0

Like many others who have posted, I may have a virus that is changing my taskbar color and affecting my audio. I have seen many people posting their HiJackthis log fiies, but I am assuming I need to wait to do so.

Any help is apreciated.

Bob

3
Contributors
3
Replies
4
Views
7 Years
Discussion Span
Last Post by hussey00
0

Here are the logs:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-15 20:11:56
Windows 5.1.2600 Service Pack 3
Running: pnusezjm.exe; Driver: C:\DOCUME~1\Bob\LOCALS~1\Temp\awaoifod.sys


---- Devices - GMER 1.0.15 ----


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/7/2007 1:18:43 PM
System Uptime: 7/15/2010 11:50:19 PM (14 hours ago)

Motherboard: ASUSTeK Computer INC. | | Grouper
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | CPU 1 | 2800/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 88.003 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1121: 4/18/2010 5:48:11 AM - System Checkpoint
RP1122: 4/19/2010 6:48:11 AM - System Checkpoint
RP1123: 4/20/2010 7:48:11 AM - System Checkpoint
RP1124: 4/21/2010 8:48:11 AM - System Checkpoint
RP1125: 4/22/2010 9:48:11 AM - System Checkpoint
RP1126: 4/23/2010 10:48:11 AM - System Checkpoint
RP1127: 4/24/2010 11:48:13 AM - System Checkpoint
RP1128: 4/25/2010 1:31:20 PM - System Checkpoint
RP1129: 4/26/2010 2:13:59 PM - System Checkpoint
RP1130: 4/27/2010 2:59:38 PM - System Checkpoint
RP1131: 4/28/2010 3:59:39 PM - System Checkpoint
RP1132: 4/29/2010 4:59:39 PM - System Checkpoint
RP1133: 4/30/2010 5:59:39 PM - System Checkpoint
RP1134: 5/1/2010 6:59:39 PM - System Checkpoint
RP1135: 5/2/2010 8:07:08 PM - System Checkpoint
RP1136: 5/3/2010 8:59:42 PM - System Checkpoint
RP1137: 5/4/2010 9:59:43 PM - System Checkpoint
RP1138: 5/5/2010 10:17:38 PM - System Checkpoint
RP1139: 5/7/2010 12:23:19 AM - System Checkpoint
RP1140: 5/8/2010 1:11:14 AM - System Checkpoint
RP1141: 5/9/2010 1:27:19 AM - System Checkpoint
RP1142: 5/9/2010 8:19:48 AM - Removed Microsoft Office 2000 SR-1 Premium
RP1143: 5/9/2010 8:52:29 AM - Removed Trend Micro Internet Security
RP1144: 5/9/2010 2:07:01 PM - Installed Windows Internet Explorer 8.
RP1145: 5/9/2010 10:24:43 PM - Installed Windows Internet Explorer 8.
RP1146: 5/9/2010 10:42:03 PM - Restore Operation
RP1147: 5/10/2010 4:27:36 PM - Restore Operation
RP1148: 5/10/2010 5:14:04 PM - Restore Operation
RP1149: 5/10/2010 5:46:24 PM - Removed Trend Micro Internet Security
RP1150: 5/10/2010 5:47:27 PM - Removed Trend Micro Internet Security
RP1151: 5/10/2010 9:44:45 PM - Installed Windows NLSDownlevelMapping.
RP1152: 5/10/2010 9:45:21 PM - Installed Windows IDNMitigationAPIs.
RP1153: 5/10/2010 9:45:45 PM - Installed Windows Internet Explorer 7.
RP1154: 5/10/2010 10:49:46 PM - Installed Windows NLSDownlevelMapping.
RP1155: 5/10/2010 10:50:21 PM - Installed Windows IDNMitigationAPIs.
RP1156: 5/10/2010 10:50:40 PM - Installed Windows Internet Explorer 7.
RP1157: 5/10/2010 11:10:22 PM - Installed Windows Internet Explorer 8.
RP1158: 5/11/2010 11:31:26 PM - System Checkpoint
RP1159: 5/13/2010 7:34:35 PM - System Checkpoint
RP1160: 5/14/2010 3:00:29 AM - Software Distribution Service 3.0
RP1161: 5/15/2010 11:03:30 PM - Software Distribution Service 3.0
RP1162: 5/16/2010 3:22:14 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP1163: 5/16/2010 3:40:49 PM - Installed Windows Internet Explorer 8.
RP1164: 5/16/2010 7:45:39 PM - Software Distribution Service 3.0
RP1165: 5/16/2010 10:33:31 PM - Restore Operation
RP1166: 5/16/2010 10:38:37 PM - Restore Operation
RP1167: 5/16/2010 10:41:59 PM - Restore Operation
RP1168: 5/16/2010 10:45:20 PM - Restore Operation
RP1169: 5/18/2010 12:24:22 AM - System Checkpoint
RP1170: 5/18/2010 10:47:34 PM - Installed Windows XP Service Pack 3.
RP1171: 5/18/2010 10:50:49 PM - Installed Windows XP KB946648.
RP1172: 5/18/2010 10:58:46 PM - Software Distribution Service 3.0
RP1173: 5/19/2010 11:19:26 PM - System Checkpoint
RP1174: 5/21/2010 12:13:47 AM - System Checkpoint
RP1175: 5/22/2010 12:17:38 AM - System Checkpoint
RP1176: 5/22/2010 10:45:05 PM - Installed SUPERAntiSpyware Free Edition
RP1177: 5/23/2010 6:21:03 AM - avast! Free Antivirus Setup
RP1178: 5/25/2010 9:12:15 PM - System Checkpoint
RP1179: 5/27/2010 8:49:17 PM - Software Distribution Service 3.0
RP1180: 5/29/2010 4:03:17 PM - System Checkpoint
RP1181: 5/30/2010 6:32:11 PM - System Checkpoint
RP1182: 5/31/2010 6:43:21 PM - System Checkpoint
RP1183: 6/2/2010 6:04:53 AM - System Checkpoint
RP1184: 6/3/2010 6:54:13 AM - System Checkpoint
RP1185: 6/4/2010 7:55:15 AM - System Checkpoint
RP1186: 6/6/2010 12:25:02 PM - System Checkpoint
RP1187: 6/7/2010 3:00:20 AM - Software Distribution Service 3.0
RP1188: 6/8/2010 3:48:45 AM - System Checkpoint
RP1189: 6/9/2010 6:08:10 AM - System Checkpoint
RP1190: 6/10/2010 9:19:39 AM - System Checkpoint
RP1191: 6/12/2010 9:33:47 AM - System Checkpoint
RP1192: 6/12/2010 10:58:36 PM - Installed iTunes
RP1193: 6/13/2010 3:00:38 AM - Software Distribution Service 3.0
RP1194: 6/14/2010 3:00:18 AM - Software Distribution Service 3.0
RP1195: 6/15/2010 10:01:19 PM - System Checkpoint
RP1196: 6/18/2010 9:30:26 PM - System Checkpoint
RP1197: 6/20/2010 12:06:27 AM - System Checkpoint
RP1198: 6/21/2010 12:57:53 AM - System Checkpoint
RP1199: 6/21/2010 11:10:04 PM - Removed SUPERAntiSpyware Free Edition
RP1200: 6/22/2010 11:23:38 PM - System Checkpoint
RP1201: 6/23/2010 2:18:44 PM - Installed MPLAB Tools v8.36
RP1202: 6/23/2010 2:27:50 PM - Installed PICkit 2 v2.50.02
RP1203: 6/23/2010 2:28:18 PM - Installed PIC16F690 Lessons
RP1204: 6/23/2010 8:45:54 PM - Software Distribution Service 3.0
RP1205: 6/23/2010 9:10:15 PM - Software Distribution Service 3.0
RP1206: 6/26/2010 1:01:37 AM - System Checkpoint
RP1207: 6/27/2010 10:52:17 AM - System Checkpoint
RP1208: 7/1/2010 11:25:52 PM - System Checkpoint
RP1209: 7/5/2010 6:41:14 AM - System Checkpoint
RP1210: 7/7/2010 10:11:53 PM - System Checkpoint
RP1211: 7/8/2010 11:40:07 PM - System Checkpoint
RP1212: 7/10/2010 12:55:07 AM - System Checkpoint
RP1213: 7/12/2010 3:26:37 PM - System Checkpoint
RP1214: 7/13/2010 4:59:04 PM - System Checkpoint
RP1215: 7/14/2010 5:41:29 PM - System Checkpoint
RP1216: 7/15/2010 6:05:07 PM - System Checkpoint
RP1217: 7/15/2010 8:04:12 PM - Software Distribution Service 3.0

==== Installed Programs ======================

1300
1300_Help
1300Tour
1300Trb
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.6
Adobe Shockwave Player 11
Agere Systems PCI Soft Modem
AiO_Scan
AIOMinimal
AiOSoftware
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applied Vision 3.0
Ask Toolbar
Bonjour
Copy
CreativeProjects
Director
DivX Codec
DocProc
Facebook Plug-In
Fax
Glary Registry Repair 3.3.0.852
GradeQuick Web Plugin
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP Product Detection
HP PSC & OfficeJet 3.5
HP Software Update
HP Unload DLL Patch
hpmdtab
HPSystemDiagnostics
InstantShare
Intel(R) Graphics Media Accelerator Driver
iPhone Configuration Utility
iTunes
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6 Update 1
LG USB Drivers
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Communicator 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
MPLAB Tools v8.36
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
overland
PhotoGallery
PIC16F690 Lessons
Picasa 3
PICkit 2 v2.50.02
PrintScreen
QFolder
Quicken 2009
QuickProjects
QuickTime
Readme
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody MP3 Download Manager
Rhapsody Player Engine
Safari
Scan
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
SkinsHP1
SkinsHP2
Symantec Technical Support Web Controls
TrayApp
Trend Micro Internet Security
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2202131)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
V CAST Music
V CAST Music Essentials Manager
Walmart MP3 Music Downloads
WD Diagnostics
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

7/15/2010 8:05:02 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
7/15/2010 8:05:02 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/15/2010 8:05:02 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/15/2010 7:32:11 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/15/2010 4:38:51 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\drivers\tcpip.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5625.
7/15/2010 4:38:47 PM, error: Service Control Manager [7001] - The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: Access is denied.
7/15/2010 4:38:47 PM, error: Service Control Manager [7000] - The TCP/IP Protocol Driver service failed to start due to the following error: Access is denied.
7/15/2010 4:38:32 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Tcpip tmtdi
7/15/2010 4:38:24 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The specified driver is invalid.
7/15/2010 4:38:17 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2010 4:38:17 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2010 4:38:17 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2010 4:38:17 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2010 4:38:17 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/15/2010 4:36:27 PM, error: NetBT [4311] - Initialization failed because the driver device could not be created.
7/15/2010 4:10:06 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
7/15/2010 11:51:25 PM, error: System Error [1003] - Error code 0000004e, parameter1 00000007, parameter2 000323eb, parameter3 00000001, parameter4 00000000.
7/12/2010 8:53:39 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The system cannot find the file specified.
7/12/2010 8:53:39 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
7/12/2010 8:52:30 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/12/2010 8:52:30 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================


AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----


DDS (Ver_10-03-17.01) - NTFSx86
Run by Bob at 13:01:51.37 on Fri 07/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.449 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Bob\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://msn.com/
uSearch Page =
uSearch Bar =
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [Alcmtr] ALCMTR.EXE
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0C92900E-4D5A-4F04-ACC9-729E1767BBAE} - hxxp://jeweloscophoto.lifepics.com/net/Uploader/LPUploader45.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/59.04/uploader2.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176003538765
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\bashdefs\20100709.001\BHDrvx86.sys [2010-7-12 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-20 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-20 116784]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2008-4-5 52624]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2008-2-15 36368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\ipsdefs\20100715.001\IDSXpx86.sys [2010-7-16 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20100715.053\NAVENG.SYS [2010-7-16 85424]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.6.0.32\definitions\virusdefs\20100715.053\NAVEX15.SYS [2010-7-16 1362608]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2008-2-15 333328]
S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-8-20 2560]
S3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2008-4-5 648456]

=============== Created Last 30 ================

2010-07-15 21:29:35 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-05 18:56:52 0 d-----w- C:\firmware
2010-06-23 19:28:19 0 d-----w- C:\PK2 Lessons
2010-06-23 19:24:03 0 d--h--r- c:\docume~1\bob\applic~1\Microchip
2010-06-23 19:20:49 0 d-----w- c:\program files\Microchip

==================== Find3M ====================

2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-10 22:48:52 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2008-08-20 00:33:04 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 13:02:39.06 ===============

0

hi!!
i want to ask you guys. that i bought a new LAPTOP. so please tell me. which type of virus is better for mine system. how is Mcafe.

<Link removed>

Edited by crunchie: Keep it on site.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.