As requested!
DDS Log
DDS (Ver_09-05-14.01) - NTFSx86
Run by A-02843 at 10:31:51.90 on Tue 06/09/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1315 [GMT -4:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\igfxpers .exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd .exe
C:\WINDOWS\system32\LVCOMSX .exe
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Logitech\Video\LogiTray .exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\HP\HP LaserJet M2727\Fax Driver\hppfaxprintersrv.exe
C:\Documents and Settings\A-02843\Desktop\dds.com
============== Pseudo HJT Report ===============
uStart Page =
https://intranet.aecon.com/en-CA/Pages/default.aspxuSearch Page =
hxxp://www.google.comuSearch Bar =
hxxp://www.google.com/ieuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext =
hxxp://www.aecon.com/home.aspxuSearchAssistant =
hxxp://www.google.com/ieuSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
mSearchAssistant =
hxxp://www.google.com/iemWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\a-02843\iarv.exe \s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe .exe c:\program files\dell\quickset\quickset.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [BearShare] "c:\program files\bearshare\BearShare.exe" /pause
mRun: [wihr] c:\windows\system32\wihr.exe \u
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: aecon.com\citrix
Trusted Zone: aecon.com\helpdesk
Trusted Zone: aecon.com\support
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} -
hxxp://upload.facebook.com/controls/200 ... oader5.cabDPF: {31435657-9980-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/ ... vc1dmo.cabDPF: {32505657-9980-0010-8000-00AA00389B71} -
hxxp://download.microsoft.com/download/ ... mvadvd.cabDPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} -
hxxp://dl.tvunetworks.com/TVUAx.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -
hxxp://gfx1.hotmail.com/mail/w3/pr01/re ... NPUpld.cabDPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://www.update.microsoft.com/windows ... 0927746203DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://www.update.microsoft.com/microso ... 0928151656DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} -
hxxp://support.f-secure.com/enu/home/on ... /fscax.cabDPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cabDPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} -
hxxp://mobileapps.blackberry.com/device ... Loader.cabNotify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2008-10-23 178376]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2008-10-23 30920]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2008-10-23 28872]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2008-10-23 1402568]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090608.007\naveng.sys [2009-6-8 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090608.007\navex15.sys [2009-6-8 876144]
S3 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2008-10-23 3321032]
=============== Created Last 30 ================
2009-05-27 13:09 10 a------- c:\windows\system32\kr_done1
2009-05-27 10:48 <DIR> --d----- c:\program files\DNA
2009-05-27 10:48 <DIR> --d----- c:\docume~1\a-02843\applic~1\DNA
2009-05-27 09:51 <DIR> --d----- c:\program files\Shareaza Applications
2009-05-27 08:41 <DIR> --d----- c:\program files\NCH Software
2009-05-27 07:55 <DIR> --d-h--- c:\windows\PIF
2009-05-26 18:57 483,328 a------- c:\windows\system32\actskn45.ocx
2009-05-24 20:55 <DIR> --d----- c:\program files\BearShare
2009-05-15 10:42 0 a------- C:\LOG26.tmp
==================== Find3M ====================
2009-06-09 06:44 23,052 a------- c:\windows\system32\lvcomsx.exe
2009-06-09 06:44 23,052 a------- c:\windows\system32\igfxpers.exe
2009-06-09 06:44 23,052 a------- c:\windows\system32\hkcmd.exe
2009-06-07 11:32 23,052 a------- c:\windows\system32\igfxtray.exe
2008-12-12 15:48 256 a------- c:\documents and settings\a-02843\pool.bin
2008-12-03 10:46 608 a--sh--- c:\windows\system32\winzvprt5.sys
============= FINISH: 10:31:59.20 ===============
Attach Log
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-05-14.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/25/2007 9:06:12 AM
System Uptime: 6/9/2009 6:41:56 AM (4 hours ago)
Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz | Microprocessor | 2194/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 112 GiB total, 96.024 GiB free.
D: is CDROM ()
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP88: 3/2/2009 2:19:21 PM - System Checkpoint
RP89: 3/4/2009 7:08:43 AM - System Checkpoint
RP90: 3/5/2009 7:30:49 AM - System Checkpoint
RP91: 3/12/2009 8:27:34 AM - System Checkpoint
RP92: 3/13/2009 9:47:37 AM - System Checkpoint
RP93: 3/16/2009 11:54:34 AM - System Checkpoint
RP94: 3/17/2009 2:26:52 PM - Software Distribution Service 3.0
RP95: 3/17/2009 2:31:27 PM - Installed Windows NLSDownlevelMapping.
RP96: 3/17/2009 2:31:53 PM - Installed Windows IDNMitigationAPIs.
RP97: 3/17/2009 2:33:13 PM - Installed Windows Internet Explorer 7.
RP98: 3/17/2009 2:33:49 PM - Software Distribution Service 3.0
RP99: 3/19/2009 8:05:25 AM - System Checkpoint
RP100: 3/23/2009 10:35:05 AM - Software Distribution Service 3.0
RP101: 3/24/2009 1:34:10 PM - System Checkpoint
RP102: 3/26/2009 7:10:50 AM - System Checkpoint
RP103: 3/27/2009 9:20:09 AM - System Checkpoint
RP104: 3/28/2009 2:52:47 PM - System Checkpoint
RP105: 3/31/2009 9:20:29 AM - System Checkpoint
RP106: 4/2/2009 9:32:07 AM - System Checkpoint
RP107: 4/3/2009 1:16:26 PM - System Checkpoint
RP108: 4/8/2009 10:37:57 AM - System Checkpoint
RP109: 4/9/2009 11:45:33 AM - System Checkpoint
RP110: 4/15/2009 2:16:27 PM - System Checkpoint
RP111: 4/17/2009 7:09:07 AM - System Checkpoint
RP112: 4/21/2009 8:48:35 AM - System Checkpoint
RP113: 4/23/2009 12:59:33 PM - System Checkpoint
RP114: 4/24/2009 1:19:11 PM - System Checkpoint
RP115: 4/25/2009 7:05:40 PM - System Checkpoint
RP116: 4/27/2009 7:29:19 AM - System Checkpoint
RP117: 4/30/2009 12:37:43 PM - System Checkpoint
RP118: 5/5/2009 1:25:25 PM - System Checkpoint
RP119: 5/8/2009 1:51:32 PM - System Checkpoint
RP120: 5/11/2009 8:44:29 AM - System Checkpoint
RP121: 5/12/2009 12:11:48 PM - System Checkpoint
RP122: 5/14/2009 1:35:04 PM - System Checkpoint
RP123: 5/15/2009 4:12:06 PM - System Checkpoint
RP124: 5/16/2009 9:14:05 PM - System Checkpoint
RP125: 5/18/2009 10:18:56 AM - System Checkpoint
RP126: 5/20/2009 9:36:49 AM - System Checkpoint
RP127: 5/22/2009 10:32:21 PM - System Checkpoint
RP128: 5/24/2009 8:57:07 AM - System Checkpoint
RP129: 5/25/2009 6:41:53 PM - Installed 32 Bit HP CIO Components Installer
RP130: 5/25/2009 6:42:11 PM - Removed 32 Bit HP CIO Components Installer
RP131: 5/29/2009 8:37:25 AM - System Checkpoint
==== Installed Programs ======================
32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.1
BlackBerry Desktop Software 4.2.2
BlackBerry Device Software Updater
Broadcom Gigabit Integrated Controller
Citrix Presentation Server Client - Web Only
Conexant HDA D330 MDC V.92 Modem
CustomerResearchQFolder
Dell Resource CD
Dell Touchpad
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DNA
FOX News Live
FOX News Live Stream
Google Earth
Google Updater
High Definition Audio Driver Package - KB835221
Hijackthis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 9.0
HP LaserJet M2727 MFP Series 5.0
HP Update
hppFaxDrvM2727
hppFaxUtility
hppFonts
hppLJM2727
hppManualsM2727
hppscanM2727
hppScanTo
hppSendFax
hppTLBXFXM2727
hppusgM2727
HPSSupply
hpzTLBXFX
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LiveUpdate 3.1 (Symantec Corporation)
Logitech QuickCam Software
Logitech® Camera Driver
MarketResearch
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Octoshape add-in for Adobe Flash Player
Online Armor 3.0
OZ776 SCR Driver V1.1.3.9
PowerDVD
Product_Min_QFolder
QuickSet
Remote Desktop Connection
Roxio Media Manager
Scan
Security Status
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
SigmaTel Audio
Symantec AntiVirus
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
==== Event Viewer Messages From Past Week ========
6/4/2009 8:31:42 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/3/2009 6:35:44 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\ctfmon.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
6/3/2009 6:33:39 AM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
==== End Of File ===========================
Root Log
OOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/09 10:26
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA7F1F000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5CA000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA5FA1000 Size: 49152 File Visible: No Signed: -
Status: -
Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\A-02843\Local Settings\Temp\Temporary Internet Files\Content.IE5\49QBWHIB\activity;src=1888070;met=1;v=1;pid=29440998;aid=207174090;ko=0;cid=29327332;rid=29345211;rv=1;×tamp=1228509588750;eid1=2;ecn1=1;etm1=10;eid2=12;ecn2=1;etm2=10;eid3=1[1].gif
Status: Locked to the Windows API!
Path: C:\Documents and Settings\A-02843\Local Settings\Temp\Temporary Internet Files\Content.IE5\49QBWHIB\activity;src=1888070;met=1;v=1;pid=29441003;aid=207174103;ko=0;cid=29327359;rid=29345238;rv=1;×tamp=1228509171125;eid1=2;ecn1=1;etm1=10;eid2=12;ecn2=1;etm2=10;eid3=1[1].gif
Status: Locked to the Windows API!
Path: C:\Documents and Settings\A-02843\Local Settings\Temp\Temporary Internet Files\Content.IE5\49QBWHIB\click,VaUDAN2kBgAOwRYAdh0HAAIAYAAAAP8AAAAGEAIABgLvDQcAwGgKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFuUOUkAAAAA,http%3A%2F%2Fca.ard.yahoo.com%2FSIG%3D14sbe3qld%2FM%3D655378[1].htm
Status: Locked to the Windows API!
Path: C:\Documents and Settings\A-02843\Local Settings\Temp\Temporary Internet Files\Content.IE5\SLMJW5Q7\activity;src=1888070;met=1;v=1;pid=29441003;aid=207174103;ko=0;cid=29327359;rid=29345238;rv=1;×tamp=1228506388265;eid1=2;ecn1=1;etm1=10;eid2=12;ecn2=1;etm2=10;eid3=1[1].gif
Status: Locked to the Windows API!
Path: C:\Documents and Settings\A-02843\Local Settings\Temp\Temporary Internet Files\Content.IE5\W0KAK3KZ\activity;src=1888070;met=1;v=1;pid=29440998;aid=207174090;ko=0;cid=29327332;rid=29345211;rv=1;×tamp=1228509598750;eid1=2;ecn1=0;etm1=10;eid2=12;ecn2=0;etm2=3;eid4=13[1].gif
Status: Locked to the Windows API!
Path: C:\Documents and Settings\A-02843\Local Settings\Temp\Temporary Internet Files\Content.IE5\W0KAK3KZ\activity;src=1888070;met=1;v=1;pid=29441003;aid=207174103;ko=0;cid=29327359;rid=29345238;rv=1;×tamp=1228509181125;eid1=2;ecn1=0;etm1=10;eid2=12;ecn2=0;etm2=4;eid5=13[1].gif
Status: Locked to the Windows API!
Path: C:\Documents and Settings\A-02843\Local Settings\Application Data\Microsoft\Messenger\stevepereira2003@hotmail.com\SharingMetadata\corbylynne@live.ca\DFSR\Staging\CS{2D849281-A973-4E3A-F61A-E924612AF473}\01\10-{2D849281-A973-4E3A-F61A-E924612AF473}-v1-{53D26FE6-5778-4F28-ADE6-6C4EB91F1F65}-v10-Downloaded.frx
Status: Locked to the Windows API!
Path: C:\Documents and Settings\A-02843\Application Data\Macromedia\Flash Player\#SharedObjects\WHTATSR2\include.classistatic.com\include\c3js\classifieds\rel1\FLASH\getMachId.swf\mach_data.sol:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!
SSDT
-------------------
#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa80610f0
#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa80616e0
#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa8060370
#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806de80
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806c1b0
#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa80601d0
#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805da10
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805dde0
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805d520
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805ec80
#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805f7b0
#: 062 Function Name: NtDeleteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806e9c0
#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806c760
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xa8983350
#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806de20
#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806de50
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa8060bc0
#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806e5d0
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806c9a0
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805e780
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805d7a0
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805f140
#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa8061390
#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806ddc0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806ddf0
#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806d8a0
#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa8060750
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806db00
#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805fe80
#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa806dda0
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805f5d0
#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805f930
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\Program Files\Symantec\SYMEVENT.SYS" at address 0xa8983580
#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa8060ac0
#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa8060030
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805fcb0
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805fb10
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805eae0
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa805f400
#: 262 Function Name: NtUnloadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa8060de0
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\drivers\OADriver.sys" at address 0xa8061540
Stealth Objects
-------------------
Object: Hidden Module [Name: System.Runtime.Serialization.Formatters.Soap.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x03590000 Size: 143360
Object: Hidden Module [Name: HPToolkit.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x034c0000 Size: 135168
Object: Hidden Module [Name: HPTools.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x00cd0000 Size: 77824
Object: Hidden Module [Name: AppConstants.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x01200000 Size: 77824
Object: Hidden Module [Name: HPAppTools.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x03330000 Size: 602112
Object: Hidden Module [Name: Enumeration.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x03570000 Size: 53248
Object: Hidden Module [Name: HPFaxUtilities.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x03640000 Size: 110592
Object: Hidden Module [Name: Alerts.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x03a10000 Size: 561152
Object: Hidden Module [Name: System.Management.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x039b0000 Size: 380928
Object: Hidden Module [Name: System.Runtime.Remoting.dll]
Process: HPTLBXFX.exe (PID: 3196) Address: 0x03ea0000 Size: 307200
Object: Hidden Module [Name: HPUsageTracking.dll]
Process: hppusg.exe (PID: 3208) Address: 0x00cc0000 Size: 69632
Object: Hidden Module [Name: HPTools.dll]
Process: hppusg.exe (PID: 3208) Address: 0x011f0000 Size: 77824
Object: Hidden Module [Name: HPToolkit.dll]
Process: hppusg.exe (PID: 3208) Address: 0x01230000 Size: 126976
Object: Hidden Module [Name: interop.hpqusg.dll]
Process: hppusg.exe (PID: 3208) Address: 0x03470000 Size: 36864
Object: Hidden Module [Name: System.Runtime.Serialization.Formatters.Soap.dll]
Process: hppusg.exe (PID: 3208) Address: 0x036e0000 Size: 143360
Object: Hidden Module [Name: Enumeration.dll]
Process: hppusg.exe (PID: 3208) Address: 0x03730000 Size: 45056
Object: Hidden Module [Name: HPStreamsInterface.dll]
Process: hppusg.exe (PID: 3208) Address: 0x03860000 Size: 28672
==EOF==