El Cool

Members
  • Content Count

    10
  • Joined

  • Last visited

Posts posted by El Cool


  1. Thanks for looking this up MoNsTeReNeRgY22.

    Didn't have time to reply yesterday, but I solved the wireless problem.

    It was one value in a register =).

    I'm still gonna try this program you suggested, in case other stuff got changed.

    Like I said, I'm saving this thread, a lot of good solutions in here :).

    Thanks a lot for helping me solve this problem without having to reinstall from scratch.

    And also for the fast replies.

    Thx, El Cool.


  2. Thanks a lot. It seems all the symptoms of the virus are gone!

    No more popups, and I can use some programs I couldn't before.

    I have Avast installed now and I've reinstalled Sygate Firewall.

    Both are working.

    But... I still can't use my wireless network, so I cross-checked services with a working WinXP and saw that I had services disabled and stopped in my laptop, so I started them.

    The main service for this to be Wireless Zero Configuation, and is the one I still can't turn on.

    This two I need on, and are giving me the following erros:

    • IPSEC Services. error 10048
    • Wireless Zero Configuartion. error 1068

    I don't know if you provide help for this, or where should I ask.

    Everything else seems to be in working condition.

    I have bookmarked this thread for future reference.

    Again, thanks for your knowledge and the virus help, i'll await a reply on the other problem.

    Thx.


  3. Kaspersky Log

    -------------------------------------------------------------------------------

    KASPERSKY ONLINE SCANNER REPORT

    Monday, November 05, 2007 8:04:05 PM

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky Online Scanner version: 5.0.98.0

    Kaspersky Anti-Virus database last update: 5/11/2007

    Kaspersky Anti-Virus database records: 451806

    -------------------------------------------------------------------------------

    Scan Settings:

    Scan using the following antivirus database: extended

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - My Computer:

    C:\

    D:\

    E:\

    Scan Statistics:

    Total number of scanned objects: 367772

    Number of viruses found: 6

    Number of infected objects: 34

    Number of suspicious objects: 0

    Duration of the scan process: 09:09:54

    Infected Object Name / Virus Name / Last Action

    C:\Documents and Settings\Administrator\Application Data\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Intuit\Quicken\Log\qw.log Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GVP00001\www.orkut.com\gtalksettings.sol Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Macromedia\Shockwave Player\Shockwave Log Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Address Book\Administrator.wab~ Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\ARPPRODUCTICON.exe Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut11_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut1_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut3_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut4_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\NewShortcut5_DB7E00C96DEF489A8112D8F81614F45A.exe Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{DB7E00C9-6DEF-489A-8112-D8F81614F45A}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\My HP Games.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Netscape Browser.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1960408961-1580436667-839522115-500\794683b1-4d4e-4bef-a1f9-78789a3606b7 Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1960408961-1580436667-839522115-500\Preferred Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2884375415-3876599502-1020652433-500\8ab480b5-2343-4207-a72d-e3bc0fcb7fdf Object is locked skipped

    C:\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-2884375415-3876599502-1020652433-500\Preferred Object is locked skipped

    C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Desktop\3 Month Trial AOL Music Now.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Desktop\Help and Support.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Desktop\Windows Media Player.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Accessories.URL Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\eBay.URL Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Home.URL Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Links\Customize Links.url Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Links\Free Hotmail.url Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Links\Windows Marketplace.url Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Links\Windows Media.url Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Links\Windows.url Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\MSN.com.url Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Online Photos First 25 Free.URL Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Radio Station Guide.url Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Search.URL Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Shop.URL Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Sonic Solutions.URL Object is locked skipped

    C:\Documents and Settings\Administrator\Favorites\Symantec Security.URL Object is locked skipped

    C:\Documents and Settings\Administrator\History\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\History\History.IE5\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Administrator\History\History.IE5\MSHist012007031820070319\index.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.a935d1e0.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\IEActivex.exe.cccdbce.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL1E7.tmp.e45845ec.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL70.tmp.a0a11ca2.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory\SL84.tmp.c67ef9e5.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\AtStart.txt Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\DSwitch.txt Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\cache\LastWrite.txt Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\handle.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\HP\Digital Imaging\oov1_skindefV3.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage\5ipgvyxa.22c\jaeew141.voz\StrongName.xitmqsrqvpqpovqi5kx5u3ghwej4ru23\AssemFiles\hpqedit.settings Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage\5ipgvyxa.22c\jaeew141.voz\StrongName.xitmqsrqvpqpovqi5kx5u3ghwej4ru23\identity.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\IsolatedStorage\5ipgvyxa.22c\jaeew141.voz\StrongName.xitmqsrqvpqpovqi5kx5u3ghwej4ru23\info.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Works\Portfolio\wsbsamp.wsb Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\QSwitch.txt Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\Wildtangent\Cdacache\cdacache.odds Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\1033.MST Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}\J2SE Runtime Environment 5.0 Update 6.msi Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\CFG3F.tmp Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\CFG44.tmp Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\CFG49.tmp Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\CFG4E.tmp Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8eaa6.LOG Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8eaa7.LOG Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8eaa8.LOG Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\PDFCreator\PDFCreatorSpool\~PS77.inf Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\PDFCreator\PDFCreatorSpool\~PS77.tmp Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8DF5.tmp Object is locked skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Administrator\My Documents\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\My Documents\My Music\Desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\My Documents\My Music\Sample Music.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\My Documents\My Music\Samples.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\My Documents\My Pictures\Desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\My Documents\My Pictures\Samples.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\My Documents\My Videos\Desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\My Documents\My Videos\Samples.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Administrator\ntuser.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Recent\Desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped

    C:\Documents and Settings\Administrator\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped

    C:\Documents and Settings\Administrator\SendTo\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\SendTo\Mail Recipient.MAPIMail Object is locked skipped

    C:\Documents and Settings\Administrator\SendTo\My Documents.mydocs Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Program Updates.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\amipro.sam Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\excel.xls Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\excel4.xls Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\lotus.wk4 Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\powerpnt.ppt Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\presenta.shw Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\quattro.wb2 Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\sndrec.wav Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\winword.doc Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\winword2.doc Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\wordpfct.wpd Object is locked skipped

    C:\Documents and Settings\Administrator\Templates\wordpfct.wpg Object is locked skipped

    C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\9HMLFV0L\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\CMJU4A8C\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\PROXEY6F\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Temporary Internet Files\Content.IE5\U1AJWFEX\desktop.ini Object is locked skipped

    C:\Documents and Settings\Administrator\Temporary Internet Files\desktop.ini Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\14688046.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\14717500.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\14726281.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\18132046.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\258203.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\270937.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\29126000.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\29168406.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\295093.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\29866015.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\310031.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\3714578.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\919875.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\hidr.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fc skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\srosa.sys.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fc skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\wintems.exe.vir.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fh skipped

    C:\Documents and Settings\PET3R\.housecall6.6\Quarantine\wmpnscfg.exe.bac_a00152 Infected: Trojan-Downloader.Win32.Bagle.fc skipped

    C:\Documents and Settings\PET3R\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\PET3R\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\PET3R\History\History.IE5\MSHist012007110520071106\index.dat Object is locked skipped

    C:\Documents and Settings\PET3R\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\PET3R\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\PET3R\Local Settings\Temp\jar_cache64323.tmp Object is locked skipped

    C:\Documents and Settings\PET3R\Local Settings\Temp\jar_cache64324.tmp Object is locked skipped

    C:\Documents and Settings\PET3R\Local Settings\Temp\Perflib_Perfdata_35c.dat Object is locked skipped

    C:\Documents and Settings\PET3R\Local Settings\Temp\Perflib_Perfdata_420.dat Object is locked skipped

    C:\Documents and Settings\PET3R\Local Settings\Temp\~._cmt57630.tmp Object is locked skipped

    C:\Documents and Settings\PET3R\Local Settings\Temp\~._cmt57630.tmp.lck Object is locked skipped

    C:\Documents and Settings\PET3R\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\PET3R\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\PET3R\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Downloads\vnc-4_1_2-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

    C:\Downloads\vnc-4_1_2-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

    C:\Downloads\vnc-4_1_2-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

    C:\Downloads\vnc-4_1_2-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

    C:\Downloads\vnc-4_1_2-x86_win32.exe Inno: infected - 4 skipped

    C:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

    C:\mIRC\mirc621.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

    C:\mIRC\mirc621.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped

    C:\mIRC\mirc621.exe NSIS: infected - 2 skipped

    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

    C:\Program Files\IBM\Client Access\eclipse\configuration\org.eclipse.core.runtime\.manager\.tmp64320.instance Object is locked skipped

    C:\Program Files\IBM\Client Access\eclipse\workspace\.metadata\.applicationlock Object is locked skipped

    C:\Program Files\IBM\Client Access\eclipse\workspace\.metadata\.plugins\org.eclipse.tomcat\catalina.2007-11-05.log Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\eclipse\configuration\org.eclipse.core.runtime\.manager\.tmp57629.instance Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\native_stderr.log Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\native_stdout.log Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\SystemErr.log Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\SystemOut.log Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\logs\server1\trace.log Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\tranlog\PeterLappyNode01Cell\PeterLappyNode01\server1\transaction\partnerlog\log1 Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\tranlog\PeterLappyNode01Cell\PeterLappyNode01\server1\transaction\partnerlog\log2 Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\tranlog\PeterLappyNode01Cell\PeterLappyNode01\server1\transaction\tranlog\log1 Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\tranlog\PeterLappyNode01Cell\PeterLappyNode01\server1\transaction\tranlog\log2 Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\wstemp\events\eventbuffer0.ser Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\wstemp\events\eventbuffer1.ser Object is locked skipped

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\profiles\default\wstemp\events\eventbuffer2.ser Object is locked skipped

    C:\Program Files\MySQL\MySQL Server 5.0\data\ibdata1 Object is locked skipped

    C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile0 Object is locked skipped

    C:\Program Files\MySQL\MySQL Server 5.0\data\ib_logfile1 Object is locked skipped

    C:\Program Files\MySQL\MySQL Server 5.0\data\PeterLappy.err Object is locked skipped

    C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

    C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

    C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

    C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped

    C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.Comet.bl skipped

    C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\sinstaller3.exe.vir NSIS: infected - 1 skipped

    C:\qoobox\Quarantine\C\Program Files\Screensavers.com\SSSInstaller\bin\SSSInstaller.dll.vir Infected: not-a-virus:AdWare.Win32.Comet.bl skipped

    C:\qoobox\Quarantine\C\WINDOWS\exefld\271250.exe.vir Infected: Trojan-Spy.Win32.Banker.fon skipped

    C:\RECYCLER\NPROTECT\NPROTECT.LOG Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{92C59AFD-37DD-4258-9A65-0C972A6EBD14}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

    C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

    C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\TEMP\ib2 Object is locked skipped

    C:\WINDOWS\TEMP\ib3 Object is locked skipped

    C:\WINDOWS\TEMP\ib4 Object is locked skipped

    C:\WINDOWS\TEMP\ib5 Object is locked skipped

    C:\WINDOWS\TEMP\ib6 Object is locked skipped

    C:\WINDOWS\TEMP\Perflib_Perfdata_278.dat Object is locked skipped

    C:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.


  4. Avast has finished.

    Since I ran it from Safe Mode, the file aswBoot.txt is empty. I'm still looking around if it has a way of making a report of this.

    It found and moved and deleted some threats. Most I had to delete them, because it wouldn't move them to the chest.

    I registered Avast now... before it wouldn't take me to the site, just keep getting error messages.

    I now have Avast running in Normal Mode, which I couldn't do before.

    I also installed the Sygate Firewall I had before, finally! :)

    I'm not getting any popups for now, but I've been on for about half an hour only.

    And the wireless is still not working.

    Here's the HiJack This Log:

    HiJack This

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 9:22:45 AM, on 11/5/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    C:\Program Files\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Google\Google Talk\googletalk.exe

    C:\Program Files\Common Files\Real\Update_OB\realsched.exe

    C:\Program Files\Lexmark 9300 Series\lxcqmon.exe

    C:\Program Files\Lexmark 9300 Series\ezprint.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\MSN Messenger\MsnMsgr.Exe

    C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\mqsvc.exe

    C:\WINDOWS\system32\mqtgsvc.exe

    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\inetsrv\inetinfo.exe

    C:\WINDOWS\system32\msiexec.exe

    C:\WINDOWS\system32\lxcqcoms.exe

    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

    C:\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

    O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"

    O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s

    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

    O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected]

    O4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\IEXPLORE.EXE http://www.symantec.com/techsupp/servlet/P...00001f.0000005e

    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll

    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab

    O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

    O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe

    O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe

    O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe

    O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe

    O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe

    O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe

    O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

    O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe

    --

    End of file - 13746 bytes


  5. Step 1 - I uninstalled norton with the removal tool. Folders were deleted in the process.

    Step 2 - Ran housecall. It took a while and 3 times my browser closed on its own and I had to start it again, but it finished. Deleted some worms and trojans.

    Step 3 - I'm currently running the scanning. After the first installation and restart, the .exe was deleted upon entering Windows. So I tried running in Safe mode, but couldn't get in it. So I ran ComboFix again, then updated the registry with the fix you gave me, installed Avast again, and now I'm in Safe Mode running a Thorough Scan.

    I'll update the post when its done. Just letting you now my status.


  6. OK. Done.

    Did Step 1, Step 2, and Step 3 of your last post.

    I am still not able to run an AntiVirus. I tried reinstalling Norton but it gets cancelled due to missing files and Panda says I don't have permissions to install ActiveX.

    Anyways, I uninstalled Norton, got an error in the process of a missing file, but it still uninstalled.

    I did the Jotti procedure but the file C:\Program.exe does not exist, so nothing happened.

    This is what I got back from www.virustotal.com:

    0 bytes size received / Se ha recibido un archivo vacio

    Here is the new HJT log:

    HiJackThis log

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 3:23:41 PM, on 11/3/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Google\Google Talk\googletalk.exe

    C:\Program Files\Lexmark 9300 Series\lxcqmon.exe

    C:\Program Files\Lexmark 9300 Series\ezprint.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\WINDOWS\system32\lxcqcoms.exe

    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\mqsvc.exe

    C:\WINDOWS\system32\mqtgsvc.exe

    C:\WINDOWS\system32\inetsrv\inetinfo.exe

    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

    C:\HiJackThis\HiJackThis.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

    O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"

    O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s

    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"

    O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected]

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll

    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab

    O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe

    O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe

    O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe

    O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe

    O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe

    O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe

    O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

    O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe

    --

    End of file - 12435 bytes


  7. Oh. Interesting. =)

    Ok. Here it is:

    Step 1 List:

    ABBYY FineReader 6.0 Sprint

    Adobe Bridge 1.0

    Adobe Common File Installer

    Adobe Flash Player 9 ActiveX

    Adobe Help Center 1.0

    Adobe Photoshop CS2

    Adobe Reader 8.1.1

    Adobe Stock Photos 1.0

    Adobe® Photoshop® Album Starter Edition 3.2

    Altova MissionKit for Enterprise XML Developers

    Antechinus JavaScript Editor v9.0

    Apache HTTP Server 2.0.59

    Apple Mobile Device Support

    Apple Software Update

    AtomixMP3 v2.1

    BitTornado 0.3.17

    ccCommon

    Conexant HD Audio

    Crystal Enterprise

    Crystal Enterprise APS Admin Plugin

    Crystal Enterprise Favorites Folder Plugin

    Customer Experience Enhancement

    CVSNT 2.5.03.2382

    DivX

    eMule

    Enterprise Information Portal for Multiplatforms

    exPressit S.E. 2.1

    ffdshow (remove only)

    FutureDecks Pro 1.0.0

    Google Talk (remove only)

    HijackThis 2.0.2

    Hotfix for Microsoft .NET Framework 3.0 (KB932471)

    Hotfix for Windows Media Format 11 SDK (KB929399)

    Hotfix for Windows Media Player 11 (KB939683)

    Hotfix for Windows XP (KB896256)

    Hotfix for Windows XP (KB896344)

    Hotfix for Windows XP (KB909095)

    Hotfix for Windows XP (KB910728)

    Hotfix for Windows XP (KB912436)

    Hotfix for Windows XP (KB914440)

    Hotfix for Windows XP (KB914906)

    Hotfix for Windows XP (KB915326)

    Hotfix for Windows XP (KB915865)

    Hotfix for Windows XP (KB918005)

    Hotfix for Windows XP (KB926239)

    HP Help and Support

    HP Imaging Device Functions 6.0

    HP Photosmart Premier Software 6.0

    HP Quick Launch Buttons 6.10 A2

    HP QuickPlay 2.3

    HP Update

    HP User Guides 0035

    HP Wireless Assistant 2.00 G2

    IBM Content Manager for iSeries Client for Windows

    IBM iSeries Access for Windows

    IBM WebSphere Development Studio Client for iSeries V6.0

    IBM WebSphere Studio Application Developer 5.1

    Image Page Procesor

    Intel® Graphics Media Accelerator Driver

    Intel® PRO Network Connections Drivers

    Internet Worm Protection

    iTunes

    J2SE Runtime Environment 5.0 Update 11

    Java 6 Update 3

    Java SE Runtime Environment 6 Update 1

    Karaoke Builder CD+G Player

    Lemonade Tycoon

    Lexmark 9300 Series

    LiveReg (Symantec Corporation)

    LiveUpdate 3.0 (Symantec Corporation)

    Macromedia Contribute 3.11

    Macromedia Dreamweaver 8

    Macromedia Extension Manager

    Macromedia Fireworks 8

    Macromedia Flash 8

    Macromedia Flash 8 Video Encoder

    Macromedia Flash Player 8

    Macromedia Flash Player 8

    Macromedia Flash Player 8 Plugin

    Macromedia Shockwave Player

    Magic ISO Maker v5.4 (build 0239)

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1

    Microsoft .NET Framework 1.1 Hotfix (KB928366)

    Microsoft .NET Framework 2.0

    Microsoft .NET Framework 3.0

    Microsoft .NET Framework 3.0

    Microsoft Compression Client Pack 1.0 for Windows XP

    Microsoft Internationalized Domain Names Mitigation APIs

    Microsoft National Language Support Downlevel APIs

    Microsoft Office Access MUI (English) 2007

    Microsoft Office Access Setup Metadata MUI (English) 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Enterprise 2007

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office Groove MUI (English) 2007

    Microsoft Office Groove Setup Metadata MUI (English) 2007

    Microsoft Office InfoPath MUI (English) 2007

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office Outlook MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office Project MUI (English) 2007

    Microsoft Office Project Professional 2007

    Microsoft Office Project Professional 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (English) 2007

    Microsoft Office Publisher MUI (English) 2007

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office Visio MUI (English) 2007

    Microsoft Office Visio Professional 2007

    Microsoft Office Visio Professional 2007

    Microsoft Office Word MUI (English) 2007

    Microsoft User-Mode Driver Framework Feature Pack 1.0

    Microsoft Works

    mIRC

    Mozilla Firefox (2.0.0.8)

    MSRedist

    MSXML 4.0 SP2 (KB927978)

    MSXML 4.0 SP2 (KB936181)

    MSXML 6.0 Parser (KB933579)

    MSXML4 Parser

    My HP Games

    MySQL Connector/ODBC 3.51

    MySQL Server 5.0

    MySQL Tools for 5.0

    NetScreen Remote Login

    NetScreen-Remote

    NetWaiting

    No-IP.com DUC (remove only)

    Norton AntiVirus 2005

    Norton AntiVirus Parent MSI

    Norton CleanSweep

    Norton SystemWorks

    Norton SystemWorks 2005 (Symantec Corporation)

    Norton Utilities

    Norton WMI Update

    NoteTab Light (Remove only)

    NSW_DRM_COLLECTION

    Office 2003 Trial Assistant

    PDFCreator

    PDFCreator Toolbar

    PowerISO

    Presto! Forms 3.50.02

    Presto! PageManager 7.12.10

    QuickTime

    RealPlayer

    REM 1.2.2

    Rise of Nations

    Roxio Easy Media Creator 7

    Sandlot Games Client Services

    Security Update for Microsoft .NET Framework 2.0 (KB928365)

    Security Update for Step By Step Interactive Training (KB898458)

    Security Update for Step By Step Interactive Training (KB923723)

    Security Update for Windows Internet Explorer 7 (KB937143)

    Security Update for Windows Internet Explorer 7 (KB938127)

    Security Update for Windows Internet Explorer 7 (KB939653)

    Security Update for Windows Media Player (KB911564)

    Security Update for Windows Media Player 10 (KB917734)

    Security Update for Windows Media Player 10 (KB936782)

    Security Update for Windows Media Player 11 (KB936782)

    Security Update for Windows Media Player 6.4 (KB925398)

    Security Update for Windows Media Player 9 (KB911565)

    Security Update for Windows XP (KB893066)

    Security Update for Windows XP (KB893756)

    Security Update for Windows XP (KB896358)

    Security Update for Windows XP (KB896422)

    Security Update for Windows XP (KB896423)

    Security Update for Windows XP (KB896424)

    Security Update for Windows XP (KB896428)

    Security Update for Windows XP (KB899587)

    Security Update for Windows XP (KB899591)

    Security Update for Windows XP (KB900725)

    Security Update for Windows XP (KB901017)

    Security Update for Windows XP (KB901190)

    Security Update for Windows XP (KB901214)

    Security Update for Windows XP (KB902400)

    Security Update for Windows XP (KB903235)

    Security Update for Windows XP (KB904706)

    Security Update for Windows XP (KB905414)

    Security Update for Windows XP (KB905749)

    Security Update for Windows XP (KB908519)

    Security Update for Windows XP (KB911562)

    Security Update for Windows XP (KB911927)

    Security Update for Windows XP (KB912919)

    Security Update for Windows XP (KB913446)

    Security Update for Windows XP (KB913580)

    Security Update for Windows XP (KB914388)

    Security Update for Windows XP (KB914389)

    Security Update for Windows XP (KB917344)

    Security Update for Windows XP (KB917422)

    Security Update for Windows XP (KB917537)

    Security Update for Windows XP (KB917953)

    Security Update for Windows XP (KB918118)

    Security Update for Windows XP (KB918439)

    Security Update for Windows XP (KB919007)

    Security Update for Windows XP (KB920213)

    Security Update for Windows XP (KB920670)

    Security Update for Windows XP (KB920683)

    Security Update for Windows XP (KB920685)

    Security Update for Windows XP (KB921398)

    Security Update for Windows XP (KB921503)

    Security Update for Windows XP (KB922616)

    Security Update for Windows XP (KB922819)

    Security Update for Windows XP (KB923191)

    Security Update for Windows XP (KB923414)

    Security Update for Windows XP (KB923689)

    Security Update for Windows XP (KB923694)

    Security Update for Windows XP (KB923980)

    Security Update for Windows XP (KB924191)

    Security Update for Windows XP (KB924270)

    Security Update for Windows XP (KB924496)

    Security Update for Windows XP (KB924667)

    Security Update for Windows XP (KB925454)

    Security Update for Windows XP (KB925902)

    Security Update for Windows XP (KB926255)

    Security Update for Windows XP (KB926436)

    Security Update for Windows XP (KB927779)

    Security Update for Windows XP (KB927802)

    Security Update for Windows XP (KB928090)

    Security Update for Windows XP (KB928255)

    Security Update for Windows XP (KB928843)

    Security Update for Windows XP (KB929123)

    Security Update for Windows XP (KB929969)

    Security Update for Windows XP (KB930178)

    Security Update for Windows XP (KB931261)

    Security Update for Windows XP (KB931768)

    Security Update for Windows XP (KB931784)

    Security Update for Windows XP (KB932168)

    Security Update for Windows XP (KB933566)

    Security Update for Windows XP (KB933729)

    Security Update for Windows XP (KB935839)

    Security Update for Windows XP (KB935840)

    Security Update for Windows XP (KB936021)

    Security Update for Windows XP (KB937143)

    Security Update for Windows XP (KB938127)

    Security Update for Windows XP (KB938829)

    Security Update for Windows XP (KB939373)

    Security Update for Windows XP (KB941202)

    SmartFTP Client 2.0

    SnagIt 8

    Soft Data Fax Modem with SmartCP

    Sonic Audio Module

    Sonic Copy Module

    Sonic Data Module

    Sonic Express Labeler

    Sonic MyDVD Plus

    Sonic Update Manager

    SPBBC

    Super Mp3 Editor 5.0

    Symantec KB-DocID:2003093015493306

    Symantec Script Blocking Installer

    SymNet

    Synaptics Pointing Device Driver

    Tank-o-Box

    TortoiseCVS 1.8.30

    Trillian

    Update for Windows XP (KB894391)

    Update for Windows XP (KB896727)

    Update for Windows XP (KB898461)

    Update for Windows XP (KB900485)

    Update for Windows XP (KB904942)

    Update for Windows XP (KB908531)

    Update for Windows XP (KB910437)

    Update for Windows XP (KB911280)

    Update for Windows XP (KB916595)

    Update for Windows XP (KB920872)

    Update for Windows XP (KB922582)

    Update for Windows XP (KB925720)

    Update for Windows XP (KB925876)

    Update for Windows XP (KB927891)

    Update for Windows XP (KB929338)

    Update for Windows XP (KB930916)

    Update for Windows XP (KB931836)

    Update for Windows XP (KB933360)

    Update for Windows XP (KB936357)

    Update for Windows XP (KB938828)

    VNC Free Edition 4.1.2

    Vongo

    WildTangent Web Driver

    Windows Communication Foundation

    Windows Imaging Component

    Windows Installer 3.1 (KB893803)

    Windows Internet Explorer 7

    Windows Live Messenger

    Windows Media Connect

    Windows Media Format 11 runtime

    Windows Media Format 11 runtime

    Windows Media Player 11

    Windows Media Player 11

    Windows Presentation Foundation

    Windows Workflow Foundation

    Windows XP Hotfix - KB873333

    Windows XP Hotfix - KB873339

    Windows XP Hotfix - KB884575

    Windows XP Hotfix - KB885250

    Windows XP Hotfix - KB885464

    Windows XP Hotfix - KB885835

    Windows XP Hotfix - KB885836

    Windows XP Hotfix - KB885855

    Windows XP Hotfix - KB885884

    Windows XP Hotfix - KB886185

    Windows XP Hotfix - KB887472

    Windows XP Hotfix - KB888113

    Windows XP Hotfix - KB888239

    Windows XP Hotfix - KB888302

    Windows XP Hotfix - KB888402

    Windows XP Hotfix - KB889673

    Windows XP Hotfix - KB890859

    Windows XP Hotfix - KB891781

    Windows XP Hotfix - KB892559

    WinMerge 2.2.4.0

    WinRAR archiver

    Wireless Home Network Setup

    Ok..

    In Step 2, the first two O2 on the list are not in the scan.

    I do have one listed from the previous scan: O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

    The third O2 is there for checking and so is O3.

    I want to note that the O16 one, fortisslvpn, I remember it being installed in summer for work. It allows me to connect to a vpn. If you believe it has to be fixed, i'll click it and have them install it again later on.

    I kept on reading to see if I could do anything else, but I think I shouldn't. I didn't click Fix Checked yet, since this situation came up, so I'll wait until you give me the go.

    Here is the HiJackThis I'm getting now.

    HiJackThis

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 4:20:07 PM, on 11/2/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Google\Google Talk\googletalk.exe

    C:\Program Files\Lexmark 9300 Series\lxcqmon.exe

    C:\Program Files\Lexmark 9300 Series\ezprint.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\WINDOWS\system32\lxcqcoms.exe

    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\mqsvc.exe

    C:\WINDOWS\system32\mqtgsvc.exe

    C:\WINDOWS\system32\inetsrv\inetinfo.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\IBM\Rational\SDP\6.0\eclipse\eclipse.exe

    C:\Program Files\IBM\Rational\SDP\6.0\eclipse\jre\bin\javaw.exe

    C:\Program Files\Mozilla Firefox\firefox.exe

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\java\bin\java.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\IBM\Client Access\cwbunnav.exe

    C:\Program Files\IBM\Client Access\jre\bin\javaw.exe

    C:\Program Files\iTunes\iTunes.exe

    C:\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll (file missing)

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

    O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"

    O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s

    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"

    O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected]

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll

    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab

    O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe

    O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe

    O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe

    O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe

    O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe

    O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe

    O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

    O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe

    --

    End of file - 13571 bytes


  8. Thx MoNsTeReNeRgY22

    Downloaded HiJackThis and Combofix. Here are the logs:

    HiJack This log:

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 3:57:07 PM, on 11/1/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Google\Google Talk\googletalk.exe

    C:\Program Files\Lexmark 9300 Series\lxcqmon.exe

    C:\Program Files\Lexmark 9300 Series\ezprint.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\mqsvc.exe

    C:\WINDOWS\system32\mqtgsvc.exe

    C:\WINDOWS\system32\inetsrv\inetinfo.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\WINDOWS\system32\lxcqcoms.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\Program Files\Internet Explorer\iexplore.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\Program Files\IBM\Rational\SDP\6.0\eclipse\eclipse.exe

    C:\Program Files\IBM\Rational\SDP\6.0\eclipse\jre\bin\javaw.exe

    C:\Program Files\IBM\Rational\SDP\6.0\runtimes\base_v6\java\bin\java.exe

    C:\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O1 - Hosts: 176.185.1.1 iseries

    O1 - Hosts: 98.19.1.11 odysseus

    O1 - Hosts: 98.19.1.4 aux400

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {18AA4575-67E5-4807-92AF-A4923D98E974} - (no file)

    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

    O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

    O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"

    O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s

    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"

    O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected]

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll

    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab

    O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe

    O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe

    O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe

    O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe

    O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe

    O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe

    O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

    O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe

    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\WildTangent\Apps\My HP Game Console\GameConsoleService.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe

    --

    End of file - 14041 bytes

    ComboFix log:

    ComboFix 07-11-01.1** - PET3R 2007-11-01 16:06:40.1 - NTFSx86

    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1297 [GMT -4:00]Running from: C:\Documents and Settings\PET3R\Desktop\ComboFix.exe

    * Created a new restore point

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    C:\Documents and Settings\All Users\Application Data.\Starware316

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\775_button_1b_def.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindIt.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\FindItHot.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\findithotxp.png

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\finditxp.png

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Free_Credit_Score0.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Free_Music0.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logo.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\logoxp.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Reference.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\ReferenceHot.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencehotxp.png

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\referencexp.png

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Ringtones0.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Screensavers0.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\Weather.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\WeatherHot.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherhotxp.png

    C:\Documents and Settings\All Users\Application Data.\Starware316\buttons\weatherxp.png

    C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\error.xml

    C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Related.xml

    C:\Documents and Settings\All Users\Application Data.\Starware316\contexts\Travel.xml

    C:\Documents and Settings\All Users\Application Data.\Starware316\images\walert.bmp

    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml

    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup

    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml

    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup

    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml

    C:\Documents and Settings\All Users\Application Data.\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\775_button_1b_def.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindIt.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\FindItHot.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\findithotxp.png

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\finditxp.png

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Credit_Score0.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Free_Music0.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logo.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\logoxp.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Reference.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\ReferenceHot.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencehotxp.png

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\referencexp.png

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Ringtones0.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Screensavers0.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\Weather.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\WeatherHot.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherhotxp.png

    C:\Documents and Settings\All Users\Application Data\Starware316\buttons\weatherxp.png

    C:\Documents and Settings\All Users\Application Data\Starware316\contexts\error.xml

    C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Related.xml

    C:\Documents and Settings\All Users\Application Data\Starware316\contexts\Travel.xml

    C:\Documents and Settings\All Users\Application Data\Starware316\images\walert.bmp

    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml

    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\ProductMessagingConfig.xml.backup

    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml

    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\SimpleUpdateConfig.xml.backup

    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml

    C:\Documents and Settings\All Users\Application Data\Starware316\SimpleUpdate\TimerManagerConfig.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316

    C:\Documents and Settings\PET3R\Application Data\Starware316\BrowserSearch\BrowserSearch.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\BrowserSearch\BrowserSearch.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Configurator\Configurator.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Configurator\Configurator.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\ErrorSearch\ErrorSearchOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Free_Credit_Score\Free_Credit_ScoreOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Free_Music\Free_MusicOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Free_Music\Free_MusicOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Layouts\ToolbarLayout.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Layouts\ToolbarLayout.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Manager\ManagerOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Manager\ManagerOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Reference\ReferenceOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Reference\ReferenceOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\RelatedSearch\RelatedSearchOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Ringtones\RingtonesOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Ringtones\RingtonesOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Screensavers\ScreensaversOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Screensavers\ScreensaversOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Toolbar\TBProductsOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Toolbar\TBProductsOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\ToolbarLogo\ToolbarLogoOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\ToolbarSearch\ToolbarSearchOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\TravelSearch\TravelSearchOptions.xml.backup

    C:\Documents and Settings\PET3R\Application Data\Starware316\Weather\AlertArchive.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Weather\WeatherOptions.xml

    C:\Documents and Settings\PET3R\Application Data\Starware316\Weather\WeatherOptions.xml.backup

    C:\Program Files\screensavers.com

    C:\Program Files\screensavers.com\ActiveDesktop\bin\ActiveDesktopExe.exe

    C:\Program Files\screensavers.com\SSSInstaller\bin\screensavers.exe

    C:\Program Files\screensavers.com\SSSInstaller\bin\sinstaller3.exe

    C:\Program Files\screensavers.com\SSSInstaller\bin\SSSInstaller.dll

    C:\Program Files\screensavers.com\SSSUninst.exe

    C:\Program Files\Starware316

    C:\Program Files\Starware316\bin\Starware316.dll

    C:\Program Files\Starware316\icons\star_16.ico

    C:\Program Files\Starware316\Starware316Config.xml

    C:\Program Files\Starware316\Starware316Uninstall.exe

    C:\WINDOWS\exefld

    C:\WINDOWS\exefld\14688046.exe

    C:\WINDOWS\exefld\14717500.exe

    C:\WINDOWS\exefld\14726281.exe

    C:\WINDOWS\exefld\18132046.exe

    C:\WINDOWS\exefld\258203.exe

    C:\WINDOWS\exefld\270937.exe

    C:\WINDOWS\exefld\271250.exe

    C:\WINDOWS\exefld\29126000.exe

    C:\WINDOWS\exefld\29168406.exe

    C:\WINDOWS\exefld\295093.exe

    C:\WINDOWS\exefld\29866015.exe

    C:\WINDOWS\exefld\310031.exe

    C:\WINDOWS\exefld\3714578.exe

    C:\WINDOWS\exefld\919875.exe

    C:\WINDOWS\system32\drivers\hidr.exe

    C:\WINDOWS\system32\drivers\srosa.sys

    C:\WINDOWS\system32\wintems.exe

    D:\Autorun.inf

    .

    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    -------\LEGACY_SROSA

    -------\srosa

    ((((((((((((((((((((((((( Files Created from 2007-10-01 to 2007-11-01 )))))))))))))))))))))))))))))))

    .

    2007-11-01 15:59 51,200 --a------ C:\WINDOWS\NirCmd.exe

    2007-10-31 14:03 <DIR> d-------- C:\Documents and Settings\PET3R\Application Data\PlayFirst

    2007-10-31 14:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst

    2007-10-29 00:58 <DIR> d-------- C:\HiJackThis

    2007-10-27 13:04 <DIR> d-------- C:\Documents and Settings\PET3R\FutureDecks Data

    2007-10-27 13:04 126,976 --a------ C:\WINDOWS\system32\HDJAPI.dll

    2007-10-27 13:04 86,016 --a------ C:\WINDOWS\system32\HRFDongle.dll

    2007-10-27 13:03 <DIR> d-------- C:\Program Files\FutureDecksPro

    2007-10-22 15:15 <DIR> d-------- C:\Program Files\DOSBox-0.72

    2007-10-22 14:23 <DIR> d-------- C:\Screensavers.com

    2007-10-22 14:23 2,285,222 --a------ C:\WINDOWS\Matrix Code.exe

    2007-10-22 14:23 232,784 --a------ C:\WINDOWS\Matrix Code.scr

    2007-10-22 14:23 29,696 --a------ C:\WINDOWS\mickey32.dll

    2007-10-10 10:57 <DIR> d-------- C:\Program Files\iPod

    2007-10-09 14:04 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll

    2007-10-05 13:33 <DIR> d-------- C:\Program Files\CPoint

    2007-10-01 09:20 <DIR> d-------- C:\FileNet

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2007-11-01 16:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared

    2007-10-31 21:00 --------- d-----w C:\Program Files\HP Games

    2007-10-30 01:31 --------- d-----w C:\Program Files\eMule

    2007-10-30 00:22 --------- d-----w C:\Documents and Settings\PET3R\Application Data\.BitTornado

    2007-10-25 23:29 --------- d-----w C:\Documents and Settings\PET3R\Application Data\MySQL

    2007-10-22 17:05 --------- d-----w C:\Program Files\Norton SystemWorks

    2007-10-10 14:58 --------- d-----w C:\Program Files\iTunes

    2007-10-09 00:30 --------- d-----w C:\Program Files\Java

    2007-10-04 12:43 --------- d-----w C:\Program Files\Lx_cats

    2007-09-27 21:16 --------- d-----w C:\Documents and Settings\PET3R\Application Data\U3

    2007-09-24 19:26 --------- d-----w C:\Program Files\Apple Software Update

    2007-09-12 22:18 --------- d-----w C:\Program Files\MSN Messenger

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

    "{1962c5bc-e475-465b-823b-133e711bceb9}"= C:\Program Files\Starware316\bin\Starware316.dll [ ]

    [HKEY_CLASSES_ROOT\CLSID\{1962c5bc-e475-465b-823b-133e711bceb9}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 01:58]

    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-22 16:13]

    "MsmqIntCert"="regsvr32 /s mqrt.dll" []

    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 00:47]

    "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 17:22]

    "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []

    "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-05-02 20:21]

    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]

    "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09]

    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-04 13:23]

    "Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2007-03-05 05:40]

    "lxcqmon.exe"="C:\Program Files\Lexmark 9300 Series\lxcqmon.exe" [2006-10-23 10:51]

    "Lexmark 9300 Series Fax Server"="C:\Program Files\Lexmark 9300 Series\fm3032.exe" [2006-10-26 02:33]

    "EzPrint"="C:\Program Files\Lexmark 9300 Series\ezprint.exe" [2006-10-06 05:01]

    "LXCQCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll" [2006-10-15 21:25]

    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]

    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 17:00]

    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-09-12 18:18]

    "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []

    "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2004-02-08 07:06]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    Monitor Apache Servers.lnk - C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe [2006-07-27 15:59:08]

    NetScreen-Remote.lnk - C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe [2007-07-09 10:13:18]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

    "NoViewOnDrive"=0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

    "Authentication Packages"= msv1_0 setuid

    SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

    @="Driver Group"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

    @="DiskDrive"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

    @="Hdc"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

    @="Keyboard"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

    @="Mouse"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

    @="System"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

    @="Volume"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

    backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

    C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

    "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]

    CHDAudPropShortcut.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

    C:\WINDOWS\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

    C:\WINDOWS\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

    "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

    "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

    C:\Program Files\PowerISO\PWRISOVM.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]

    %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

    "C:\Program Files\HP\QuickPlay\QPService.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]

    C:\Windows\SMINST\RecGuard.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

    "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "NProtectService"=2 (0x2)

    "NPFMntor"=2 (0x2)

    "navapsvc"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8350ab54-d3c1-11db-bdc7-0018de872e79}]

    \Shell\AutoRun\command - G:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a459e7a3-6d26-11dc-bf22-0018de872e79}]

    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5f821a7-dca3-11db-bddd-0018de872e79}]

    \Shell\AutoRun\command - G:\portable_apps\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

    *Newly Created Service* - MDMXSDK

    .

    Contents of the 'Scheduled Tasks' folder

    "2007-10-29 22:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

    "2007-11-01 15:50:00 C:\WINDOWS\Tasks\Fantasy NBA.job"

    - C:\PROGRA~1\MOZILL~1\firefox.exe

    "2007-11-01 18:20:58 C:\WINDOWS\Tasks\Fantasy NFL.job"

    - C:\PROGRA~1\MOZILL~1\firefox.exe

    "2007-09-29 00:00:53 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - PET3R.job"

    - C:\PROGRA~1\NORTON~1\NORTON~3\Navw32.exe

    "2007-10-22 17:05:47 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"

    "2007-10-26 04:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"

    .

    **************************************************************************

    catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2007-11-01 16:18:37

    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    Completion time: 2007-11-01 16:19:35

    .

    --- E O F ---


  9. First off, How i got my virus (if its a virus): I downloaded 2 different programs that may have caused it. One, a screen saver program, because to download something I had to download a demo of a screensaver program. Second, a software for mixing music, which I think this one impaired my laptop.

    Noticable Effects: First thing that happened, a lot of popups with blank sites started popping up. I wondered why didnt i get a warning that it was loading a site... and I found out my Sygate Firewall was disabled, then i saw my Norton Antivirus was disabled. So the virus disabled both my firewall and antivirus and it wont let me install them again or repair them. My Wireless Connection is not working. I'm currently connected by cable now.

    What I've done: I tried installing other antivirus software, but I've had no success there. It stops when it is about to install the main exe file. ie. NMain.exe, smc.exe. So, I connected thru my bro's computer and ran Kapersky. It found out two adware named something like ssinstall.exe (probably the screen saver). Those two are gone. I tried online scan with Panda, but it won't let me install the ActiveX control. So, I got HiJackThis and ran it. If there is anything else I can provide to help, please ask. Thx in advance for the help.

    Here's the HiJackThis log from notepad:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)

    Scan saved at 1:27:32 AM, on 10/29/2007

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    C:\WINDOWS\System32\svchost.exe

    C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    C:\WINDOWS\system32\lxcqcoms.exe

    C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

    C:\WINDOWS\system32\HPZipm12.exe

    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\mqsvc.exe

    C:\WINDOWS\system32\mqtgsvc.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\inetsrv\inetinfo.exe

    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    C:\WINDOWS\system32\hkcmd.exe

    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

    C:\Program Files\Lexmark 9300 Series\lxcqmon.exe

    C:\Program Files\Lexmark 9300 Series\ezprint.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

    C:\Downloads\HiJackThis_v2.exe

    C:\HiJackThis\HiJackThis_v2.exe

    C:\WINDOWS\system32\msiexec.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://localhost:9080/RAPID

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O1 - Hosts: 176.185.1.1 iseries

    O1 - Hosts: 98.19.1.11 odysseus

    O1 - Hosts: 98.19.1.4 aux400

    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    O2 - BHO: (no name) - {18AA4575-67E5-4807-92AF-A4923D98E974} - (no file)

    O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

    O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Program Files\Starware316\bin\Starware316.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office12\GRA8E1~1.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll

    O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll

    O3 - Toolbar: Starware Screensavers Toolbar - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Program Files\Starware316\bin\Starware316.dll

    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe

    O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe

    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe

    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

    O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"

    O4 - HKLM\..\Run: [lxcqmon.exe] "C:\Program Files\Lexmark 9300 Series\lxcqmon.exe"

    O4 - HKLM\..\Run: [Lexmark 9300 Series Fax Server] "C:\Program Files\Lexmark 9300 Series\fm3032.exe" /s

    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 9300 Series\ezprint.exe"

    O4 - HKLM\..\Run: [LXCQCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCQtime.dll,[email protected]

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe

    O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\NetScreen\NetScreen-Remote\SafeCfg.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2007\spy.htm

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

    O12 - Plugin for .NPSSView: C:\Program Files\Seagate Software\Viewers\ActiveXViewer\\NPssView.dll

    O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop

    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab

    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab

    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

    O16 - DPF: {71C140F3-1A84-430B-9035-68815582DC79} (Crystal Report Prompt Info Control) - http://192.168.3.187/viewer/activeXViewer/...meterdialog.cab

    O16 - DPF: {B0882EB7-81A5-4A11-8D45-71888F973933} (fortisslvpn Class) - https://207.150.244.172/sslvpn.cab

    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~4\Office12\GR99D3~1.DLL

    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe

    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe

    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

    O23 - Service: Crystal Cache Server (CacheServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\cacheserver.exe

    O23 - Service: Crystal APS (CrystalAPS) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\CrystalAPS.exe

    O23 - Service: Crystal Input File Repository Server (CrystalInputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\inputfileserver.exe

    O23 - Service: Crystal Output File Repository Server (CrystalOutputFileServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\Enterprise\x86\outputfileserver.exe

    O23 - Service: CVSNT Locking Service 2.5.03.2382 (cvslock) - Unknown owner - C:\Program Files\CVSNT\cvslock.exe

    O23 - Service: CVSNT Dispatch service 2.5.03.2382 (cvsnt) - March Hare Software Ltd - C:\Program Files\CVSNT\cvsservice.exe

    O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE

    O23 - Service: DCS Loader (DCSLoader) - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHALDCS.EXE

    O23 - Service: FortiSslvpnDaemon - Fortinet Inc. - C:\WINDOWS\system32\FortiSslvpnDaemon.exe

    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IPSecMon.exe

    O23 - Service: SafeNet IKE Service (IREIKE) - SafeNet - C:\Program Files\NetScreen\NetScreen-Remote\IreIKE.exe

    O23 - Service: Crystal Report Job Server (JobServer_Report) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\JobServer.exe

    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

    O23 - Service: lxcq_device - - C:\WINDOWS\system32\lxcqcoms.exe

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: Crystal Page Server (pageserver) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\pageserver.exe

    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE

    O23 - Service: Crystal Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program Files\Seagate Software\WCS\WebCompServer.exe

    --

    End of file - 14343 bytes