Google Redirect Virus

Hewlett-packard / Pavilion dv5000 (ez533ua#...
November 4, 2009 at 14:11:52
Specs: Microsoft Windows XP Professional, 1.989 GHz / 1022 MB
Alright it seems that all of my Google search results have been redirecting me to unrelated sites. I have scanned with Norton and it has found nothing. Help would be greatly appreciated.

See More: Google Redirect Virus

Report •


#1
November 4, 2009 at 16:30:50
Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

Please post the contents of both logs (in separate post) in your next reply.


Report •

#2
November 4, 2009 at 19:53:16
Okay well Win32 was weird it didn't do anything and just gave me this:

Running from: C:\Documents and Settings\User\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\User\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!


Report •

#3
November 4, 2009 at 20:11:08
This is the log.txt well half of it:

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2009-11-04 20:11:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 36 GB (58%) free of 62 GB
Total RAM: 1022 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:11:09 PM, on 11/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\RSIT.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?T...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://h20239.www2.hp.com/techcente...
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PCLEUSBTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10233 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - User.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-10-16 322864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-10-16 505136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-10 344064]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-19 729178]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2005-12-12 94208]
"eabconfg.cpl"=C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe [2005-12-22 405504]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2005-08-01 233534]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-12-13 507904]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-09 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"PCLEUSBTip"=C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe []
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe [2004-03-10 406016]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-09-16 52848]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Extender Resource Monitor.lnk - C:\WINDOWS\ehome\RMSysTry.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-11-10 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\ehome\ehshell.exe"="C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"


Report •

Related Solutions

#4
November 4, 2009 at 20:11:46
Here is the other half:

======List of files/folders created in the last 1 months======

2009-11-04 19:55:41 ----D---- C:\rsit
2009-11-04 19:55:41 ----D---- C:\Program Files\trend micro
2009-11-03 19:03:50 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-03 19:03:50 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-03 19:03:50 ----A---- C:\WINDOWS\system32\java.exe
2009-11-01 14:31:22 ----D---- C:\Documents and Settings\User\Application Data\Malwarebytes
2009-11-01 14:31:13 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-11-01 14:31:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-30 21:14:08 ----D---- C:\Program Files\iPod
2009-10-30 21:14:02 ----D---- C:\Program Files\iTunes
2009-10-29 18:15:22 ----D---- C:\Documents and Settings\User\Application Data\HpUpdate
2009-10-24 23:13:19 ----D---- C:\Program Files\VideoLAN
2009-10-24 15:49:25 ----D---- C:\Program Files\tamasoftware
2009-10-24 10:48:58 ----D---- C:\Documents and Settings\User\Application Data\Symantec
2009-10-24 10:43:02 ----D---- C:\Program Files\Norton AntiVirus
2009-10-24 10:42:46 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-10-24 10:41:18 ----D---- C:\Program Files\Symantec
2009-10-24 10:41:13 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-10-23 22:07:39 ----D---- C:\WINDOWS\system32\searchplugins
2009-10-23 22:01:56 ----D---- C:\Program Files\Windows Sidebar
2009-10-23 22:01:35 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-10-23 21:49:25 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-10-19 16:11:15 ----A---- C:\WINDOWS\MovingPicture.ini
2009-10-19 14:39:38 ----A---- C:\WINDOWS\video_profiles.txt
2009-10-19 14:39:38 ----A---- C:\WINDOWS\fix_setting.txt
2009-10-19 14:39:37 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2009-10-19 14:23:03 ----D---- C:\Program Files\proDAD
2009-10-19 14:11:57 ----D---- C:\Program Files\AdorageI-SAL
2009-10-19 14:11:57 ----D---- C:\Program Files\AdorageI-GfxDatas
2009-10-19 14:11:56 ----A---- C:\adorage-protocol.txt
2009-10-19 13:56:59 ----A---- C:\WINDOWS\system32\pvmjpg30.dll
2009-10-19 13:56:58 ----A---- C:\WINDOWS\system32\LTRPR13n.DLL
2009-10-19 13:56:58 ----A---- C:\WINDOWS\system32\LTRFD13n.DLL
2009-10-19 13:56:50 ----A---- C:\WINDOWS\system32\lfwmf13s.dll
2009-10-19 13:56:50 ----A---- C:\WINDOWS\system32\lftif13s.dll
2009-10-19 13:56:49 ----A---- C:\WINDOWS\system32\lfpng13s.dll
2009-10-19 13:56:49 ----A---- C:\WINDOWS\system32\lfpcx13s.dll
2009-10-19 13:56:49 ----A---- C:\WINDOWS\system32\lfpct13s.dll
2009-10-19 13:56:49 ----A---- C:\WINDOWS\system32\lfpcd13s.dll
2009-10-19 13:56:49 ----A---- C:\WINDOWS\system32\LFJ2K13s.dll
2009-10-19 13:56:49 ----A---- C:\WINDOWS\system32\lfgif13s.dll
2009-10-19 13:56:49 ----A---- C:\WINDOWS\system32\lffax13s.dll
2009-10-19 13:56:49 ----A---- C:\WINDOWS\system32\lfeps13s.dll
2009-10-19 13:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2009-10-19 13:54:49 ----D---- C:\Program Files\SmartSound Software
2009-10-19 13:53:42 ----A---- C:\WINDOWS\VFO.INI
2009-10-19 13:53:42 ----A---- C:\AUTOEXEC.BAT
2009-10-19 13:53:18 ----D---- C:\Program Files\DivX
2009-10-19 13:53:07 ----A---- C:\WINDOWS\RSETPATH.exe
2009-10-19 13:51:38 ----D---- C:\WINDOWS\Downloaded Installations
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC71KOR.DLL
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC71JPN.DLL
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC71ITA.DLL
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC71FRA.DLL
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC71ESP.DLL
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC71ENU.DLL
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC71DEU.DLL
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC71CHT.DLL
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC71CHS.DLL
2009-10-19 13:51:30 ----A---- C:\WINDOWS\system32\MFC70U.DLL
2009-10-19 13:51:29 ----A---- C:\WINDOWS\system32\PCLEGetGuid.dll
2009-10-19 13:51:29 ----A---- C:\WINDOWS\system32\MFC70.DLL
2009-10-19 13:50:25 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
2009-10-19 13:46:52 ----N---- C:\WINDOWS\system32\RALMain.dll
2009-10-19 13:46:52 ----N---- C:\WINDOWS\system32\MMAviAx.dll
2009-10-19 13:46:52 ----N---- C:\WINDOWS\system32\MLPagAx.dll
2009-10-19 13:46:52 ----N---- C:\WINDOWS\system32\DiskIO.dll
2009-10-19 13:46:52 ----N---- C:\WINDOWS\system32\CacheX.dll
2009-10-19 13:46:52 ----N---- C:\WINDOWS\system32\AVIPrAx.dll
2009-10-19 13:44:32 ----N---- C:\WINDOWS\system32\Ltwvc13n.dll
2009-10-19 13:44:32 ----N---- C:\WINDOWS\system32\Ltrio13n.dll
2009-10-19 13:44:32 ----N---- C:\WINDOWS\system32\Ltr13n.dll
2009-10-19 13:44:32 ----N---- C:\WINDOWS\system32\ltkrn13n.dll
2009-10-19 13:44:32 ----N---- C:\WINDOWS\system32\ltfil13n.DLL
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\LTCLR13s.dll
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\LTCLR13n.dll
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\LMUIRes.dll
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\LMLRes.dll
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\lftga13s.dll
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\lftga13n.dll
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\lfpsd13s.dll
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\LFCMP13s.DLL
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\LFCMP13n.DLL
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\lfbmp13s.dll
2009-10-19 13:44:31 ----N---- C:\WINDOWS\system32\lfbmp13n.dll
2009-10-19 13:44:31 ----A---- C:\WINDOWS\system32\mase32.dll
2009-10-19 13:44:31 ----A---- C:\WINDOWS\system32\masd32.dll
2009-10-19 13:44:31 ----A---- C:\WINDOWS\system32\mamc32.dll
2009-10-19 13:44:31 ----A---- C:\WINDOWS\system32\macd32.dll
2009-10-19 13:44:27 ----A---- C:\WINDOWS\system32\ma32.dll
2009-10-19 13:44:13 ----N---- C:\WINDOWS\system32\ATL70.DLL
2009-10-19 13:43:10 ----D---- C:\Documents and Settings\All Users\Application Data\Pinnacle
2009-10-19 13:43:06 ----D---- C:\Program Files\Pinnacle
2009-10-19 13:42:44 ----D---- C:\Documents and Settings\User\Application Data\InstallShield
2009-10-16 12:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-16 12:40:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-16 12:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-16 12:39:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-16 12:39:30 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-16 12:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-16 12:37:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-16 12:37:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-16 12:36:57 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-10-16 12:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 21:17:13 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-10-08 09:19:57 ----D---- C:\Program Files\MSXML 4.0
2009-10-07 18:55:41 ----D---- C:\Documents and Settings\User\Application Data\WinRAR
2009-10-07 13:41:46 ----D---- C:\Documents and Settings\User\Application Data\HPAppData
2009-10-07 10:40:04 ----D---- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2009-10-07 10:37:39 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2009-10-07 10:37:38 ----D---- C:\Documents and Settings\User\Application Data\HP
2009-10-07 10:29:38 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-10-07 10:25:08 ----D---- C:\WINDOWS\hpoj6500e709
2009-10-07 10:23:22 ----A---- C:\WINDOWS\system32\hpf3l082.dll
2009-10-07 10:23:21 ----RA---- C:\WINDOWS\system32\hpzids01.dll
2009-10-07 10:22:57 ----RA---- C:\WINDOWS\system32\hpwwiax5.dll
2009-10-07 10:22:57 ----RA---- C:\WINDOWS\system32\hpwtiop4.dll
2009-10-07 10:22:57 ----RA---- C:\WINDOWS\system32\hppldcoi.dll
2009-10-07 10:22:57 ----RA---- C:\WINDOWS\system32\hpovst11.dll
2009-10-07 10:22:57 ----RA---- C:\WINDOWS\system32\difxapi.dll
2009-10-07 10:21:29 ----D---- C:\Program Files\Common Files\HP
2009-10-07 10:21:26 ----D---- C:\Program Files\Common Files\Hewlett-Packard

======List of files/folders modified in the last 1 months======

2009-11-04 20:09:16 ----D---- C:\WINDOWS\Temp
2009-11-04 20:05:45 ----D---- C:\WINDOWS\Prefetch
2009-11-04 20:02:34 ----D---- C:\Program Files\Mozilla Firefox
2009-11-04 19:55:41 ----D---- C:\Program Files
2009-11-04 19:34:13 ----D---- C:\WINDOWS\system32
2009-11-04 19:34:13 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-04 19:30:00 ----ASH---- C:\hpqp.ini
2009-11-04 19:29:56 ----A---- C:\XP_TV.ini
2009-11-04 19:29:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-04 16:34:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-04 14:19:36 ----D---- C:\WINDOWS
2009-11-04 14:07:49 ----HD---- C:\WINDOWS\inf
2009-11-04 14:07:39 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-04 14:07:34 ----D---- C:\WINDOWS\ie8updates
2009-11-04 14:07:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-03 22:07:12 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-03 19:05:56 ----SHD---- C:\WINDOWS\Installer
2009-11-03 19:03:54 ----HD---- C:\Config.Msi
2009-11-03 19:03:43 ----D---- C:\Program Files\Java
2009-11-01 14:31:15 ----D---- C:\WINDOWS\system32\drivers
2009-10-30 21:14:05 ----D---- C:\Program Files\Common Files\Apple
2009-10-30 21:07:13 ----D---- C:\WINDOWS\WinSxS
2009-10-29 18:15:39 ----D---- C:\Program Files\HP
2009-10-24 23:17:12 ----A---- C:\WINDOWS\WININIT.INI
2009-10-24 11:20:58 ----SD---- C:\WINDOWS\Tasks
2009-10-24 11:02:21 ----D---- C:\Program Files\Common Files
2009-10-24 09:52:08 ----SHD---- C:\System Volume Information
2009-10-24 09:49:22 ----D---- C:\WINDOWS\system32\Restore
2009-10-23 21:51:00 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2009-10-22 09:42:38 ----A---- C:\WINDOWS\imsins.BAK
2009-10-22 09:42:23 ----D---- C:\Program Files\Internet Explorer
2009-10-22 09:41:51 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-22 01:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-19 14:25:19 ----RSD---- C:\WINDOWS\Fonts
2009-10-19 14:00:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-16 17:20:10 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 17:20:06 ----RSD---- C:\WINDOWS\assembly
2009-10-16 12:37:48 ----A---- C:\WINDOWS\win.ini
2009-10-15 21:18:07 ----D---- C:\Documents and Settings\User\Application Data\AdobeUM
2009-10-15 21:15:37 ----D---- C:\Program Files\Adobe
2009-10-11 04:17:27 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-07 10:30:42 ----D---- C:\Program Files\Hewlett-Packard
2009-10-07 10:29:52 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-10-07 10:23:02 ----D---- C:\WINDOWS\twain_32
2009-10-07 10:20:06 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-06 09:14:15 ----D---- C:\Documents and Settings\User\Application Data\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-10 1396224]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091104.009\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091104.009\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2005-09-30 78720]
R3 SAVRT;SAVRT; \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20091103.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-19 190400]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-28 424320]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-08-18 56648]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-09 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-09 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-09 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 QWAVEDRV;QWAVE driver; C:\WINDOWS\system32\DRIVERS\qwavedrv.sys [2005-10-20 14336]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WISTechVIDCAP;Dazzle DVC170; C:\WINDOWS\system32\drivers\wisgostrm.sys [2006-03-08 198400]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;WUDFRd; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-10 389120]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-09-16 192112]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-09-16 169584]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2005-12-21 98304]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-11-15 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\McrdSvc.exe [2005-10-20 96256]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [2007-05-23 46704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RMSvc;Media Center Extender Resource Monitor; C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 28160]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 SPBBCSvc;SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
R2 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2009-08-28 1251720]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
R3 NSCService;Norton Protection Center Service; C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 QWAVE;QWAVE service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 SAVScan;Symantec AVScan; C:\Program Files\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Report •

#5
November 4, 2009 at 20:17:20
And the info.txt never appeared so....

Report •

#6
November 4, 2009 at 20:37:55
Please download ComboFix to the desktop from one of the following links:

Link1

Link 2

Link 3

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when ask to.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
November 4, 2009 at 21:21:51
Alright here is the only log.txt that came up:

ComboFix 09-11-04.02 - User 11/04/2009 21:09.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.665 [GMT -8:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: Norton AntiVirus 2006 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.

2009-11-05 03:55 . 2009-11-05 04:11 -------- d-----w- c:\program files\trend micro
2009-11-05 03:55 . 2009-11-05 03:55 -------- d-----w- C:\rsit
2009-11-04 02:38 . 2009-11-04 02:38 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-01 23:31 . 2009-11-01 23:31 195584 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\cache\6.0\5\27706285-59fb6dce-n\WMINative.dll
2009-11-01 22:31 . 2009-11-01 22:31 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2009-11-01 22:31 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 22:31 . 2009-11-01 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-01 22:31 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-01 22:31 . 2009-11-01 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 05:14 . 2009-10-31 05:14 -------- d-----w- c:\program files\iPod
2009-10-31 05:14 . 2009-10-31 05:15 -------- d-----w- c:\program files\iTunes
2009-10-31 04:55 . 2009-10-31 04:55 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-10-30 02:15 . 2009-10-30 02:17 -------- d-----w- c:\documents and settings\User\Application Data\HpUpdate
2009-10-26 22:24 . 2009-10-26 22:24 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-25 07:13 . 2009-10-25 07:13 -------- d-----w- c:\program files\VideoLAN
2009-10-24 23:49 . 2009-10-24 23:49 -------- d-----w- c:\program files\tamasoftware
2009-10-24 18:48 . 2009-10-24 18:48 -------- d-----w- c:\documents and settings\User\Application Data\Symantec
2009-10-24 18:43 . 2009-10-24 19:19 -------- d-----w- c:\program files\Norton AntiVirus
2009-10-24 18:42 . 2005-09-17 07:20 87768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-10-24 18:42 . 2005-09-17 07:20 108168 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-24 18:41 . 2009-10-24 19:02 -------- d-----w- c:\program files\Symantec
2009-10-24 18:41 . 2009-10-24 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-24 06:07 . 2009-10-24 06:07 -------- d-----w- c:\windows\system32\searchplugins
2009-10-24 06:01 . 2009-10-24 06:01 -------- d-----w- c:\windows\system32\drivers\NIS
2009-10-24 06:01 . 2009-10-24 06:01 -------- d-----w- c:\program files\Windows Sidebar
2009-10-24 06:01 . 2009-10-24 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-10-24 05:49 . 2009-10-24 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-10-19 22:42 . 2009-10-20 05:23 2256 ----a-w- c:\windows\current_settings.bin
2009-10-19 22:40 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys
2009-10-19 22:40 . 2008-04-13 18:39 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2009-10-19 22:40 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2009-10-19 22:40 . 2008-04-13 18:46 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2009-10-19 22:23 . 2009-10-19 22:23 -------- d-----w- c:\program files\proDAD
2009-10-19 22:11 . 2009-10-19 22:13 -------- d-----w- c:\program files\AdorageI-GfxDatas
2009-10-19 22:11 . 2009-10-19 22:12 -------- d-----w- c:\program files\AdorageI-SAL
2009-10-19 21:54 . 2009-10-19 21:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-10-19 21:54 . 2009-10-19 21:54 -------- d-----w- c:\program files\SmartSound Software
2009-10-19 21:53 . 2009-10-19 21:53 -------- d-----w- c:\program files\DivX
2009-10-19 21:53 . 2005-02-09 18:59 14165 ----a-w- c:\windows\system32\drivers\Pclepci.sys
2009-10-19 21:53 . 2004-02-24 19:04 41219 ----a-w- c:\windows\RSETPATH.exe
2009-10-19 21:50 . 2009-10-20 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle Studio
2009-10-19 21:46 . 2006-07-06 21:32 39936 ------w- c:\windows\system32\CacheX.dll
2009-10-19 21:46 . 2006-04-11 23:03 233472 ------w- c:\windows\system32\DiskIO.dll
2009-10-19 21:46 . 2006-04-11 23:03 184320 ------w- c:\windows\system32\RALMain.dll
2009-10-19 21:46 . 2005-12-12 23:57 32768 ------w- c:\windows\system32\MLPagAx.dll
2009-10-19 21:46 . 2004-01-02 20:28 126976 ------w- c:\windows\system32\AVIPrAx.dll
2009-10-19 21:46 . 2001-12-12 06:21 73728 ------w- c:\windows\system32\MMAviAx.dll
2009-10-19 21:46 . 2005-06-03 02:28 171008 ----a-w- c:\windows\system32\drivers\MarvinBus.sys
2009-10-19 21:43 . 2009-10-20 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-10-19 21:43 . 2009-10-19 21:55 -------- d-----w- c:\program files\Pinnacle
2009-10-19 21:42 . 2009-10-19 21:42 -------- d-----w- c:\documents and settings\User\Application Data\InstallShield
2009-10-08 17:19 . 2009-10-08 17:19 -------- d-----w- c:\program files\MSXML 4.0
2009-10-07 21:41 . 2009-11-05 03:56 -------- d-----w- c:\documents and settings\User\Application Data\HPAppData
2009-10-07 18:40 . 2009-10-07 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-10-07 18:37 . 2009-10-07 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-10-07 18:37 . 2009-10-07 18:37 -------- d-----w- c:\documents and settings\User\Application Data\HP
2009-10-07 18:29 . 2009-10-07 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-10-07 18:25 . 2009-10-07 18:25 -------- d-----w- c:\windows\hpoj6500e709
2009-10-07 18:23 . 2007-07-09 18:13 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-10-07 18:23 . 2007-07-09 18:13 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-10-07 18:23 . 2008-08-12 17:58 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2009-10-07 18:23 . 2008-08-22 12:24 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-10-07 18:23 . 2007-07-09 18:13 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-10-07 18:22 . 2008-10-06 19:11 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2009-10-07 18:22 . 2008-10-06 19:11 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2009-10-07 18:22 . 2007-07-09 18:13 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-10-07 18:22 . 2007-07-09 18:13 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-10-07 18:22 . 2007-07-06 18:48 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-10-07 18:21 . 2009-10-07 18:21 -------- d-----w- c:\program files\Common Files\HP
2009-10-07 18:21 . 2009-10-07 18:21 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-07 18:18 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-07 18:18 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-07 18:18 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-07 18:18 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-07 18:15 . 2009-10-07 18:34 186748 ----a-w- c:\windows\hpwins23.dat
2009-10-07 18:15 . 2008-10-25 09:30 1847 ------w- c:\windows\hpwmdl23.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 05:03 . 2006-04-13 13:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-11-04 03:03 . 2006-04-13 12:50 -------- d-----w- c:\program files\Java
2009-10-31 05:14 . 2009-08-28 21:17 -------- d-----w- c:\program files\Common Files\Apple
2009-10-30 02:15 . 2006-04-13 12:59 -------- d-----w- c:\program files\HP
2009-10-20 00:48 . 2006-04-13 13:56 78312 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-19 22:00 . 2006-04-13 12:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-19 21:51 . 2009-10-19 21:51 29926 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
2009-10-16 05:18 . 2009-09-03 07:50 -------- d-----w- c:\documents and settings\User\Application Data\AdobeUM
2009-10-11 12:17 . 2009-09-20 04:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 18:30 . 2006-04-13 13:05 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-07 18:29 . 2006-04-13 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-10-06 17:14 . 2009-08-30 05:24 -------- d-----w- c:\documents and settings\User\Application Data\U3
2009-10-02 00:56 . 2009-10-02 00:56 664 ----a-w- c:\documents and settings\MCX3\Local Settings\Application Data\d3d9caps.tmp
2009-09-30 17:37 . 2009-09-30 17:35 -------- d-----w- c:\documents and settings\User\Application Data\Amazon
2009-09-30 17:35 . 2009-09-30 17:35 -------- d-----w- c:\program files\Amazon
2009-09-30 17:31 . 2009-09-30 17:31 55720 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-30 01:36 . 2009-09-30 01:36 127 ----a-w- c:\documents and settings\MCX3\Local Settings\Application Data\fusioncache.dat
2009-09-30 00:58 . 2009-09-30 00:57 127 ----a-w- c:\documents and settings\MCX2\Local Settings\Application Data\fusioncache.dat
2009-09-28 04:39 . 2009-08-28 21:20 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2009-09-20 04:31 . 2009-08-28 16:49 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-19 05:12 . 2009-09-19 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 05:07 . 2009-09-19 05:06 -------- d-----w- c:\program files\QuickTime
2009-09-11 14:18 . 2004-08-10 15:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 00:14 . 2009-09-11 00:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 00:13 . 2009-09-08 00:09 37 ----a-w- c:\documents and settings\User\jagex_runescape_preferences.dat
2009-09-08 00:12 . 2009-09-08 00:10 45 ----a-w- c:\documents and settings\User\jagex_runescape_preferences2.dat
2009-09-04 21:03 . 2004-08-10 15:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 17:19 . 2009-09-03 17:18 127 ----a-w- c:\documents and settings\MCX1\Local Settings\Application Data\fusioncache.dat
2009-08-29 08:08 . 2004-08-10 15:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 02:42 . 2009-08-28 21:17 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 02:42 . 2009-08-28 21:17 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 19:06 . 2005-08-17 17:20 97159 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-28 18:18 . 2009-08-28 18:18 0 ----a-w- c:\windows\nsreg.dat
2009-08-28 16:33 . 2009-08-28 16:31 127 ----a-w- c:\documents and settings\User\Local Settings\Application Data\fusioncache.dat
2009-08-26 08:00 . 2004-08-10 15:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 22:09 . 2009-08-20 22:09 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-22 405504]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-11 406016]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP"= 3776:UDP:Media Center Extender Service
"3390:TCP"= 3390:TCP:Remote Media Center Experience

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/24/2009 11:17 AM 102448]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 1:06 AM 231424]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-10-31 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - User.job
- c:\progra~1\NORTON~1\Navw32.exe [2005-09-24 19:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://h20239.www2.hp.com/techcenter/HP_SystemCheck/hp_syscheck.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\5w9alm7w.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCLEUSBTip - c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
AddRemove-HijackThis - c:\documents and settings\User\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 21:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?p???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-11-05 21:19
ComboFix-quarantined-files.txt 2009-11-05 05:19

Pre-Run: 37,805,637,632 bytes free
Post-Run: 38,089,613,312 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect


Report •

#8
November 5, 2009 at 03:37:27
Are you still being redirected?

Report •

#9
November 5, 2009 at 08:36:42
No I'm not, thank you so much!

Report •

#10
November 5, 2009 at 15:35:21
A little cleanup to do.
Go to start> run> type in combofix /u (note the space after combofix) then press enter> run. This will uninstall combofix so give the uninstaller a minute to run.

Download ATF Cleaner from this link:
http://www.majorgeeks.com/ATF_Cleaner_d4949.html
Run ATF-Cleaner
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Now do the same for Fire Fox

Empty the restore folder. Go to start>control panel>system>system restore tab>check the box beside "turn off system restore>apply (takes a minute)>ok. Go back and uncheck the box to turn system restore back on>apply>ok.

You should consider adding "Spywareblaster" to your arsenol of antispyware tools, you can download it from this link Spywareblaster

Just download it,install it, and update it. Its free and runs in the background, so you don't actually run it, and re-writes malicious script before it can install on your computer. Look for updates weekly as there is no auto-update on the free version.

Glad we could help.


Report •

#11
November 5, 2009 at 18:56:06
Alright cool. I installed Spywareblaster too. Thanks for all the help.

Report •


Ask Question