Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Active Windows Going Inactive And Back


  • Please log in to reply
16 replies to this topic

#1 kiesan

kiesan

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 February 2007 - 03:04 AM

I have windows media center and I have been having a really annoying problem. While I am using any app (firefox, games, etc.), when it is active, it suddenly flashes to inactive then back to active for no reason at all. Also for bad instances, an active window goes inactive for at least 15-30 secs, and when I try to click it to go back active, it does the basic windows beep. It beeps at me even when I try to open another window. Basically, the computer freezes the windows.

I have run norton hundreds of times, up to date, as well as spysweeper, up to date as well. Nothing shows up as a cause. I have also reinstalled windows, and this computer is less than a year old. This has never been a problem on my last computer with windows XP media center. I'll include a hijackthis log if that will help.

other info: HP pavillion dv9233cl notebook

Logfile of HijackThis v1.99.1
Scan saved at 11:46:02 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\user\My Documents\download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O15 - Trusted Zone: *.line6.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161647226515
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

I really need your help. badly

BC AdBot (Login to Remove)

 


m

#2 kiesan

kiesan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 02 February 2007 - 06:39 PM

anyone?

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 08 February 2007 - 10:10 AM

Hi kiesan,

This doesn't sound like a malware related problem, your log looks OK, but we can run a couple more scans to double check.

Download gmer.zip and save to your desktop.
alternate download site 1
alternate download site 2
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on "Settings", then check the first five settings:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..



Please perform this online scan: Kaspersky Webscan

Note that you need to run this scan with Internet Explorer for it to work correctly.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. When the scan is complete choose save the results by clicking "Save Report As Text" Give the Report a name and save it to your desktop.
9. Post the Kaspersky scan results in your next reply along with a fresh HijackThis log.

Just a guess at what non-malware issue might be causing this--in your log I see that Azureus is running. I don't use it or any other P2P apps, so don't know how you have it set, but it sounds like something is starting up in the background to cause your apps to lose focus.

Also, you have line6.net in your Trusted Zone. Did you put that there yourself?

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#4 kiesan

kiesan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 08 February 2007 - 11:23 AM

The problem was happening before I got Azureus and Line6.net is from guitarport, which is what Line6 makes.

Here's the Gmer scan.

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-02-08 08:18:20
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT 85AA1518 ZwAlertResumeThread
SSDT 85998108 ZwAlertThread
SSDT 85B1D2C0 ZwAllocateVirtualMemory
SSDT 85BB0790 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey
SSDT 85AA0518 ZwCreateMutant
SSDT 867A45A8 ZwCreateProcess
SSDT 867865A0 ZwCreateProcessEx
SSDT 85B48228 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey
SSDT 85BD3D68 ZwFreeVirtualMemory
SSDT 85AAC1A8 ZwImpersonateAnonymousToken
SSDT 85AA8518 ZwImpersonateThread
SSDT 85B048C0 ZwMapViewOfSection
SSDT 85D47AD0 ZwOpenEvent
SSDT 85BE1D10 ZwOpenProcessToken
SSDT 85D61E38 ZwOpenThreadToken
SSDT 85D78508 ZwQueryValueKey
SSDT 86786168 ZwQueueApcThread
SSDT 8670EF30 ZwReadVirtualMemory
SSDT 867C5FA8 ZwRenameKey
SSDT 85B490C0 ZwResumeThread
SSDT 85B2D0A8 ZwSetContextThread
SSDT 867A2488 ZwSetInformationKey
SSDT 85D21BF0 ZwSetInformationProcess
SSDT 85B45B30 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey
SSDT 85C71620 ZwSuspendProcess
SSDT 85BF1D48 ZwSuspendThread
SSDT 85BBA7F0 ZwTerminateProcess
SSDT 85BF4948 ZwTerminateThread
SSDT 85C85DB0 ZwUnmapViewOfSection
SSDT 85A3A3B0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2BBC 805038A0 8 Bytes [ 18, 15, AA, 85, 08, 81, 99, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C4D 80503931 3 Bytes [ 65, 78, 86 ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F1C 80503C00 8 Bytes [ F0, 1B, D2, 85, 30, 5B, B4, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F80 80503C64 8 Bytes [ 20, 16, C7, 85, 48, 1D, BF, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2F90 80503C74 8 Bytes [ F0, A7, BB, 85, 48, 49, BF, ... ]

---- User code sections - GMER 1.0.12 ----

.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[1256] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ DB, E7, C3, 83 ]

---- Devices - GMER 1.0.12 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE 85A046E0
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE 85A04970
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE 85D78408
Device \Driver\Tcpip \Device\Ip IRP_MJ_READ 85DA0830
Device \Driver\Tcpip \Device\Ip IRP_MJ_WRITE 85D7C2E0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION 85D85EE8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION 85D829F0
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA 85D86CF8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA 858F21D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS 858461D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION 85D8EE90
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION 85D7E8B8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL 85D9F8E0
Device \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL 85D84620
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL 85D865D8
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL 85D7FFA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN 85D96FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL 85D83390
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP 85D88420
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT 85D82D50
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY 85D91CB0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY 85D8CB80
Device \Driver\Tcpip \Device\Ip IRP_MJ_POWER 85D897C0
Device \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL 85D91FA8
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE 85D81E90
Device \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA 857F7148
Device \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA 8585E148
Device \Driver\Tcpip \Device\Ip IRP_MJ_PNP 859CC148
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE 85A046E0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE 85A04970
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE 85D78408
Device \Driver\Tcpip \Device\Tcp IRP_MJ_READ 85DA0830
Device \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE 85D7C2E0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION 85D85EE8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION 85D829F0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA 85D86CF8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA 858F21D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS 858461D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION 85D8EE90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION 85D7E8B8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL 85D9F8E0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL 85D84620
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL 85D865D8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL 85D7FFA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN 85D96FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL 85D83390
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP 85D88420
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT 85D82D50
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY 85D91CB0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY 85D8CB80
Device \Driver\Tcpip \Device\Tcp IRP_MJ_POWER 85D897C0
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL 85D91FA8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE 85D81E90
Device \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA 857F7148
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA 8585E148
Device \Driver\Tcpip \Device\Tcp IRP_MJ_PNP 859CC148
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE 85A046E0
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE 85A04970
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE 85D78408
Device \Driver\Tcpip \Device\Udp IRP_MJ_READ 85DA0830
Device \Driver\Tcpip \Device\Udp IRP_MJ_WRITE 85D7C2E0
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION 85D85EE8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION 85D829F0
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA 85D86CF8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA 858F21D8
Device \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS 858461D8
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION 85D8EE90
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION 85D7E8B8
Device \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL 85D9F8E0
Device \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL 85D84620
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL 85D865D8
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL 85D7FFA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN 85D96FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL 85D83390
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP 85D88420
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT 85D82D50
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY 85D91CB0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY 85D8CB80
Device \Driver\Tcpip \Device\Udp IRP_MJ_POWER 85D897C0
Device \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL 85D91FA8
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE 85D81E90
Device \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA 857F7148
Device \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA 8585E148
Device \Driver\Tcpip \Device\Udp IRP_MJ_PNP 859CC148
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE 85A046E0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE 85A04970
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE 85D78408
Device \Driver\Tcpip \Device\RawIp IRP_MJ_READ 85DA0830
Device \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE 85D7C2E0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION 85D85EE8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION 85D829F0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA 85D86CF8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA 858F21D8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS 858461D8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION 85D8EE90
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION 85D7E8B8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL 85D9F8E0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL 85D84620
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL 85D865D8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL 85D7FFA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN 85D96FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL 85D83390
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP 85D88420
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT 85D82D50
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY 85D91CB0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY 85D8CB80
Device \Driver\Tcpip \Device\RawIp IRP_MJ_POWER 85D897C0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL 85D91FA8
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE 85D81E90
Device \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA 857F7148
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA 8585E148
Device \Driver\Tcpip \Device\RawIp IRP_MJ_PNP 859CC148
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE 85A046E0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_NAMED_PIPE 85A04970
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE 85D78408
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_READ 85DA0830
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_WRITE 85D7C2E0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_INFORMATION 85D85EE8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_INFORMATION 85D829F0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_EA 85D86CF8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_EA 858F21D8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FLUSH_BUFFERS 858461D8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_VOLUME_INFORMATION 85D8EE90
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_VOLUME_INFORMATION 85D7E8B8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DIRECTORY_CONTROL 85D9F8E0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_FILE_SYSTEM_CONTROL 85D84620
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL 85D865D8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL 85D7FFA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN 85D96FA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_LOCK_CONTROL 85D83390
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP 85D88420
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE_MAILSLOT 85D82D50
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_SECURITY 85D91CB0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_SECURITY 85D8CB80
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_POWER 85D897C0
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SYSTEM_CONTROL 85D91FA8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CHANGE 85D81E90
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_QUERY_QUOTA 857F7148
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SET_QUOTA 8585E148
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_PNP 859CC148
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN A7C1AC74
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP A7C17400
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP A7C17400
Device \FileSystem\Cdfs \Cdfs FastIoCheckIfPossible A7C1ABCE

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Joe\Favorites\amazon.com Online Shopping for Electronics, Apparel, Computers, Books, DVDs & more.url:favicon
ADS C:\Documents and Settings\Joe\Favorites\Anime\AnimeYume - Anime for Yu and Me ( BitTorrent - ED2K community ).url:favicon
ADS C:\Documents and Settings\Joe\Favorites\Anime\MegaTokyo - relax, we understand j00.url:favicon
ADS C:\Documents and Settings\Joe\Favorites\Anime\Tokyo Nights - Japanese Culture, Defined..url:favicon
ADS C:\Documents and Settings\Joe\Favorites\Anime\Tonberry Torrents - Index.url:favicon
ADS C:\Documents and Settings\Joe\Favorites\College\Bannerweb.url:favicon
ADS C:\Documents and Settings\Joe\Favorites\College\Bike Forums.url:favicon
ADS C:\Documents and Settings\Joe\Favorites\College\CSU Monterey Bay - Homepage.url:favicon
ADS C:\Documents and Settings\Joe\Favorites\College\Information Technology at CSU Monterey Bay.url:favicon
ADS ...
ADS D:\My Music\ska ska club\(PV) SKA SKA CLUB - heart break cafe.mpg:SummaryInformation
ADS D:\My Music\ska ska club\(PV) SKA SKA CLUB - heart break cafe.mpg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

---- EOF - GMER 1.0.12 ----

#5 kiesan

kiesan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 08 February 2007 - 01:03 PM

HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 9:59:18 AM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Joe\My Documents\download\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1161647226515
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

Kas scan:

------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, February 08, 2007 9:57:41 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 8/02/2007
Kaspersky Anti-Virus database records: 266136
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\

Scan Statistics:
Total number of scanned objects: 85328
Number of viruses found: 1
Number of infected objects: 8 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:26:21

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\muvee Technologies\030625\0102\0314\values Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-02-08_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\Joe\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
C:\Documents and Settings\Joe\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\History\History.IE5\MSHist012007020820070209\index.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Joe\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Joe\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Joe\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS020262E3-668A-490A-9A6C-C183D18E5A55.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS03F72046-E2B0-4805-B329-76827AB4192E.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS094AE001-1777-4978-9276-3FC573B35C01.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS0DF31142-65A1-4D41-8EED-F7C955253414.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS11B7533E-0BF4-4696-823A-F5720A9F12CA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS12775FE6-1E53-4299-A8F5-5873A82D98BF.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS161BC730-6ADF-4644-A391-5A068A3EDEB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1A842DE7-8CB8-4B66-A07F-7404906EAC19.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS1F6C73C9-250A-40FB-81BD-8DFA5E778649.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS20AABE6D-055B-4E4F-9AC3-A2ED78A39E3F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS21294B6C-E879-4D1A-A8BD-DA32971D5D22.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS22629500-FB00-4B15-9B27-2910101E1636.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2730D1D3-6447-4D45-A16B-763944BECAF4.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS2B6D1F95-BB33-40CA-8FE8-D730DD7FCD3D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS30391F89-5203-4740-8CCB-8C203B5E5E18.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS3067C963-8118-4EC3-959C-D6455ED016F5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS31BE03FB-EC73-482C-80EF-C6FCB8CAC80C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS38DCB691-2081-4706-A8DD-CDBEDF3731BB.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS43A32EE0-3812-4839-83D8-9270252B5926.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4AB85072-C812-4079-BEE7-D61E30B20EE2.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4BFAB41E-5E43-484D-9703-23CBC9B34DD8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS4DFB25D4-C6D8-48C4-B8B4-A4FF62E838C1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS543A05CF-91E3-476A-82D2-A1FD1F5B3347.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS611771C6-A973-40DC-8D07-D16414AC4613.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS676B9B1A-C329-4A5A-9C8A-2E6F1ED9E62B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS6A62CBFA-0335-449E-947F-A059F238A02C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7066E967-EA15-42D2-B554-AD9CB88DB290.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS799D453F-66A9-49EB-8225-CFB77A481630.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A654F57-7CDD-42B7-9556-2BF73EE14C54.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS80B6334F-BF8D-4867-8961-4196711CE5C5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS81660851-C16B-4AA6-878D-3DEC1562828B.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS81723020-7CB0-4576-A4AF-5B34A73715A6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS84A734CC-9573-4881-ACF0-53B00F443B37.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCS96F64AF8-A949-47C5-B05F-0CD5FEA246A5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA0319974-AF15-4A5A-8066-9C6DCDE10C2C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA1A67BEB-F8DC-4940-AD1B-C5CCC51A0930.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2369882-7C00-43E7-848D-77121A610F46.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSA7B22982-72C1-4D23-B5F6-49334F8FA644.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB12AC997-D696-4579-A0C9-906F41FB7DB0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB53426AB-EB3A-40A6-A4D0-C52F5598949D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSB6838040-12AF-4108-B612-78CB1051A0E6.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC24B201-A501-4A83-98F8-3744306E68C1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBC51CAFE-1F90-424D-9106-55FFFE4BF1A0.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBCCD0432-8BD0-444C-B593-D67A279A02BA.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBDD96157-0811-4832-91D7-F9CDAEF3E8AE.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBF346A81-1865-4C9B-8989-094241E61FF3.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFAE37B2-FDA7-43C5-B4E3-AB13635BC2FD.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSBFB14EAB-2C9B-4FC6-91C4-D2118E7DC08D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC0025D5E-0F7C-496C-AEFD-10A75155DAB8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2CEA1BE-AAF5-4A24-90BF-463E2B7347BC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSC551C301-360A-4BB5-8734-6EE7558CF214.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCA2E784D-F57B-450A-9838-357723763D66.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCB6D5982-78A4-4368-9FF1-92B88533BDC8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCDB65D4C-DB34-4102-BB98-B8D43C79FC9F.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCFE92529-AF86-4303-BF08-2B7136FFF83A.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSCFF658AF-63B1-43E3-AD47-DF0D4D05123C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD0124EB7-A70E-485F-A665-4DC1A9FCB0F8.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSD4724784-ED6B-4E35-9FFF-FE8CE6E021B1.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDC6BA1E7-E6E3-40BE-90E9-38AE993CD71C.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDDB2411B-1E06-412D-8E97-0EE51EA783FC.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE6F7D3C-7212-42B1-9443-3556A496EF90.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE97582B-70BE-489A-BFE8-19B8E05D6D91.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE2D0E2E7-AAE7-4565-886F-7A09942D8352.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSE90F9D91-99DC-4500-B6BF-208FD023E114.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSED7FF571-6A66-4D20-A9AA-B3B1F209E288.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF53BE1F-00E9-4C48-BF01-15410A783951.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF6ECD1C1-09E3-478D-A3DE-E04E7FC2C501.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSF8D508FB-B1D7-471C-B438-01FF09396E6D.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB7A2A0B-1B77-4228-9CC2-E9DC3B92F6A5.tmp Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0018NAV~.TMP Object is locked skipped
C:\Program Files\Norton AntiVirus\Savrt\0668NAV~.TMP Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe/WISE0010.BIN/WISE0008.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe/WISE0010.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe WiseSFX: infected - 2 skipped
C:\SWSETUP\MedCtrFP\Extras\ESPN\motionsetupmce.exe WiseSFX Dropper: infected - 2 skipped
C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi/ESPNInst/WISE0010.BIN/WISE0008.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi/ESPNInst/WISE0010.BIN Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi/ESPNInst Infected: not-a-virus:Downloader.Win32.DigStream skipped
C:\SWSETUP\MedCtrFP\Samples\BonusDVD.msi Embedded: infected - 3 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP162\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{E06A7D19-DAFA-452F-B253-6906704A546F}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{6B024E62-9492-429B-BA50-E835E86EC1EA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

The virus that showed up never was found on Norton. the ESPN thing was pre-installed with this comp, some wierd game stuff.

#6 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 14 February 2007 - 11:29 AM

My apologies for the delay in getting back to you.

I still don't see any straightforward malware issues. The ESPN thing that KAV found doesn't appear to be active and may be a heuristic detection so not sure if they've guessed right or not. Do you know the name of this program and if it's still installed or not--I'm going to ask for a list of installed programs and if you see it in there let me know which one it is.

I'm aware of what Line6 is, the question was if you put it into your trusted zone or not. The Trusted Zone gives websites rights to download and run any scripts or downloads it wants and even sites you think are OK, may be hijacked themselves sothere are very few that should be trusted that much. If there is no need for it to be in your Trusted Zone, I would remove it.

Open HijackThis.

If you still have the New Users Quickstart screen enabled, click Open Misc Tools Section.
If you just have the regular opening screen, click the Config... button then the Misc Tools button.

Now click the Open Uninstall Manager button, then the Save List button. Save the list somewhere convenient like My Documents and then the list will open in Notepad. Copy and Paste that list into your next reply to this post.

Let's run a couple more scans and see what happens with the ESPN thing. Norton nor any other AV doesn't always find everything.

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply.

Perform an onlinescan with Panda: (please use this scanner instead of any other scanner!)
Panda ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a few minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with a fresh HijackThis log

Anything else happening besides the focus issue?

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#7 kiesan

kiesan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 February 2007 - 12:18 PM

"Joe" - 07-02-14 9:07:38 Service Pack 2
ComboFix 07-02-11 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\INSTALL.LOG


((((((((((((((((((((((((((((((( Files Created from 2007-01-14 to 2007-02-14 ))))))))))))))))))))))))))))))))))


2007-02-14 02:20 <DIR> d-------- C:\Program Files\ZyX
2007-02-12 22:18 <DIR> d-------- C:\DeusEx
2007-02-12 11:52 164 --a------ C:\install.dat
2007-02-08 10:40 <DIR> d-------- C:\DOCUME~1\Joe\Application Data\acccore
2007-02-08 10:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL OCP
2007-02-08 10:37 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-02-08 10:37 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-02-08 10:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL
2007-02-08 10:36 <DIR> d-------- C:\Program Files\AIM6
2007-02-08 10:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\AOL Downloads
2007-02-08 08:24 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-02-08 07:55 80 --a------ C:\WINDOWS\gmer_uninstall.cmd
2007-02-07 19:50 <DIR> d-------- C:\Program Files\Tactics
2007-02-06 20:53 60,416 --------- C:\WINDOWS\system32\tzchange.exe
2007-02-06 20:41 <DIR> d-------- C:\Program Files\MSN Messenger
2007-02-05 10:40 <DIR> d-------- C:\Program Files\NCH Swift Sound
2007-02-03 03:14 <DIR> d-------- C:\DOCUME~1\Joe\.hydrogen
2007-02-03 03:13 <DIR> d-------- C:\Program Files\Hydrogen
2007-02-03 02:51 <DIR> d--hs---- C:\WINDOWS\CSC
2007-02-02 16:09 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2007-01-31 20:56 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-01-31 20:56 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-01-31 20:56 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-01-31 20:56 639,066 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-31 15:00 31,744 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2007-01-31 13:27 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-30 15:15 118,784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-01-29 21:03 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-29 21:03 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-29 21:03 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-29 20:56 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-29 20:56 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-29 20:56 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-29 20:56 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-29 20:56 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-29 20:56 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-29 20:56 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-29 20:56 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-21 10:53 <DIR> d-------- C:\Program Files\musikCube_1.0
2007-01-21 10:53 <DIR> d-------- C:\DOCUME~1\Joe\.musikproject
2007-01-21 01:51 <DIR> d-------- C:\DOCUME~1\Joe\snackamp
2007-01-21 01:35 <DIR> d-------- C:\DOCUME~1\Joe\.Musik
2007-01-21 00:06 <DIR> d-------- C:\Program Files\Jajuk
2007-01-21 00:06 <DIR> d-------- C:\DOCUME~1\Joe\.jajuk
2007-01-20 23:57 <DIR> d-------- C:\DOCUME~1\Joe\Application Data\Pioneers of the Inevitable
2007-01-20 23:56 <DIR> d-------- C:\DOCUME~1\Joe\Application Data\Songbird_vlc


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-14 09:07 -------- d-------- C:\Program Files\mozilla firefox
2007-02-14 09:07 -------- d-------- C:\DOCUME~1\Joe\Application Data\azureus
2007-02-11 14:22 -------- d-------- C:\Program Files\aim
2007-02-08 10:36 335 --a------ C:\WINDOWS\nsreg.dat
2007-02-08 10:36 -------- d-------- C:\DOCUME~1\Joe\Application Data\mozilla
2007-02-06 20:42 -------- d---s---- C:\DOCUME~1\Joe\Application Data\microsoft
2007-02-05 22:36 -------- d-------- C:\Program Files\winamp
2007-02-05 11:22 -------- d-------- C:\Program Files\audacity
2007-02-04 14:12 -------- d-------- C:\Program Files\divx
2007-02-02 16:18 -------- d-------- C:\Program Files\canon
2007-02-02 16:17 -------- d-------- C:\DOCUME~1\Joe\Application Data\line 6
2007-02-02 12:56 -------- d-------- C:\Program Files\quicktime
2007-02-01 15:27 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-31 00:45 -------- d-------- C:\Program Files\microsoft works
2007-01-28 14:04 -------- d-------- C:\Program Files\azureus
2007-01-25 21:57 22080 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-01-25 21:57 21056 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-01-25 21:57 20544 --a------ C:\WINDOWS\system32\drivers\SSFS0509.sys
2007-01-25 21:57 144448 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-01-13 20:25 -------- d-------- C:\Program Files\hpq
2007-01-11 18:22 16 --a------ C:\WINDOWS\system32\msvcsv60.dll
2007-01-11 18:22 16 --a------ C:\WINDOWS\msocreg32.dat
2007-01-11 18:14 -------- d--h----- C:\Program Files\installshield installation information
2007-01-11 18:14 -------- d-------- C:\Program Files\ik multimedia
2007-01-11 18:14 -------- d-------- C:\Program Files\digidesign
2007-01-11 18:14 -------- d-------- C:\DOCUME~1\Joe\Application Data\installshield
2007-01-03 14:28 -------- d-------- C:\DOCUME~1\Joe\Application Data\hp
2007-01-03 14:28 -------- d-------- C:\DOCUME~1\Joe\Application Data\cyberlink
2007-01-01 23:47 -------- d-------- C:\Program Files\keyscrambler
2007-01-01 22:36 -------- d-------- C:\DOCUME~1\Joe\Application Data\purple ghost software, inc
2006-12-28 18:57 -------- d-------- C:\Program Files\Common Files\swf studio
2006-12-28 18:56 -------- d-------- C:\Program Files\riva
2006-12-27 11:56 -------- d-------- C:\DOCUME~1\Joe\Application Data\steinberg
2006-12-25 10:08 -------- d-------- C:\Program Files\lexicon
2006-12-25 10:06 -------- d-------- C:\Program Files\pinnacle
2006-12-16 12:30 -------- d-------- C:\DOCUME~1\Joe\Application Data\my games
2006-12-16 12:22 -------- d-------- C:\Program Files\poweriso
2006-12-14 14:16 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-12-12 08:24 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-06 20:14 2330624 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-03 15:48 1168 --a------ C:\WINDOWS\mozver.dat


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Cpqset"="\"C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\HP Photosmart Premier Fast Start.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Photosmart Premier Fast Start.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqthb08.exe -s"
"item"="HP Photosmart Premier Fast Start"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Joe\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cpqset"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EabServr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe\" /Start"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cledx"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SyncroSoft\\Pos\\H2O\\cledx.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CHDAudPropShortcut"
"hkey"="HKLM"
"command"="CHDAudPropShortcut.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HPWuSchd2"
"hkey"="HKLM"
"command"="C:\\Program Files\\Hp\\HP Software Update\\HPWuSchd2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="HP Wireless Assistant"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\hpq\\HP Wireless Assistant\\HP Wireless Assistant.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMEKRMIG"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ime\\imkr6_1\\IMEKRMIG.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IMJPMIG"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dumprep 0 -k"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\dumprep 0 -k"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ImScInst"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe\" /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="\"nwiz"
"hkey"="HKLM"
"command"="\"nwiz.exe\" /installquiet /nodetect"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /IMEName"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TINTSETP"
"hkey"="HKLM"
"command"="\"C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE\" /SYNC"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QPService"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\HP\\QuickPlay\\QPService.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RecGuard"
"hkey"="HKLM"
"command"="C:\\Windows\\SMINST\\RecGuard.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Winamp\\winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TapiSrv"=dword:00000003
"hpqwmiex"=dword:00000002
"lanmanworkstation"=dword:00000002


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\setup.exe


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Critical Battery Alarm Program.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Joe.job
C:\WINDOWS\tasks\wrSpySweeper_3DFEB969B45E4D31B0FAA9E0E96E7F85.job


********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-14 9:10:51



ZyK, Tactics, Songbird, Musikcube, and Jajuk are all recent games/music players I installed within the past few days.

Edited by kiesan, 14 February 2007 - 12:24 PM.


#8 kiesan

kiesan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 February 2007 - 12:26 PM

the whole inactive/active windows thing is pretty much the only problem.

#9 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 14 February 2007 - 02:31 PM

Still nothing jumping out at me, but I'll ask someone else to double check. Let's see those other logs I asked for when you get the time.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#10 kiesan

kiesan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 February 2007 - 03:25 PM

working on the panda activescan now

#11 kiesan

kiesan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 14 February 2007 - 06:14 PM

activescan only came up with cookies from mozilla.

#12 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 14 February 2007 - 10:51 PM

OK, still need to see the uninstall list. :thumbsup:

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#13 kiesan

kiesan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 15 February 2007 - 05:56 PM

My bad, didn't get email notification.
here's the uninstall list

Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 6.0.1
Adobe Shockwave Player
Adobe Stock Photos 1.0
AIM 6.0
AmpliTube2
AOL Instant Messenger
Apple Software Update
Audacity 1.2.6
Azureus
Canon iP90
Canon iP90 Setup Utility
Canon Utilities Easy-PhotoPrint
ccCommon
Conexant HD Audio
Customer Experience Enhancement
Deus Ex
DivX Codec
DivX Content Uploader
DivX Converter
DivX Web Player
Easy-WebPrint
FirstClass 8.047
Guitar Pro 5.0
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 1.99.1
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB928388)
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP QuickPlay 2.0
HP Rhapsody
HP Software Update
HP User Guides 0011
HP User Guides--System Recovery
HP Wireless Assistant 2.00 C1
Hydrogen
Intel® PRO Network Connections Drivers
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
KeyScrambler
Lexicon Lambda ASIO(remove only)
LiveUpdate 3.0 (Symantec Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Mozilla Firefox (2.0.0.1)
MSN Messenger 7.5
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
musikCube 1.0
muvee autoProducer 4.5
Native Instruments GuitarRig 2.01 RTAS VSTi DXi
NAVShortcut
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
Novation Bass-Station VSTi v1.10
NVIDIA Drivers
Office 2003 Trial Assistant
Power Tab Editor 1.7
PowerISO
Quick Launch Buttons 5.20 F2
Quicken 2006
QuickTime
RealPlayer
Riva FLV Encoder 2.0
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
SPBBC
Spy Sweeper
SSH Secure Shell
Steam™
Steinberg Cubase SX v3.1.1.944
Steinberg Groove Agent 2 v2.0.0.28
Symantec
Synaptics Pointing Device Driver
SyncroSoft Emu (Remove only)
Syncrosoft's License Control
Texas Instruments PCIxx21/x515/xx12 drivers.
TourSetup
Tweak UI
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
Wireless Home Network Setup

#14 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 20 February 2007 - 10:40 PM

Sorry for the delay again. I asked around about your logs and haven't had a reply, which was part of the delay. Probably because there is no malware present that is causing this.

Even tho HijackThis is helpful in diagnosing other problems, malware removal is so time consuming that this forum is pretty much devoted to it only. Add to that that I'm not very familiar with Media Center Edition and you have a pretty elaborate set up for a musician to use, and finding the source of this problem is going to be like looking for a needle in a haystack.

Your best bet is to post about this in the Windows XP or Hardware forum so someone with more experience with your OS and equipment might see it and give better advice. Be sure to link to this thread as there is a lot of data here and make sure you mention it is Media Center Edition.

One thing that struck me as a possible cause, and this is just a wild guess--is Spy Sweeper. Just because I've heard that the latest version has caused some problems for people. You might try uninstalling it and see if it helps. Be sure to disable it first.

Otherwise all I can think of is some process that is set to start automatically or an auto updater firing up is causing the loss of focus. The latter shouldn't, but you have so much stuff installed there could be a conflict of some sort. If it was me I would ask for help in stripping the system down from the equipment you have connected to it and startups as well.

One thing you do need to attend to is getting Java up to date.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#15 kiesan

kiesan
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:37 AM

Posted 20 February 2007 - 10:53 PM

I believe I started with the XP forum then I got pushed here. The problem was before I got spysweeper which I got for free because my school provides it because the wireless is pretty unsecure. Otherthan that, the problem is still around. I'll get on the Java pronto. thanks for pointing that out.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users