Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help with ZSHP1020.EXE virus infestation

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need help with ZSHP1020.EXE virus infestation

Unread postby Oceana » January 16th, 2011, 8:32 pm

About 4 months ago, SAV informed me it had successfully blocked a virus from getting in. Unfortunately, I didn't keep the virus name.

At that same time, my 3 GHz machine went from taking 2 minutes to cold boot to 15 minutes. Even the pre-Windows boot took a lot longer. Also, now my CPU usage likes to hang around 50% when I'm doing nothing and Windows security keeps telling me SAV reports that the virus protection has been turned off.

The symtoms match a posting on your site titled, ""Symantec Endpoint Protection is turned off" bubble pops up", made Mon 12 Jan, 2009 9:30 pm.
and the machine is now slower than dirt doing just about anything, compared to what it was.

GMER.exe foundZSHP1020.EXE. I do have an HP1020 printer, but I suspect I've got the virus, too.

I'll paste the HiJackThis log as I see BillyDee did and the uninstall list.

Thanks,

Jim

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:13:41 PM, on 1/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\tppaldr.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
D:\Program_Files\HP\Digital Imaging\bin\hpqSRMon.exe
D:\Program_Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\EXSHOW95.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program_Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program_Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
D:\Program_Files\HP\Digital Imaging\bin\hpqgpc01.exe
D:\Program_Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\System32\svchost.exe
D:\Program_Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program_Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {521E1B2B-0D05-4F9A-91EE-8FCDD4A28DCF} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E43231E9-17C7-4336-BD4E-504D823D082D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program_Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [ISUSScheduler] "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [hpqSRMon] D:\Program_Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program_Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program_Files\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program_Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - S-1-5-18 Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE (User 'Default user')
O4 - Startup: Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program_Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCo ... taller.cab
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} (MSN Photo Select Tool) - http://photos.msn.com/resources/neutral ... 10,0,910,0
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsup ... gctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5441190031
O16 - DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - https://brio.cit.cornell.edu/Brio/zeroa ... elp.en.cab
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} (Java Plug-in 1.6.0_20) -
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://boystomenccc.webex.com/client/T ... eatgpc.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral ... 10,0,910,0
O20 - Winlogon Notify: urqQjhFx - Invalid registry found
O21 - SSODL: CheckDrive - {af75812e-67e8-4d09-834f-3b537bedfa28} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: NBService - Nero AG - D:\Program_Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - C:\WINDOWS\system32\pctspk.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Lenovo (United States) Inc. - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

--
End of file - 16936 bytes


Uninstall Log:

32 Bit HP CIO Components Installer
Access Help
Acoustica CD/DVD Label Maker
Acoustica Photos Forever
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 9 Plugin
Adobe Photoshop v4.0
Adobe Reader 7.1.0
Adobe Shockwave Player
AJB 6000 update
AML Free Registry Cleaner 4.21
Apple Application Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Atomic Clock Sync
Canon BJC-3000 (BJRSTR)
Canon BJC-3000 Printer
Canon SELPHY CP780
Canon Utilities SELPHY Photo Print
Canon Utilities SELPHY Print Contents 1.0.0
Cisco Systems VPN Client 5.0.01.0600
Compatibility Pack for the 2007 Office system
Complete CD Maker
Critical Update for Windows Media Player 11 (KB959772)
Data Lifeguard Tools
Digital Voice Editor 3
Diskeeper Lite
Driver Whiz
DVD Decrypter (Remove Only)
DVD Shrink 3.2
File Uploader
FileZilla (remove only)
Geekbench 2.1
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Help Center
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 12.0
HP Photo Creations
HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
HP Photosmart Essential
HP Photosmart Essential 3.5
HP Photosmart Premier Software 6.5
HP Scanjet G4000 series 8.0
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HSP56 Modem Drivers
Hyperion Intelligence Client
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Intel(R) Network Connections 14.8.43.0
InterVideo WinDVD
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Kensington MouseWorks
LaserJet 1020 series
Lenovo ThinkVantage Toolbox
LightScribe System Software
LiveReg (Symantec Corporation)
LiveUpdate 3.3 (Symantec Corporation)
Magic ISO Maker v5.5 (build 0261)
Maintenance Manager
Malwarebytes' Anti-Malware
Message Center
Message Center Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
Mouse Suite
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Ultra Edition
Nero PhotoShow Express
neroxml
Nikon Message Center
Nikon Transfer
Norton SystemWorks 2003
OCR Software by I.R.I.S. 12.0
Pinnacle InstantCD/DVD Suite
Productivity Center Supplement for ThinkCentre
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RecordNow Audio
RecordNow Copy
RecordNow Data
Remove Multimedia Center
Rescue and Recovery - Client Security Solution
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic DLA
Sonic Express Labeler
Sonic RecordNow!
SoundMAX
Symantec Endpoint Protection
System Migration Assistant
System Update
ThinkVantage Productivity Center
ThinkVantage Technologies Welcome Message
TPM Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter V2 (TPP)
Verizon Help and Support Tool
Vz In Home Agent
Wallpapers
WebEx
Windows Driver Package - Hewlett-Packard Image (12/14/2009 13.0.0.61)
Windows Driver Package - Winbond Electronics Corporation Winbond Trusted Platform Module (06/30/2005 5.1.47.2011)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinPcap 3.1 beta4
WinRAR archiver
WM Recorder + RM Recorder 10.21
XLink/Win Version 2.7b
XP Themes
Zaurus Application Partner
Oceana
Active Member
 
Posts: 13
Joined: January 16th, 2011, 7:09 pm
Advertisement
Register to Remove

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby deltalima » January 17th, 2011, 9:14 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby deltalima » January 17th, 2011, 9:19 am

Hi Oceana,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby Oceana » January 17th, 2011, 5:13 pm

This is a home machine.
Oceana
Active Member
 
Posts: 13
Joined: January 16th, 2011, 7:09 pm

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby Oceana » January 17th, 2011, 5:14 pm

This is a home machine.
Oceana
Active Member
 
Posts: 13
Joined: January 16th, 2011, 7:09 pm

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby deltalima » January 17th, 2011, 5:17 pm

Hyperion Intelligence Client and Cisco Systems VPN Client are not programs I would expect to see on a home computer. Is the computer used for business in any way?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby Oceana » January 17th, 2011, 5:23 pm

deltalima wrote:Hyperion Intelligence Client and Cisco Systems VPN Client are not programs I would expect to see on a home computer. Is the computer used for business in any way?


I used to work at a local university till March of 09 and my account was active for a year while I was on layoff status. I had VPN and Hyperion on for when I'd access from home and never bothered to remove it. I'm hoping if I get a job at the same place again, at least the VPN will work again for me.
Oceana
Active Member
 
Posts: 13
Joined: January 16th, 2011, 7:09 pm

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby deltalima » January 17th, 2011, 5:46 pm

Hi Oceana,

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please also post the log from the latest GMER scan.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby Oceana » January 17th, 2011, 6:32 pm

Checkup results:

Results of screen317's Security Check version 0.99.8
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
AML Free Registry Cleaner 4.21
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Java(TM) 6 Update 23
Java(TM) 6 Update 7
IBM 32-bit Runtime Environment for Java 2, v1.4.2
Out of date Java installed!
Adobe Flash Player 9 (Out of date Flash Player installed!)
Adobe Flash Player
Adobe Reader 7.1.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````


OTL.Txt:

OTL logfile created on: 1/17/2011 5:19:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Jim Cargill\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.02 Gb Total Space | 38.71 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 92.21 Gb Free Space | 39.60% Space Free | Partition Type: NTFS
Drive R: | 99.72 Mb Total Space | 41.55 Mb Free Space | 41.67% Space Free | Partition Type: FAT

Computer Name: LENOVO-D031BFEE | User Name: Jim Cargill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Jim Cargill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe ()
PRC - D:\Program_Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
PRC - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe ()
PRC - C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe (Lenovo Group Limited)
PRC - C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
PRC - C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe (IBM)
PRC - C:\WINDOWS\system32\ico.exe (Primax Electronics Ltd.)
PRC - C:\WINDOWS\system32\FSRremoS.EXE ()
PRC - C:\WINDOWS\system32\pctspk.exe ()
PRC - C:\WINDOWS\system32\WISPTIS.EXE (Microsoft Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE (Symantec Corporation)
PRC - C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE (Symantec Corporation)
PRC - C:\WINDOWS\TPPALDR.EXE (Cypress Semiconductor)
PRC - C:\WINDOWS\system32\exshow95.exe (Kensington Technology Group)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Jim Cargill\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Alcatel-Lucent)


========== Win32 Services (SafeList) ==========

SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (SUService) -- c:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (TVT Scheduler) -- C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SNAC) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE (Symantec Corporation)
SRV - (SmcService) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (PsaSrv) -- C:\WINDOWS\System32\drivers\psasrv.exe ()
SRV - (ThinkVantage Registry Monitor Service) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (NBService) -- D:\Program_Files\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (IPSSVC) -- C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Group Limited)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (TVT Backup Service) -- C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe ()
SRV - (Diskeeper) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (TSSCoreService) -- C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe (IBM)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (NetGroup - Politecnico di Torino)
SRV - (Pctspk) -- C:\WINDOWS\system32\pctspk.exe ()
SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)
SRV - (GhostStartService) -- C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe (Symantec Corporation)
SRV - (NProtectService) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE (Symantec Corporation)
SRV - (Speed Disk service) -- C:\Program Files\Norton SystemWorks\Speed Disk\NOPDB.EXE (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110116.003\NAVEX15.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110116.003\NAVENG.SYS (Symantec Corporation)
DRV - (WpsHelper) -- C:\WINDOWS\system32\drivers\WpsHelper.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (gmer) -- C:\WINDOWS\system32\drivers\gmer.sys (GMER)
DRV - (COH_Mon) -- C:\WINDOWS\system32\drivers\COH_Mon.sys (Symantec Corporation)
DRV - (WPS) -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys (Symantec Corporation)
DRV - (SRTSPL) -- C:\WINDOWS\system32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\system32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\WINDOWS\system32\drivers\srtspx.sys (Symantec Corporation)
DRV - (Teefer2) -- C:\WINDOWS\system32\drivers\Teefer2.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (EGATHDRV) -- C:\WINDOWS\system32\EGATHDRV.SYS (IBM Corporation)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (TPM) -- C:\WINDOWS\system32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (PROCDD) -- C:\WINDOWS\system32\drivers\PROCDD.SYS (Lenovo Group Limited)
DRV - (ibmfilter) -- C:\WINDOWS\system32\drivers\ibmfilter.sys (IBM)
DRV - (ANCSQ) -- C:\WINDOWS\System32\drivers\ANCSQ.sys (IBM Corp.)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (PrivateDisk) -- C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys (Utimaco Safeware AG)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (smi2) -- C:\Program Files\SMI2\smi2.sys (IBM Corp.)
DRV - (TPM12) -- C:\WINDOWS\system32\drivers\nsctpm12.sys (National Semiconductor Corp.)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (NetGroup - Politecnico di Torino)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (vobiw) -- C:\WINDOWS\System32\drivers\vobIW.sys (Pinnacle Systems GmbH)
DRV - (cdrdrv) -- C:\WINDOWS\system32\drivers\Cdrdrv.sys (Pinnacle Systems GmbH)
DRV - (ASAPIW2K) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (Ptserial) -- C:\WINDOWS\system32\drivers\ptserial.sys (PCTEL, INC.)
DRV - (Vpctcom) -- C:\WINDOWS\system32\drivers\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\system32\drivers\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\system32\drivers\vmodem.sys (PCTEL, INC.)
DRV - (VOBID) -- C:\WINDOWS\system32\DRIVERS\vobid.sys (Pinnacle Systems)
DRV - (pelusblf) -- C:\WINDOWS\system32\drivers\pelusblf.sys (Primax Electronics Ltd.)
DRV - (pelmouse) -- C:\WINDOWS\system32\drivers\PELMOUSE.SYS (Primax Electronics Ltd.)
DRV - (GhPciScan) -- C:\Program Files\Norton SystemWorks\Norton Ghost\GhPciScan.sys (Symantec Corporation)
DRV - (Aspi32) -- C:\WINDOWS\System32\drivers\ASPI32.SYS (Adaptec)
DRV - (NPDriver) -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS (Symantec Corporation)
DRV - (TPP200) USB Storage Adapter V2 (TPP) -- C:\WINDOWS\system32\drivers\TPP200.SYS (Cypress Semiconductor)
DRV - (KMW_SYS) -- C:\WINDOWS\system32\drivers\KMW_SYS.sys (Kensington Technology Group)
DRV - (KID_SYS) -- C:\WINDOWS\system32\drivers\kid_sys.sys (Kensington Technology Group)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Ptserlp) -- C:\WINDOWS\system32\drivers\ptserlp.sys (PCTEL, INC.)
DRV - (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) -- C:\WINDOWS\system32\drivers\ac97intc.sys (Intel Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
DRV - (pmem) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: D:\Program_Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/26 14:11:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/14 15:24:57 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/01/16 09:21:18 | 000,429,935 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14804 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program_Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {521E1B2B-0D05-4F9A-91EE-8FCDD4A28DCF} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program_Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (no name) - {E43231E9-17C7-4336-BD4E-504D823D082D} - No CLSID value found.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program_Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [cssauth] C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [EXSHOW95.EXE] C:\WINDOWS\System32\exshow95.exe (Kensington Technology Group)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IBM Warranty Notification] C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe (IBM Corporation)
O4 - HKLM..\Run: [ISUSScheduler] c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe ()
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PCTVOICE] C:\WINDOWS\System32\pctspk.exe ()
O4 - HKLM..\Run: [PDService.exe] C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [QuickTime Task] D:\Program_Files\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005..\Run: [SpybotSD TeaTimer] D:\Program_Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Jim Cargill\Start Menu\Programs\Startup\Norton System Doctor.LNK = C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1694142536-3309553471-3260457264-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program_Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program_Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCo ... taller.cab (Support.com Configuration Class)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {08D390AE-5101-4701-A89F-6C6DADCCC402} http://photos.msn.com/resources/neutral ... 10,0,910,0 (MSN Photo Select Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/sh ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} http://www-307.ibm.com/pc/support/acpir.cab (IASRunner Class)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsup ... gctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 5441190031 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} https://brio.cit.cornell.edu/Brio/zeroa ... elp.en.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4 ... 42-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://boystomenccc.webex.com/client/T ... eatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} http://photos.msn.com/resources/neutral ... 10,0,910,0 (DigWebHelper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\urqQjhFx: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21 - SSODL: CheckDrive - {af75812e-67e8-4d09-834f-3b537bedfa28} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/08 03:25:45 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2000/06/23 12:16:04 | 000,000,045 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{42772597-bb6a-11db-b939-0016416b4cb2}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2001/06/04 15:22:36 | 000,040,960 | ---- | M] ()
O33 - MountPoints2\{7152ebd0-2fb5-11df-8520-0016416b4cb2}\Shell - "" = AutoRun
O33 - MountPoints2\{7152ebd0-2fb5-11df-8520-0016416b4cb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{be10bace-174c-11df-850a-0016416b4cb2}\Shell - "" = AutoRun
O33 - MountPoints2\{be10bace-174c-11df-850a-0016416b4cb2}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/17 17:18:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim Cargill\Desktop\OTL.exe
[2011/01/17 17:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Cargill\Desktop\Security Results
[2011/01/13 20:35:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/13 20:35:00 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/01/13 20:31:12 | 000,146,102 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Jim Cargill\Desktop\erunt-setup.exe
[2011/01/13 16:53:40 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011/01/13 16:53:39 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/13 16:51:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Jim Cargill\Desktop\ATF-Cleaner.exe
[2011/01/13 16:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim Cargill\Start Menu\Programs\HiJackThis
[2011/01/03 08:37:54 | 000,069,632 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfgif13n.dll
[2011/01/03 08:37:48 | 000,450,560 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimg13n.dll
[2011/01/03 08:37:48 | 000,401,408 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfcmp13n.dll
[2011/01/03 08:37:48 | 000,057,344 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfbmp13n.dll
[2010/12/28 10:23:41 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/28 10:23:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/12/28 10:23:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/09/28 13:39:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Jim Cargill\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/01/17 17:18:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim Cargill\Desktop\OTL.exe
[2011/01/17 17:17:35 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1694142536-3309553471-3260457264-1005.job
[2011/01/17 17:17:35 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1694142536-3309553471-3260457264-1005.job
[2011/01/17 17:00:50 | 000,879,047 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\Desktop\SecurityCheck.exe
[2011/01/17 16:47:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/17 14:03:21 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\Desktop\Outlook 2003.lnk
[2011/01/17 11:11:56 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SystemToolsDailyTest.job
[2011/01/17 10:46:30 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/17 10:45:47 | 000,025,354 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2011/01/17 10:44:13 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2011/01/17 10:44:03 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/17 10:42:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/17 10:41:54 | 1607,192,576 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/17 08:55:44 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003 (3).lnk
[2011/01/16 09:21:18 | 000,429,935 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/14 20:19:11 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2011/01/13 20:31:45 | 000,146,102 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Jim Cargill\Desktop\erunt-setup.exe
[2011/01/13 20:16:13 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\Desktop\RKUnhookerLE.EXE
[2011/01/13 16:53:34 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\Desktop\RSIT.exe
[2011/01/13 16:51:18 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Jim Cargill\Desktop\ATF-Cleaner.exe
[2011/01/13 16:44:10 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\Desktop\HiJackThis.lnk
[2011/01/13 16:43:55 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\Desktop\Shortcut to HiJackThis.exe.lnk
[2011/01/13 15:47:15 | 000,001,536 | ---- | M] () -- C:\WINDOWS\System32\TrueSoft.dat
[2011/01/13 15:42:35 | 000,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2011/01/13 09:00:00 | 000,000,318 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2011/01/05 16:17:52 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\default.pls
[2011/01/05 15:40:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/01 11:58:56 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/30 18:13:07 | 000,429,671 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110116-092118.backup
[2010/12/30 18:10:57 | 000,429,671 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101230-181307.backup
[2010/12/29 11:55:13 | 000,000,528 | ---- | M] () -- C:\WINDOWS\tasks\PCDoctorBackgroundMonitorTask.job
[2010/12/29 10:00:09 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\Application Data\Microsoft\Internet Explorer\Quick Launch\Copy of Excel 2003.lnk
[2010/12/28 19:38:04 | 000,002,405 | ---- | M] () -- C:\Documents and Settings\Jim Cargill\Desktop\Picture Manager.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/17 16:59:19 | 000,879,047 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Desktop\SecurityCheck.exe
[2011/01/13 20:16:06 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Desktop\RKUnhookerLE.EXE
[2011/01/13 16:52:40 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Desktop\RSIT.exe
[2011/01/13 16:43:55 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Desktop\Shortcut to HiJackThis.exe.lnk
[2011/01/13 16:41:54 | 000,002,337 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Desktop\HiJackThis.lnk
[2010/01/26 13:42:35 | 000,526,848 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2009/10/21 12:24:04 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS23.DLL
[2009/09/28 13:40:01 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Application Data\pcouffin.log
[2009/09/28 13:39:26 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Application Data\inst.exe
[2009/09/28 13:39:26 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Application Data\pcouffin.cat
[2009/09/28 13:39:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Application Data\pcouffin.inf
[2009/06/27 11:57:59 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/06/27 11:57:59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1AEEEBFA03.sys
[2009/05/14 08:07:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Screen Savers
[2009/05/14 08:07:51 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Jim Cargill\Application Data\Sampler Files
[2009/05/14 08:07:51 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/05/14 08:07:51 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sound Effects
[2009/05/08 12:03:04 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/04/29 16:59:15 | 000,003,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/08/31 07:40:45 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/08/31 07:40:43 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/08/14 19:02:32 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
[2008/07/09 20:39:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2008/07/09 20:16:42 | 000,002,714 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Application Data\SAS7_000.DAT
[2008/07/09 19:15:50 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2008/07/09 19:15:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2008/03/11 19:59:13 | 000,000,074 | ---- | C] () -- C:\WINDOWS\brioqplg.ini
[2008/03/11 19:59:02 | 000,032,389 | ---- | C] () -- C:\WINDOWS\bqformat.ini
[2008/02/11 11:13:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/05 12:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Local Settings\Application Data\setup.txt
[2008/01/26 10:32:59 | 000,000,108 | ---- | C] () -- C:\WINDOWS\MULTIHLP.INI
[2008/01/26 10:32:58 | 000,000,497 | ---- | C] () -- C:\WINDOWS\PXDLITE.INI
[2008/01/26 10:32:58 | 000,000,452 | ---- | C] () -- C:\WINDOWS\PDOXWIN.INI
[2008/01/26 10:32:58 | 000,000,197 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2008/01/04 14:13:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2007/12/02 07:20:52 | 002,115,816 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/08/23 18:38:40 | 000,000,139 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/08/23 18:38:32 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/08/23 18:29:47 | 000,003,449 | ---- | C] () -- C:\WINDOWS\ATM.INI
[2007/08/23 18:27:26 | 000,000,306 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/07/16 11:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 11:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/07/07 06:53:24 | 000,005,528 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2007/07/07 06:53:24 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2007/07/07 06:53:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
[2007/04/24 14:36:17 | 000,000,077 | ---- | C] () -- C:\WINDOWS\ZRLINK.INI
[2007/02/15 09:20:03 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/13 12:31:46 | 000,005,615 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/02/09 20:25:32 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/08 23:14:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2007/02/08 03:25:21 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Jim Cargill\Local Settings\Application Data\fusioncache.dat
[2007/02/06 08:33:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/02/06 07:54:08 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/06 07:51:24 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/02/06 07:31:59 | 000,000,447 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/02/06 07:31:14 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2007/02/06 07:31:14 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2007/02/06 07:31:13 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2007/02/06 07:31:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2007/02/06 07:31:13 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2007/02/06 07:31:13 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/02/05 11:25:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/01/29 10:36:32 | 000,025,354 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2004/08/09 14:03:43 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/09 13:46:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/15 05:01:26 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2003/09/17 10:12:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\TX32.DLL
[2003/04/10 19:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/17 16:46:30 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[2002/02/27 17:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 17:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 17:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 17:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 17:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[1997/09/12 16:41:00 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\Eztw32.dll
[1980/01/01 03:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[1980/01/01 03:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[1980/01/01 03:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[1980/01/01 03:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[1980/01/01 03:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

< End of report >

Extras.Txt results:

OTL Extras logfile created on: 1/17/2011 5:19:58 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Jim Cargill\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.02 Gb Total Space | 38.71 Gb Free Space | 55.28% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 92.21 Gb Free Space | 39.60% Space Free | Partition Type: NTFS
Drive R: | 99.72 Mb Total Space | 41.55 Mb Free Space | 41.67% Space Free | Partition Type: FAT

Computer Name: LENOVO-D031BFEE | User Name: Jim Cargill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"SerialNumber" = A109A-K13-3ZXD-BAP5-TE
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program_Files\HP\Digital Imaging\{2D250E57-9890-44a6-B08F-5C02C991EF24}\setup\hpznui01.exe" = D:\Program_Files\HP\Digital Imaging\{2D250E57-9890-44a6-B08F-5C02C991EF24}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"D:\Program_Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program_Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program_Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hpfcCopy.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"D:\Program_Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hpiscnapp.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program_Files\HP\Digital Imaging\bin\hpqsudi.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program_Files\HP\Digital Imaging\bin\hpqpsapp.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program_Files\HP\Digital Imaging\bin\hpofxs08.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hpqfxt08.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"D:\Program_Files\HP\Digital Imaging\bin\hpqpse.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program_Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\HP Software Update\hpwucli.exe" = D:\Program_Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program_Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = D:\Program_Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"D:\Program_Files\HP\Digital Imaging\{2D250E57-9890-44a6-B08F-5C02C991EF24}\setup\hpznui01.exe" = D:\Program_Files\HP\Digital Imaging\{2D250E57-9890-44a6-B08F-5C02C991EF24}\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- (Hewlett-Packard)
"D:\Program_Files\HP\Digital Imaging\bin\hpofxm08.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hposfx08.exe" = D:\Program_Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hposid01.exe" = D:\Program_Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hpfcCopy.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"D:\Program_Files\HP\Digital Imaging\bin\hpzwiz01.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hpoews01.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hpiscnapp.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program_Files\HP\Digital Imaging\bin\hpqsudi.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program_Files\HP\Digital Imaging\bin\hpqpsapp.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program_Files\HP\Digital Imaging\bin\hpofxs08.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\Digital Imaging\bin\hpqfxt08.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"D:\Program_Files\HP\Digital Imaging\bin\hpqpse.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"D:\Program_Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = D:\Program_Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"D:\Program_Files\HP\HP Software Update\hpwucli.exe" = D:\Program_Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"D:\Program_Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = D:\Program_Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015A0855-1EF5-4C77-93DB-8E2FC6A495B5}" = Microsoft Money 2003
"{02D5E8EE-0B08-4F2C-97D6-A400E77275FE}" = Microsoft Money 2003 System Pack
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{075473F5-846A-448B-BCB3-104AA1760205}" = RecordNow Data
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{141F2872-D2F9-4A89-95D3-E222D1CBCC56}" = Vz In Home Agent
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19a5dd5e-9675-41ef-b02a-5bdb53fb5557}" = C309a
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2D250E57-9890-44a6-B08F-5C02C991EF24}" = HP Photosmart C309a All-In-One Driver Software 12.0 Rel .5
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.21
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3744B641-61DE-417F-BCDC-9CCED4224DF8}" = LightScribe System Software
"{38D56396-298F-4874-B4EC-16B530B07879}" = HP Scanjet G4000 series 8.0
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{43C3D832-AC96-463A-2003-1B8D1BFA2523}" = Norton SystemWorks 2003
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57764780-E33B-11D1-96ED-00A024A83A15}" = Kensington MouseWorks
"{59FCBBA8-051C-4F56-8FBF-D45AE8080863}" = Complete CD Maker
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6B5D8CB6-0156-4B50-9DAA-618FF9FC18A6}" = Pinnacle InstantCD/DVD Suite
"{6CCC133E-9A2F-4CAA-8866-75D029CD3AB3}" = Digital Voice Editor 3
"{76B2BC31-2D96-4170-9C44-09E13B5555F3}" = Symantec Endpoint Protection
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{847CAE64-4CD2-4B2D-AF00-978FF5431033}" = Nero 7 Ultra Edition
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87E91B85-9A4A-4B1E-930E-3429D146FEB3}" = ScannerCopy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7259DDF-33BC-4E37-B3C9-41AA7AD988F6}" = TPM Device Driver
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = RecordNow Audio
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = RecordNow Copy
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}" = Rescue and Recovery - Client Security Solution
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1704101-D142-42A4-83E5-F938F13DBD94}" = hpg4000QFolder
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{CF5737AF-8550-4546-A69B-0EA9EF5A9B55}" = ThinkVantage Productivity Center
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{d3c33f97-7936-4301-815f-2cf4ea5a467f}" = PS_AIO_05_C309_Software_Min
"{D44D97D9-919B-4A6D-ABE8-C84B3DD757A9}" = Hyperion Intelligence Client
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D5A4CE1B-59ED-4D85-A3B2-6E0AFF448E4B}" = Diskeeper Lite
"{D728E945-256D-4477-B377-6BBA693714AC}" = Productivity Center Supplement for ThinkCentre
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ECF27176-4815-4F75-98DC-3E5568166C97}" = Adobe Flash Player 9 Plugin
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{F705E3E1-A471-426B-9A09-73429F3418EE}" = System Migration Assistant
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus
"{FD7F3626-80DE-4E99-A11D-0BFB4350A00C}" = hpG4000
"743EFCFE43C32543E0804C954858554E49909A4A" = Windows Driver Package - Hewlett-Packard Image (12/14/2009 13.0.0.61)
"8C4A0110061C7DE8FAF26F04E56574C95D322DC2" = Windows Driver Package - Winbond Electronics Corporation Winbond Trusted Platform Module (06/30/2005 5.1.47.2011)
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica Photos Forever" = Acoustica Photos Forever
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop v4.0" = Adobe Photoshop v4.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AJB 6000 update" = AJB 6000 update
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Atomic Clock Sync" = Atomic Clock Sync
"AwayTask" = Maintenance Manager
"Canon BJC-3000 Deinstall" = Canon BJC-3000 Printer
"Canon SELPHY CP780" = Canon SELPHY CP780
"CANONBJ_Deinstall_CNMCP23.DLL" = Canon BJC-3000 (BJRSTR)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"FileZilla" = FileZilla (remove only)
"Geekbench 2.1" = Geekbench 2.1
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HP-LaserJet 1020 series" = LaserJet 1020 series
"HPOCR" = OCR Software by I.R.I.S. 12.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Installing HSP56 MicroModem Drivers" = HSP56 Modem Drivers
"InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Mouse Suite
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero PhotoShow Express" = Nero PhotoShow Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Speed Disk" = Norton Speed Disk 7.0 for Windows NT
"Norton Utilities" = Norton Utilities 2003 for Windows
"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox
"RealPlayer 12.0" = RealPlayer
"Remove Multimedia Center" = Remove Multimedia Center
"ScanModule V5.1" = ScanModule V5.1
"SELPHY Photo Print" = Canon Utilities SELPHY Photo Print
"SELPHY Print Contents 100" = Canon Utilities SELPHY Print Contents 1.0.0
"TPP200" = USB Storage Adapter V2 (TPP)
"Verizon Help and Support" = Verizon Help and Support Tool
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.1 beta4
"WinRAR archiver" = WinRAR archiver
"WM_Recorder_102" = WM Recorder + RM Recorder 10.21
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XLink/Win_is1" = XLink/Win Version 2.7b
"Zaurus Application Partner" = Zaurus Application Partner

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1694142536-3309553471-3260457264-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/10/2011 12:25:17 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/11/2011 1:27:18 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 11: description: Whitelist Failure

Error - 1/11/2011 7:11:07 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/11/2011 7:11:25 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/13/2011 7:08:22 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/13/2011 7:08:22 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/14/2011 7:07:51 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/14/2011 7:07:51 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/16/2011 7:08:57 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/16/2011 7:08:58 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

[ Application Events ]
Error - 1/10/2011 12:25:17 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/11/2011 1:27:18 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 11: description: Whitelist Failure

Error - 1/11/2011 7:11:07 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/11/2011 7:11:25 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/13/2011 7:08:22 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/13/2011 7:08:22 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/14/2011 7:07:51 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/14/2011 7:07:51 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/16/2011 7:08:57 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/16/2011 7:08:58 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

[ Application Events ]
Error - 1/10/2011 12:25:17 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/11/2011 1:27:18 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711754
Description = TruScan has generated an error: code 11: description: Whitelist Failure

Error - 1/11/2011 7:11:07 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/11/2011 7:11:25 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/13/2011 7:08:22 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/13/2011 7:08:22 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/14/2011 7:07:51 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/14/2011 7:07:51 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 1/16/2011 7:08:57 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 1/16/2011 7:08:58 PM | Computer Name = LENOVO-D031BFEE | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookies in File: Unavailable by: Scheduled
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

[ System Events ]
Error - 1/17/2011 11:09:48 AM | Computer Name = LENOVO-D031BFEE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 1/17/2011 11:09:48 AM | Computer Name = LENOVO-D031BFEE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 1/17/2011 11:09:48 AM | Computer Name = LENOVO-D031BFEE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 1/17/2011 11:09:51 AM | Computer Name = LENOVO-D031BFEE | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 1/17/2011 11:09:51 AM | Computer Name = LENOVO-D031BFEE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 1/17/2011 11:09:51 AM | Computer Name = LENOVO-D031BFEE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 1/17/2011 11:45:44 AM | Computer Name = LENOVO-D031BFEE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PCTEL Speaker Phone service
to connect.

Error - 1/17/2011 11:45:44 AM | Computer Name = LENOVO-D031BFEE | Source = Service Control Manager | ID = 7000
Description = The PCTEL Speaker Phone service failed to start due to the following
error: %%1053

Error - 1/17/2011 11:48:53 AM | Computer Name = LENOVO-D031BFEE | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 806e694f, parameter3
ad68f4b4, parameter4 00000000.

Error - 1/17/2011 6:03:55 PM | Computer Name = LENOVO-D031BFEE | Source = Print | ID = 6161
Description = The document viewtopic.php?f=11&t=55370
owned by Jim Cargill failed to print on printer Canon BJC-3000 (BJRSTR). Data type:
NT EMF 1.008. Size of the spool file in bytes: 3407872. Number of bytes printed:
889736. Total number of pages in the document: 15. Number of pages printed: 3.
Client machine: \\LENOVO-D031BFEE. Win32 error code returned by the print processor:
122 (0x7a).


< End of report >

GMER to follow (it locked up my machine last time I tried to run it, so I'll send this stuff separately...
Oceana
Active Member
 
Posts: 13
Joined: January 16th, 2011, 7:09 pm

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby deltalima » January 17th, 2011, 6:56 pm

Hi Oceana,

GMER to follow (it locked up my machine last time I tried to run it, so I'll send this stuff separately...


If you still have problems running GMER then please run this alternative scan.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

I notice that you have recently run Combofix, was this under the instruction of a trained helper?

Please post the log from Combofix.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby Oceana » January 17th, 2011, 11:08 pm

I'd run ComboFix (not realizing it'd do anything other than scan unless I told it to) several days ago as I was following along with the other thread I'd mentioned at the beginning of my topic

I couldn't find the log from that run to send you, so I had to download ComboFix again and run it. Here's the results:

ComboFix 11-01-17.03 - Jim Cargill 01/17/2011 21:36:00.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1533.602 [GMT -5:00]
Running from: c:\documents and settings\Jim Cargill\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jim Cargill\Application Data\inst.exe
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\winhelp.ini
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.

2011-01-13 21:53 . 2011-01-13 21:53 -------- d-----w- c:\program files\trend micro
2011-01-13 21:53 . 2011-01-13 21:54 -------- d-----w- C:\rsit
2011-01-13 21:41 . 2011-01-13 21:41 388096 ----a-r- c:\documents and settings\Jim Cargill\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-03 13:37 . 2003-11-04 20:10 69632 ----a-w- c:\windows\system32\lfgif13n.dll
2011-01-03 13:37 . 2004-05-14 21:53 450560 ----a-w- c:\windows\system32\ltimg13n.dll
2011-01-03 13:37 . 2004-05-14 21:53 57344 ----a-w- c:\windows\system32\lfbmp13n.dll
2011-01-03 13:37 . 2004-05-14 21:53 401408 ----a-w- c:\windows\system32\lfcmp13n.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 23:09 . 2008-08-02 15:47 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2008-07-04 14:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 14:51 . 2009-05-14 14:04 335872 ------r- c:\documents and settings\Jim Cargill\Application Data\Microsoft\Installer\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}\ARPPRODUCTICON.exe
2010-11-18 18:12 . 2004-08-09 18:52 81920 ------w- c:\windows\system32\isign32.dll
2010-11-14 20:24 . 2006-07-11 23:35 348160 ------w- c:\windows\system32\msvcr71.dll
2010-11-12 23:53 . 2010-05-27 12:27 472808 ------w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2008-08-22 23:19 73728 ------w- c:\windows\system32\javacpl.cpl
2010-11-10 14:03 . 2010-11-10 14:03 65536 ------r- c:\documents and settings\Jim Cargill\Application Data\Microsoft\Installer\{59FCBBA8-051C-4F56-8FBF-D45AE8080863}\NewShortcut3_59FCBBA8051C4F568FBFD45AE8080863.exe
2010-11-10 14:03 . 2010-11-10 14:03 45056 ------r- c:\documents and settings\Jim Cargill\Application Data\Microsoft\Installer\{59FCBBA8-051C-4F56-8FBF-D45AE8080863}\NewShortcut5_59FCBBA8051C4F568FBFD45AE8080863.exe
2010-11-10 14:03 . 2010-11-10 14:03 40960 ------r- c:\documents and settings\Jim Cargill\Application Data\Microsoft\Installer\{59FCBBA8-051C-4F56-8FBF-D45AE8080863}\NewShortcut4_59FCBBA8051C4F568FBFD45AE8080863.exe
2010-11-09 16:11 . 2010-11-09 16:11 2019 ------w- c:\windows\NewRecorder.reg
2010-11-09 16:11 . 2010-11-09 16:11 1742626 ------w- c:\windows\Recorder.reg
2010-11-09 14:52 . 1980-01-01 08:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 1980-01-01 08:00 916480 ------w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 1980-01-01 08:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 1980-01-01 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 1980-01-01 08:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 1980-01-01 08:00 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 1980-01-01 08:00 290048 ------w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 1980-01-01 08:00 1853312 ------w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-06 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"SpybotSD TeaTimer"="d:\program_files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-21 487424]
"TPP Auto Loader"="c:\windows\tppaldr.exe" [2002-06-24 118784]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-02-02 120368]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"IBM Warranty Notification"="c:\program files\IBM\acp\ERTS0749\ERTS0749.exe" [2004-03-12 106496]
"hpqSRMon"="d:\program_files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="d:\program_files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"EXSHOW95.EXE"="EXSHOW95.EXE" [2001-09-07 45056]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2006-08-21 1997568]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-04-29 115560]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-30 339968]
"QuickTime Task"="d:\program_files\qttask.exe" [2010-03-18 421888]
"PCTVOICE"="pctspk.exe" [2003-10-30 180224]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"GhostStartTrayApp"="c:\program files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2002-08-14 94208]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-09-27 196696]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-14 274608]

c:\documents and settings\Jim Cargill\Start Menu\Programs\Startup\
Norton System Doctor.LNK - c:\program files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE [2008-11-4 24614]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SELPHY Photo Print Launcher.lnk]
backup=c:\windows\pss\SELPHY Photo Print Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
backup=c:\windows\pss\VPN Client.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jim Cargill^Start Menu^Programs^Startup^Norton System Doctor.LNK]
backup=c:\windows\pss\Norton System Doctor.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\{2D250E57-9890-44a6-B08F-5C02C991EF24}\\setup\\hpznui01.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"d:\\Program_Files\\HP\\HP Software Update\\hpwucli.exe"=
"d:\\Program_Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=

R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [8/21/2006 1:04 AM 6912]
R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [8/1/2003 2:47 PM 29239]
R1 GhPciScan;GhostPciScanner;c:\program files\Norton SystemWorks\Norton Ghost\GhPciScan.sys [8/14/2002 3:11 PM 5632]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [2/20/2004 12:03 PM 187392]
R2 NProtectService;Norton Unerase Protection;c:\program files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE [11/4/2008 8:17 PM 135168]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 1:11 PM 46142]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [8/2/2005 8:47 PM 3968]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [2/3/2004 4:04 PM 62976]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/16/2011 12:10 PM 102448]
R3 KID_SYS;Kensington Input Devices Class filter driver;c:\windows\system32\drivers\kid_sys.sys [7/4/2009 5:53 PM 11616]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/31/2010 7:27 AM 135664]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys --> c:\windows\system32\DRIVERS\Amps2prt.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [4/29/2008 12:11 PM 23888]
S3 Normandy;Normandy SR2; [x]
S3 pmxscan;USB ScanModule V5.1 Driver;c:\windows\system32\drivers\usbscan.sys [4/29/2009 5:07 PM 15104]
S3 TPM12;NSC Integrated Trusted Platform Module 1.2;c:\windows\system32\drivers\nsctpm12.sys [1/1/1980 3:00 AM 13056]
S3 TPP200;USB Storage Adapter V2 (TPP);c:\windows\system32\drivers\TPP200.SYS [6/24/2002 10:20 AM 36096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-03-19 15:15 451872 ------w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 17:09]

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 17:09]

2011-01-15 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2002-08-30 02:30]

2010-12-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-12-13 21:55]

2011-01-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1694142536-3309553471-3260457264-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1694142536-3309553471-3260457264-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-01-13 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-03-08 18:45]

2011-01-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-12-13 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} - hxxps://brio.cit.cornell.edu/Brio/zeroa ... elp.en.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -

BHO-{521E1B2B-0D05-4F9A-91EE-8FCDD4A28DCF} - (no file)
BHO-{E43231E9-17C7-4336-BD4E-504D823D082D} - (no file)
SSODL-CheckDrive-{af75812e-67e8-4d09-834f-3b537bedfa28} - (no file)
Notify-NavLogon - (no file)
Notify-urqQjhFx - (no file)
SafeBoot-Symantec Antvirus
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-17 21:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1556)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(8004)
c:\windows\system32\WININET.dll
c:\program files\PC-Doctor\ATLPcdToolbar571733.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\NORTON~1\SPEEDD~1\nopdb.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\EXSHOW95.EXE
c:\windows\system32\FSRremoS.EXE
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\pctspk.exe
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2011-01-17 22:03:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-18 03:03

Pre-Run: 41,511,206,912 bytes free
Post-Run: 41,703,989,248 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 71ED3BC16225F085402C22D97B079938
Oceana
Active Member
 
Posts: 13
Joined: January 16th, 2011, 7:09 pm

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby deltalima » January 18th, 2011, 4:51 am

Hi Oceana,

Please reboot and run GMER again, if it still failes then boot into safe mode then run GMER and post the log.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby Oceana » January 18th, 2011, 11:25 pm

Sorry for the delay. I ran the newer version of GMER in safe mode. It took about 4 1/2 hours, as I had it scan both my C & D drives.
The problem is that I could find no way to get it to give me a log file. In safe mode, the GMER screen is too big to display at low res (640 x 480 and I couldn't change it) and the copy and save buttons were not visable (if they were there) and not reachable. I tried cutting and pasting the individual reports but couldn't select the text nor paste. I'll try running the newest GMER in normal mode one more time, but I suspect it'll lock up the machine again.
Oceana
Active Member
 
Posts: 13
Joined: January 16th, 2011, 7:09 pm

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby deltalima » January 19th, 2011, 5:33 am

Hi Oceana,

I'll try running the newest GMER in normal mode one more time, but I suspect it'll lock up the machine again.


I would like to see what GMER says about the file ZSHP1020.EXE as it may be a false positive.

If you have not deleted that file then

Upload a File to Virustotal

Please go to Virustotal

Click on the Browse button then navigate to ZSHP1020.EXE

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Need help with ZSHP1020.EXE virus infestation

Unread postby Oceana » January 19th, 2011, 1:27 pm

I think somewhere along the way (running ComboFix maybe?), at least some of the problem was taken care of. The machine is still fairly slow and some things that used to show up in the system tray (SpyBot, Windows messenger) aren't, but NAV has stopped being turned off and my old copy of GMER's catchme 0.2, which flagged a suspicious hidden process before I contacted you now shows 0 bad stuff. I tried to paste some screen captures of this and the windows search list on ZSHP2010 (there were 38 of them) here but couldn't get it to work, even using Snaggit. I did save both of them on my desktop if you'd like to see them and there's a way to send them to you.

Probably unrelated factoid: My machine has had an Administrator password set for at least a year, which I'm pretty sure I never set.
Oceana
Active Member
 
Posts: 13
Joined: January 16th, 2011, 7:09 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware