 <DIR> d-------- C:\Program Files\FutureDecksPro 2007-10-22 15:15 <DIR> d-------- C:\Program Files\DOSBox-0.72 2007-10-22 14:23 <DIR> d-------- C:\Screensavers.com 2007-10-22 14:23 2,285,222 --a------ C:\WINDOWS\Matrix Code.exe 2007-10-22 14:23 232,784 --a------ C:\WINDOWS\Matrix Code.scr 2007-10-22 14:23 29,696 --a------ C:\WINDOWS\mickey32.dll 2007-10-10 10:57 <DIR> d-------- C:\Program Files\iPod 2007-10-09 14:04 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2007-10-05 13:33 <DIR> d-------- C:\Program Files\CPoint 2007-10-01 09:20 <DIR> d-------- C:\FileNet . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-01 16:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2007-10-31 21:00 --------- d-----w C:\Program Files\HP Games 2007-10-30 01:31 --------- d-----w C:\Program Files\eMule 2007-10-30 00:22 --------- d-----w C:\Documents and Settings\PET3R\Application Data\.BitTornado 2007-10-25 23:29 --------- d-----w C:\Documents and Settings\PET3R\Application Data\MySQL 2007-10-22 17:05 --------- d-----w C:\Program Files\Norton SystemWorks 2007-10-10 14:58 --------- d-----w C:\Program Files\iTunes 2007-10-09 00:30 --------- d-----w C:\Program Files\Java 2007-10-04 12:43 --------- d-----w C:\Program Files\Lx_cats 2007-09-27 21:16 --------- d-----w C:\Documents and Settings\PET3R\Application Data\U3 2007-09-24 19:26 --------- d-----w C:\Program Files\Apple Software Update 2007-09-12 22:18 --------- d-----w C:\Program Files\MSN Messenger . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1962c5bc-e475-465b-823b-133e711bceb9}"= C:\Program Files\Starware316\bin\Starware316.dll [ ] [HKEY_CLASSES_ROOT\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 16:13] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 00:47] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [] "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-02 20:21] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-04 13:23] "Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2007-03-05 05:40] "lxcqmon.exe"="C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" [2006-10-23 10:51] "Lexmark 9300 Series Fax Server"="C:\Program Files\Lexmark 9300 Series\fm3032.exe" [2006-10-26 02:33] "EzPrint"="C:\Program Files\Lexmark 9300 Series\ezprint.exe" [2006-10-06 05:01] "LXCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-10-15 21:25] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:00] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-09-12 18:18] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2004-02-08 07:06] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-07-27 15:59:08] NetScreen-Remote.lnk - C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe [2007-07-09 10:13:18] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"=0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 setuid SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard] C:\Windows\SMINST\RecGuard.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NProtectService"=2 (0x2) "NPFMntor"=2 (0x2) "navapsvc"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8350ab54-d3c1-11db-bdc7-0018de872e79}] \Shell\AutoRun\command - G:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a459e7a3-6d26-11dc-bf22-0018de872e79}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5f821a7-dca3-11db-bddd-0018de872e79}] \Shell\AutoRun\command - G:\portable_apps\PortableApps\PortableAppsMenu\PortableAppsMenu.exe *Newly Created Service* - MDMXSDK . Contents of the 'Scheduled Tasks' folder "2007-10-29 22:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" "2007-11-01 15:50:00 C:\WINDOWS\Tasks\Fantasy NBA.job" - C:\PROGRA~1\MOZILL~1\firefox.exe "2007-11-01 18:20:58 C:\WINDOWS\Tasks\Fantasy NFL.job" - C:\PROGRA~1\MOZILL~1\firefox.exe "2007-09-29 00:00:53 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - PET3R.job" - C:\PROGRA~1\NORTON~1\NORTON~3\Navw32.exe "2007-10-22 17:05:47 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job" "2007-10-26 04:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job" . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-01 16:18:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-01 16:19:35 . --- E O F ---
  10. First off, How i got my virus (if its a virus): I downloaded 2 different programs that may have caused it. One, a screen saver program, because to download something I had to download a demo of a screensaver program. Second, a software for mixing music, which I think this one impaired my laptop. Noticable Effects: First thing that happened, a lot of popups with blank sites started popping up. I wondered why didnt i get a warning that it was loading a site... and I found out my Sygate Firewall was disabled, then i saw my Norton Antivirus was disabled. So the virus disabled both my firewall and antivirus and it wont let me install them again or repair them. My Wireless Connection is not working. I'm currently connected by cable now. What I've done: I tried installing other antivirus software, but I've had no success there. It stops when it is about to install the main exe file. ie. NMain.exe, smc.exe. So, I connected thru my bro's computer and ran Kapersky. It found out two adware named something like ssinstall.exe (probably the screen saver). Those two are gone. I tried online scan with Panda, but it won't let me install the ActiveX control. So, I got HiJackThis and ran it. If there is anything else I can provide to help, please ask. Thx in advance for the help. Here's the HiJackThis log from notepad: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 1:27:32 AM, on 10/29/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxcqcoms.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Lexmark 9300 Series\lxcqmon.exe C:\Program Files\Lexmark 9300 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Downloads\HiJackThis_v2.exe C:\HiJackThis\HiJackThis_v2.exe C:\WINDOWS\system32\msiexec.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 176.185.1.1 iseries O1 - Hosts: 98.19.1.11 odysseus O1 - Hosts: 98.19.1.4 aux400 O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {18AA4575-67E5-4807-92AF-A4923D98E974} - (no file) O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected] O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe -- End of file - 14343 bytes