1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Windows Installer repeatedly popping up and disappearing? Hijack This output included

Discussion in 'Virus & Other Malware Removal' started by bigbenn77, Jul 19, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. bigbenn77

    bigbenn77 Thread Starter

    Joined:
    Jul 19, 2012
    Messages:
    4
    Hey all - I'm having a problem on this old work computer: Windows Installer is constantly popping up and disappearing! At times it's every 3-4 seconds and stealing the focus, and the popups almost immediately disappear. It seems to mostly pop up during work from within Microsoft Office and less so during work in Google Chrome but I'm not positive about that.

    The popups previously attempted to install Roxio Media Manager. They would pop up randomly and try to install for 10 seconds or so then freeze, and cancelling the installation took another 2-3 minutes. However, I've since tried a registry clean using iolo's suite of tools (no noticeable improvements) and I've tried removing all of Roxio's installation packages using the Windows Installer Repair Utility - which brings me to where I am now. It would be great if someone could help!
     
  2. bigbenn77

    bigbenn77 Thread Starter

    Joined:
    Jul 19, 2012
    Messages:
    4
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:33:34 PM, on 7/19/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe
    C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Novatel Wireless\MobiLink3\MobiLink3.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nhc.noaa.gov/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: (no name) - {16ae2e09-9640-4810-b3e5-13cac378284d} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\IPSBHO.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MobiLink 3] C:\Program Files\Novatel Wireless\MobiLink3\MobiLink3.exe
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [WaveData] rundll32.exe "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Wave Systems Corp\WaveData\Wavedata.dll",DllRegisterServer (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [ApplicationHistoryData] rundll32.exe "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ApplicationHistory\ApplicationHistoryData\ApplicationHistorydata.dll",DllRegisterServer (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [WaveData] rundll32.exe "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Wave Systems Corp\WaveData\Wavedata.dll",DllRegisterServer (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_ActiveX.exe -update activex (User 'Default user')
    O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
    O16 - DPF: {F589CCFE-5DCE-4009-844F-61433375F69B} (MOVEitUpDownWiz Class) - https://docshare.horizonbank.com/COM/MOVEitUploadWizard6.5.0.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rpfin.com
    O17 - HKLM\Software\..\Telephony: DomainName = rpfin.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2248C114-7DEE-49A7-BD11-C818BD91B569}: NameServer = 68.28.105.132 68.28.104.132
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rpfin.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rpfin.com
    O17 - HKLM\System\CS2\Services\Tcpip\..\{2248C114-7DEE-49A7-BD11-C818BD91B569}: NameServer = 68.28.105.132 68.28.104.132
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = rpfin.com
    O18 - Filter hijack: text/html - {18b70682-e609-47b9-af67-14a35078421c} - (no file)
    O20 - AppInit_DLLs: jutunaja.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1c98d499f8640e9) (gupdate1c98d499f8640e9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe
    O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 13194 bytes
     
  3. bigbenn77

    bigbenn77 Thread Starter

    Joined:
    Jul 19, 2012
    Messages:
    4
    StartupList report, 7/19/2012, 2:44:00 PM
    StartupList version: 1.52.2
    Started from : C:\Program Files\Trend Micro\HiJackThis\HiJackThis.EXE
    Detected: Windows XP SP3 (WinNT 5.01.2600)
    Detected: Internet Explorer v8.00 (8.00.6001.18702)
    * Using default options
    * Including empty and uninteresting sections
    * Showing rarely important sections
    ==================================================

    Running processes:

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe
    C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Novatel Wireless\MobiLink3\MobiLink3.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    --------------------------------------------------

    Listing of startup folders:

    Shell folders Startup:
    [C:\Documents and Settings\TMBiddle\Start Menu\Programs\Startup]
    *No files*

    Shell folders AltStartup:
    *Folder not found*

    User shell folders Startup:
    *Folder not found*

    User shell folders AltStartup:
    *Folder not found*

    Shell folders Common Startup:
    [C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
    Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
    HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

    Shell folders Common AltStartup:
    *Folder not found*

    User shell folders Common Startup:
    *Folder not found*

    User shell folders Alternate Common Startup:
    *Folder not found*

    --------------------------------------------------

    Checking Windows NT UserInit:

    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    UserInit = C:\WINDOWS\system32\userinit.exe,

    [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    *Registry value not found*

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    KernelFaultCheck = %systemroot%\system32\dumprep 0 -k
    HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    Apoint = C:\Program Files\Apoint\Apoint.exe
    Acrobat Assistant 8.0 = "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run

    ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
    swg = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
    MobiLink 3 = C:\Program Files\Novatel Wireless\MobiLink3\MobiLink3.exe
    ISUSPM = "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    Google Update = "C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

    *No values found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run

    [OptionalComponents]
    =

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    *No subkeys found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    Autorun entries in Registry subkeys of:
    HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
    *Registry key not found*

    --------------------------------------------------

    File association entry for .EXE:
    HKEY_CLASSES_ROOT\exefile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .COM:
    HKEY_CLASSES_ROOT\comfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .BAT:
    HKEY_CLASSES_ROOT\batfile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .PIF:
    HKEY_CLASSES_ROOT\piffile\shell\open\command

    (Default) = "%1" %*

    --------------------------------------------------

    File association entry for .SCR:
    HKEY_CLASSES_ROOT\scrfile\shell\open\command

    (Default) = NOTEPAD.EXE %1

    --------------------------------------------------

    File association entry for .HTA:
    HKEY_CLASSES_ROOT\htafile\shell\open\command

    (Default) = NOTEPAD.EXE %1

    --------------------------------------------------

    File association entry for .TXT:
    HKEY_CLASSES_ROOT\txtfile\shell\open\command

    (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

    --------------------------------------------------

    Enumerating Active Setup stub paths:
    HKLM\Software\Microsoft\Active Setup\Installed Components
    (* = disabled by HKCU twin)

    [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
    StubPath = C:\WINDOWS\system32\ieudinit.exe

    [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

    [>{26923b43-4d38-484f-9b9e-de460746276c}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
    StubPath = "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
    StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

    [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
    StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
    StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

    [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

    [{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

    [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

    [{7790769C-0471-11d2-AF11-00C04FA35D02}] *
    StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

    [{89820200-ECBD-11cf-8B85-00AA005B4340}] *
    StubPath = regsvr32.exe /s /n /i:U shell32.dll

    [{89820200-ECBD-11cf-8B85-00AA005B4383}] *
    StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

    [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
    StubPath = c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

    [{8AD036DA-A15A-4768-A544-C61420C3D4C5}] *
    StubPath = rundll32.exe "C:\Program Files\SNL Financial\SNLxl\InstallXLAddinRegKey.dll",DllInstallXLAddinRegKeys /i

    [{8b15971b-5355-4c82-8c07-7e181ea07608}] *
    StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

    --------------------------------------------------

    Enumerating ICQ Agent Autostart apps:
    HKCU\Software\Mirabilis\ICQ\Agent\Apps

    *Registry key not found*

    --------------------------------------------------

    Load/Run keys from C:\WINDOWS\WIN.INI:

    load=*INI section not found*
    run=*INI section not found*

    Load/Run keys from Registry:

    HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
    HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
    HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
    HKCU\..\Windows NT\CurrentVersion\Windows: load=
    HKCU\..\Windows NT\CurrentVersion\Windows: run=
    HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
    HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=jutunaja.dll

    --------------------------------------------------

    Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

    Shell=*INI section not found*
    SCRNSAVE.EXE=*INI section not found*
    drivers=*INI section not found*

    Shell & screensaver key from Registry:

    Shell=Explorer.exe
    SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
    drivers=*Registry value not found*

    Policies Shell key:

    HKCU\..\Policies: Shell=*Registry value not found*
    HKLM\..\Policies: Shell=*Registry value not found*

    --------------------------------------------------

    Checking for EXPLORER.EXE instances:

    C:\WINDOWS\Explorer.exe: PRESENT!

    C:\Explorer.exe: not present
    C:\WINDOWS\Explorer\Explorer.exe: not present
    C:\WINDOWS\System\Explorer.exe: not present
    C:\WINDOWS\System32\Explorer.exe: not present
    C:\WINDOWS\Command\Explorer.exe: not present
    C:\WINDOWS\Fonts\Explorer.exe: not present

    --------------------------------------------------

    Checking for superhidden extensions:

    .lnk: HIDDEN! (arrow overlay: yes)
    .pif: HIDDEN! (arrow overlay: yes)
    .exe: not hidden
    .com: not hidden
    .bat: not hidden
    .hta: not hidden
    .scr: not hidden
    .shs: HIDDEN!
    .shb: HIDDEN!
    .vbs: not hidden
    .vbe: not hidden
    .wsh: not hidden
    .scf: HIDDEN! (arrow overlay: NO!)
    .url: HIDDEN! (arrow overlay: yes)
    .js: not hidden
    .jse: not hidden

    --------------------------------------------------

    Verifying REGEDIT.EXE integrity:

    - Regedit.exe found in C:\WINDOWS
    - .reg open command is NOT normal! (NOTEPAD.EXE %1)
    - Company name OK: 'Microsoft Corporation'
    - Original filename OK: 'REGEDIT.EXE'
    - File description: 'Registry Editor'

    Registry check failed!

    --------------------------------------------------

    Enumerating Browser Helper Objects:

    (no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
    HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll - {0347C33E-8762-4905-BF09-768834316C61}
    (no name) - (no file) - {16ae2e09-9640-4810-b3e5-13cac378284d}
    AcroIEHelperStub - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\IPSBHO.DLL - {6D53EC84-6AAE-4787-AEEE-F4628F01010C}
    (no name) - C:\Program Files\Java\jre6\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
    (no name) - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
    (no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}
    (no name) - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    (no name) - C:\Program Files\Java\jre6\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
    JQSIEStartDetectorImpl - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll - {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
    SmartSelect - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll - {F4971EE7-DAA0-4053-9964-665D8EE6A077}
    HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

    --------------------------------------------------

    Enumerating Task Scheduler jobs:

    Google Software Updater.job
    GoogleUpdateTaskMachineCore.job
    GoogleUpdateTaskMachineUA.job
    GoogleUpdateTaskUserS-1-5-21-3087278675-2567532725-1211862618-1609Core.job
    GoogleUpdateTaskUserS-1-5-21-3087278675-2567532725-1211862618-1609UA.job

    --------------------------------------------------

    Enumerating Download Program Files:

    [Office Genuine Advantage Validation Tool]
    InProcServer32 = C:\WINDOWS\system32\OGACheckControl.dll
    CODEBASE = http://go.microsoft.com/fwlink/?linkid=58813

    [Java Plug-in 1.6.0_11]
    InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

    [Java Plug-in 1.6.0_11]
    InProcServer32 = C:\Program Files\Java\jre6\bin\jp2iexp.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

    [Java Plug-in 1.6.0_11]
    InProcServer32 = C:\Program Files\Java\jre6\bin\npjpi160_11.dll
    CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

    [MOVEitUpDownWiz Class]
    InProcServer32 = C:\WINDOWS\Downloaded Program Files\MOVEitUploadWizard6.5.0.ocx
    CODEBASE = https://docshare.horizonbank.com/COM/MOVEitUploadWizard6.5.0.ocx

    --------------------------------------------------

    Enumerating Winsock LSP files:

    NameSpace #1: C:\WINDOWS\System32\mswsock.dll
    NameSpace #2: C:\WINDOWS\System32\winrnr.dll
    NameSpace #3: C:\WINDOWS\System32\mswsock.dll
    Protocol #1: C:\WINDOWS\system32\mswsock.dll
    Protocol #2: C:\WINDOWS\system32\mswsock.dll
    Protocol #3: C:\WINDOWS\system32\mswsock.dll
    Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
    Protocol #6: C:\WINDOWS\system32\mswsock.dll
    Protocol #7: C:\WINDOWS\system32\mswsock.dll
    Protocol #8: C:\WINDOWS\system32\mswsock.dll
    Protocol #9: C:\WINDOWS\system32\mswsock.dll
    Protocol #10: C:\WINDOWS\system32\mswsock.dll
    Protocol #11: C:\WINDOWS\system32\mswsock.dll
    Protocol #12: C:\WINDOWS\system32\mswsock.dll
    Protocol #13: C:\WINDOWS\system32\mswsock.dll
    Protocol #14: C:\WINDOWS\system32\mswsock.dll
    Protocol #15: C:\WINDOWS\system32\mswsock.dll
    Protocol #16: C:\WINDOWS\system32\mswsock.dll
    Protocol #17: C:\WINDOWS\system32\mswsock.dll
    Protocol #18: C:\WINDOWS\system32\mswsock.dll
    Protocol #19: C:\WINDOWS\system32\mswsock.dll
    Protocol #20: C:\WINDOWS\system32\mswsock.dll
    Protocol #21: C:\WINDOWS\system32\mswsock.dll

    --------------------------------------------------

    Enumerating Windows NT/2000/XP services

    abp480n5: \SystemRoot\system32\DRIVERS\ABP480N5.SYS (disabled)
    Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
    adpu160m: \SystemRoot\system32\DRIVERS\adpu160m.sys (disabled)
    Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
    AEGIS Protocol (IEEE 802.1x) v3.7.4.0: system32\DRIVERS\AegisP.sys (autostart)
    AFD: \SystemRoot\System32\drivers\afd.sys (system)
    Intel AGP Bus Filter: \SystemRoot\system32\DRIVERS\agp440.sys (disabled)
    Compaq AGP Bus Filter: \SystemRoot\system32\DRIVERS\agpCPQ.sys (disabled)
    Aha154x: \SystemRoot\system32\DRIVERS\aha154x.sys (disabled)
    aic78u2: \SystemRoot\system32\DRIVERS\aic78u2.sys (disabled)
    aic78xx: \SystemRoot\system32\DRIVERS\aic78xx.sys (disabled)
    Alerter: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
    Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
    AliIde: \SystemRoot\system32\DRIVERS\aliide.sys (disabled)
    ALI AGP Bus Filter: \SystemRoot\system32\DRIVERS\alim1541.sys (disabled)
    AMD AGP Bus Filter Driver: \SystemRoot\system32\DRIVERS\amdagp.sys (disabled)
    amsint: \SystemRoot\system32\DRIVERS\amsint.sys (disabled)
    Alps Touch Pad Filter Driver for Windows 2000/XP/Vista: system32\DRIVERS\Apfiltr.sys (manual start)
    Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    1394 ARP Client Protocol: system32\DRIVERS\arp1394.sys (manual start)
    asc: \SystemRoot\system32\DRIVERS\asc.sys (disabled)
    asc3350p: \SystemRoot\system32\DRIVERS\asc3350p.sys (disabled)
    asc3550: \SystemRoot\system32\DRIVERS\asc3550.sys (disabled)
    Broadcom ASF IP and SMBIOS Mailbox Monitor: "C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service (autostart)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
    RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
    ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
    Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
    Broadcom NetXtreme Gigabit Ethernet: system32\DRIVERS\b57xp32.sys (manual start)
    BASFND: \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (autostart)
    Symantec Heuristics Driver: \SystemRoot\System32\Drivers\NAV\1008030.006\BHDrvx86.sys (system)
    Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Computer Browser: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    cbidf: \SystemRoot\system32\DRIVERS\cbidf2k.sys (disabled)
    Symantec Hash Provider: \SystemRoot\System32\Drivers\NAV\1008030.006\ccHPx86.sys (system)
    cd20xrnt: \SystemRoot\system32\DRIVERS\cd20xrnt.sys (disabled)
    CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
    Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
    .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
    Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
    CmdIde: \SystemRoot\system32\DRIVERS\cmdide.sys (disabled)
    Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
    COM+ System Application: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
    Cpqarray: \SystemRoot\system32\DRIVERS\cpqarray.sys (disabled)
    Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    dac2w2k: \SystemRoot\system32\DRIVERS\dac2w2k.sys (disabled)
    dac960nt: \SystemRoot\system32\DRIVERS\dac960nt.sys (disabled)
    DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
    DHCP Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Disk Driver: system32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
    Wired AutoConfig: %SystemRoot%\System32\svchost.exe -k dot3svc (manual start)
    dpti2o: \SystemRoot\system32\DRIVERS\dpti2o.sys (disabled)
    Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
    Intel(R) PRO Adapter Driver: system32\DRIVERS\e100b325.sys (manual start)
    Extensible Authentication Protocol Service: %SystemRoot%\System32\svchost.exe -k eapsvcs (manual start)
    Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
    EraserUtilDrv10920: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys (manual start)
    EraserUtilRebootDrv: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (manual start)
    Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start)
    Intel(R) PROSet/Wireless Event Log: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (autostart)
    Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Fax: %systemroot%\system32\fxssvc.exe (autostart)
    Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
    FLEXnet Licensing Service: "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" (manual start)
    Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
    FltMgr: system32\drivers\fltmgr.sys (system)
    Windows Presentation Foundation Font Cache 3.0.0.0: c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (manual start)
    Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
    Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
    guardian2: System32\Drivers\oz776.sys (manual start)
    Google Update Service (gupdate1c98d499f8640e9): "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (autostart)
    Google Update Service (gupdatem): "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc (manual start)
    Google Software Updater: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (autostart)
    Microsoft UAA Bus Driver for High Definition Audio: system32\DRIVERS\HDAudBus.sys (manual start)
    Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
    Health Key and Certificate Management Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    hpn: \SystemRoot\system32\DRIVERS\hpn.sys (disabled)
    hpqcxs08: %SystemRoot%\system32\svchost.exe -k hpdevmgmt (manual start)
    HP CUE DeviceDiscovery Service: %SystemRoot%\system32\svchost.exe -k hpdevmgmt (autostart)
    HP Network Devices Support: %SystemRoot%\system32\svchost.exe -k HPService (autostart)
    IEEE-1284.4 Driver HPZid412: system32\DRIVERS\HPZid412.sys (manual start)
    Print Class Driver for IEEE-1284.4 HPZipr12: system32\DRIVERS\HPZipr12.sys (manual start)
    USB to IEEE-1284.4 Translation Driver HPZius12: system32\DRIVERS\HPZius12.sys (manual start)
    HSFHWAZL: system32\DRIVERS\HSFHWAZL.sys (manual start)
    HSF_DPV: system32\DRIVERS\HSF_DPV.sys (manual start)
    HTTP: System32\Drivers\HTTP.sys (manual start)
    HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
    i2omp: \SystemRoot\system32\DRIVERS\i2omp.sys (disabled)
    i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
    ialm: system32\DRIVERS\igxpmp32.sys (manual start)
    InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" (manual start)
    Windows CardSpace: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
    IDSxpx86: \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20120718.001\IDSxpx86.sys (system)
    CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system)
    IMAPI CD-Burning COM Service: C:\WINDOWS\system32\imapi.exe (manual start)
    ini910u: \SystemRoot\system32\DRIVERS\ini910u.sys (disabled)
    IntelIde: \SystemRoot\system32\DRIVERS\intelide.sys (disabled)
    Intel Processor Driver: system32\DRIVERS\intelppm.sys (system)
    iolo System Service: "C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe" (autostart)
    IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
    IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
    IPSEC driver: system32\DRIVERS\ipsec.sys (system)
    IR Enumerator Service: system32\DRIVERS\irenum.sys (manual start)
    PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
    Java Quick Starter: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" (disabled)
    Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Workstation: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    TCP/IP NetBIOS Helper: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    MBAMSwissArmy: \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys (manual start)
    mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
    Messenger: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINDOWS\system32\mnmsrvc.exe (manual start)
    Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
    Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
    mraid35x: \SystemRoot\system32\DRIVERS\mraid35x.sys (disabled)
    WebDav Client Redirector: system32\DRIVERS\mrxdav.sys (manual start)
    MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start)
    Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft System Management BIOS Driver: system32\DRIVERS\mssmbios.sys (manual start)
    Network Access Protection Agent: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    NAVENG: \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120718.034\NAVENG.SYS (manual start)
    NAVEX15: \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20120718.034\NAVEX15.SYS (manual start)
    Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
    Net Driver HPZ12: %SystemRoot%\System32\svchost.exe -k HPZ12 (autostart)
    NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
    Net Logon: %SystemRoot%\system32\lsass.exe (autostart)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Net.Tcp Port Sharing Service: "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" (disabled)
    Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit: system32\DRIVERS\NETw4x32.sys (manual start)
    1394 Net Driver: system32\DRIVERS\nic1394.sys (manual start)
    Network Location Awareness (NLA): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Norton AntiVirus: "C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe" /s "Norton AntiVirus" /m "C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\diMaster.dll" /prefetch:1 (autostart)
    NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    nv: system32\DRIVERS\nv4_mini.sys (manual start)
    NovaCore SDK Service: "C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe" (autostart)
    NWADI Bus Enumerator: system32\DRIVERS\NWADIenum.sys (manual start)
    IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
    Novatel Wireless USB Modem Driver: system32\DRIVERS\nwusbmdm.sys (manual start)
    Novatel Wireless USB Status Port Driver: system32\DRIVERS\nwusbser.sys (manual start)
    Novatel Wireless USB Status2 Port Driver: system32\DRIVERS\nwusbser2.sys (manual start)
    Microsoft Office Diagnostics Service: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" (manual start)
    OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
    Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
    Parallel port driver: system32\DRIVERS\parport.sys (manual start)
    PCASp50 NDIS Protocol Driver: System32\Drivers\PCASp50.sys (manual start)
    PCI Bus Driver: system32\DRIVERS\pci.sys (system)
    PCIIde: system32\DRIVERS\pciide.sys (system)
    Pcmcia: system32\DRIVERS\pcmcia.sys (system)
    PCTINDIS5 NDIS Protocol Driver: \??\C:\WINDOWS\system32\PCTINDIS5.SYS (manual start)
    perc2: \SystemRoot\system32\DRIVERS\perc2.sys (disabled)
    perc2hib: \SystemRoot\system32\DRIVERS\perc2hib.sys (disabled)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    Pml Driver HPZ12: %SystemRoot%\System32\svchost.exe -k HPZ12 (autostart)
    IPSEC Services: %SystemRoot%\system32\lsass.exe (autostart)
    WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
    Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
    QoS Packet Scheduler: system32\DRIVERS\psched.sys (manual start)
    Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
    PxHelp20: System32\Drivers\PxHelp20.sys (system)
    ql1080: \SystemRoot\system32\DRIVERS\ql1080.sys (disabled)
    Ql10wnt: \SystemRoot\system32\DRIVERS\ql10wnt.sys (disabled)
    ql12160: \SystemRoot\system32\DRIVERS\ql12160.sys (disabled)
    ql1240: \SystemRoot\system32\DRIVERS\ql1240.sys (disabled)
    ql1280: \SystemRoot\system32\DRIVERS\ql1280.sys (disabled)
    Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
    Remote Access PPPOE Driver: system32\DRIVERS\raspppoe.sys (manual start)
    Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
    Rdbss: system32\DRIVERS\rdbss.sys (system)
    RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
    Terminal Server Device Redirector Driver: system32\DRIVERS\rdpdr.sys (manual start)
    Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
    Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
    Intel(R) PROSet/Wireless Registry Service: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (autostart)
    Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Remote Registry: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
    BlackBerry Smartphone: System32\Drivers\RimUsb.sys (manual start)
    RIM Virtual Serial Port v2: system32\DRIVERS\RimSerial.sys (manual start)
    Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start)
    Intel(R) PROSet/Wireless Service: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (autostart)
    WLAN Transport: system32\DRIVERS\s24trans.sys (autostart)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (autostart)
    Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Secdrv: system32\DRIVERS\secdrv.sys (manual start)
    Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
    Serial port driver: system32\DRIVERS\serial.sys (system)
    Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
    Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    SIS AGP Bus Filter: \SystemRoot\system32\DRIVERS\sisagp.sys (disabled)
    Sparrow: \SystemRoot\system32\DRIVERS\sparrow.sys (disabled)
    Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    System Restore Filter Driver: system32\DRIVERS\sr.sys (system)
    System Restore Service: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Symantec Real Time Storage Protection: \SystemRoot\System32\Drivers\NAV\1008030.006\SRTSP.SYS (system)
    Symantec Real Time Storage Protection (PEL): \SystemRoot\system32\drivers\NAV\1008030.006\SRTSPX.SYS (system)
    Srv: system32\DRIVERS\srv.sys (manual start)
    SSDP Discovery Service: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    SigmaTel Audio Service: C:\WINDOWS\system32\StacSV.exe (autostart)
    SigmaTel High Definition Audio CODEC: system32\drivers\sthda.sys (manual start)
    Still Serial Digital Camera Driver: system32\DRIVERS\serscan.sys (manual start)
    Windows Image Acquisition (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
    Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    swmsflt: \SystemRoot\System32\drivers\swmsflt.sys (manual start)
    Sierra Wireless MUX NDIS Driver (UMTS80): system32\DRIVERS\swnc8u80.sys (manual start)
    MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{2F130D52-0BDB-47EB-AF81-1E09BA7E21E7} (manual start)
    Sierra Wireless USB MUX Driver (UMTS80): system32\DRIVERS\swumx80.sys (manual start)
    symc810: \SystemRoot\system32\DRIVERS\symc810.sys (disabled)
    symc8xx: \SystemRoot\system32\DRIVERS\symc8xx.sys (disabled)
    SYMDNS: \??\C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMDNS.SYS (manual start)
    Symantec Extended File Attributes: system32\drivers\NAV\1008030.006\SYMEFA.SYS (system)
    SymEvent: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (manual start)
    Symantec Network Filter Driver: \SystemRoot\System32\Drivers\NAV\1008030.006\SYMFW.SYS (manual start)
    Symantec Network Filter Driver: \SystemRoot\System32\Drivers\NAV\1008030.006\SYMIDS.SYS (manual start)
    Symantec Network Security Intermediate Filter Service: system32\DRIVERS\SymIM.sys (manual start)
    SymIMMP: system32\DRIVERS\SymIM.sys (manual start)
    Symantec Network Filter Driver: \SystemRoot\System32\Drivers\NAV\1008030.006\SYMNDIS.SYS (manual start)
    SYMREDRV: \??\C:\WINDOWS\system32\drivers\NAV\1002000.007\SYMREDRV.SYS (manual start)
    Symantec Network Dispatch Driver: \SystemRoot\System32\Drivers\NAV\1008030.006\SYMTDI.SYS (system)
    sym_hi: \SystemRoot\system32\DRIVERS\sym_hi.sys (disabled)
    sym_u3: \SystemRoot\system32\DRIVERS\sym_u3.sys (disabled)
    Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
    Terminal Device Driver: system32\DRIVERS\termdd.sys (system)
    Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
    Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Telnet: C:\WINDOWS\system32\tlntsvr.exe (disabled)
    TosIde: \SystemRoot\system32\DRIVERS\toside.sys (disabled)
    Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    ultra: \SystemRoot\system32\DRIVERS\ultra.sys (disabled)
    Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
    Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
    Universal Plug and Play Device Host: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
    Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
    Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
    Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
    USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
    USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
    Microsoft USB Universal Host Controller Miniport Driver: system32\DRIVERS\usbuhci.sys (manual start)
    VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
    VIA AGP Bus Filter: \SystemRoot\system32\DRIVERS\viaagp.sys (disabled)
    ViaIde: \SystemRoot\system32\DRIVERS\viaide.sys (disabled)
    Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
    Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
    Wave System Power Monitor Device Driver: system32\DRIVERS\WaveFDE.sys (manual start)
    WD SCSI Pass Thru driver: system32\DRIVERS\wdcsam.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
    winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
    Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Intel(R) PROSet/Wireless SSO Service: C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (autostart)
    Windows Live ID Sign-in Assistant: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Windows Management Instrumentation Driver Extensions: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Microsoft Windows Management Interface for ACPI: system32\DRIVERS\wmiacpi.sys (system)
    WMI Performance Adapter: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start)
    Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
    Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Windows Search: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
    Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
    Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    zdwgexdj: system32\drivers\qgqpfc.sys (autostart)


    --------------------------------------------------

    Enumerating Windows NT logon/logoff scripts:
    *No scripts set to run*

    Windows NT checkdisk command:
    BootExecute = autocheck autochk *

    Windows NT 'Wininit.ini':
    PendingFileRenameOperations: C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Update\1.3.21.111||C:\DOCUME~1\TMBiddle\LOCALS~1\Temp\GoogleUpdateSetup.exe11684c|||e

    --------------------------------------------------

    Enumerating ShellServiceObjectDelayLoad items:

    PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
    CDBurn: C:\WINDOWS\system32\SHELL32.dll
    WebCheck: C:\WINDOWS\system32\webcheck.dll
    SysTray: C:\WINDOWS\system32\stobject.dll

    --------------------------------------------------
    Autorun entries from Registry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    --------------------------------------------------

    Autorun entries from Registry:
    HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

    *Registry key not found*

    --------------------------------------------------

    End of report, 46,657 bytes
    Report generated in 0.344 seconds

    Command line options:
    /verbose - to add additional info on each section
    /complete - to include empty sections and unsuspicious data
    /full - to include several rarely-important sections
    /force9x - to include Win9x-only startups even if running on WinNT
    /forcent - to include WinNT-only startups even if running on Win9x
    /forceall - to include all Win9x and WinNT startups, regardless of platform
    /history - to list version history only
     
  4. Phantom010

    Phantom010 Trusted Advisor

    Joined:
    Mar 9, 2009
    Messages:
    34,761
    There are signs of infection in your logs.

    Please click on Report and kindly ask to be moved to the Virus & Other Malware Removal forum. Be sure to provide the appropriate reports in that forum after reading THIS. From there, be patient. The malware removal experts are very busy! You should get an answer within the next 48 hours.
     
  5. bigbenn77

    bigbenn77 Thread Starter

    Joined:
    Jul 19, 2012
    Messages:
    4
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by TMBiddle at 15:27:18 on 2012-07-19
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1139 [GMT -4:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe
    C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\StacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Apoint\HidFind.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Novatel Wireless\MobiLink3\MobiLink3.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TMBiddle\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.nhc.noaa.gov/
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    {16ae2e09-9640-4810-b3e5-13cac378284d}
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\16.8.3.6\IPSBHO.DLL
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [MobiLink 3] c:\program files\novatel wireless\mobilink3\MobiLink3.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [Google Update] "c:\documents and settings\tmbiddle\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10t_ActiveX.exe -update activex
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    uPolicies-system: EnableProfileQuota = 1 (0x1)
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    DPF: {F589CCFE-5DCE-4009-844F-61433375F69B} - hxxps://docshare.horizonbank.com/COM/MOVEitUploadWizard6.5.0.ocx
    TCP: Interfaces\{2248C114-7DEE-49A7-BD11-C818BD91B569} : NameServer = 68.28.105.132 68.28.104.132
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: jutunaja.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {8AD036DA-A15A-4768-A544-C61420C3D4C5} - rundll32.exe "c:\program files\snl financial\snlxl\InstallXLAddinRegKey.dll",DllInstallXLAddinRegKeys /i
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008030.006\SymEFA.sys [2011-10-12 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008030.006\BHDrvx86.sys [2011-10-12 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008030.006\cchpx86.sys [2011-10-12 467592]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20120718.001\IDSXpx86.sys [2012-7-19 369632]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2012-1-12 722616]
    R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.3.6\ccSvcHst.exe [2011-10-12 117648]
    R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2010-4-23 91472]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-7-18 106656]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120718.034\NAVENG.SYS [2012-7-19 87928]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20120718.034\NAVEX15.SYS [2012-7-19 1589752]
    R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2009-11-10 174720]
    S2 gupdate1c98d499f8640e9;Google Update Service (gupdate1c98d499f8640e9);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
    S2 zdwgexdj;zdwgexdj;c:\windows\system32\drivers\qgqpfc.sys --> c:\windows\system32\drivers\qgqpfc.sys [?]
    S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10920.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10920.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [2008-8-20 168192]
    S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [2008-8-20 142976]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    .
    =============== File Associations ===============
    .
    JSEFile=NOTEPAD.EXE %1
    regfile=NOTEPAD.EXE %1
    scrfile=NOTEPAD.EXE %1
    VBEFile=NOTEPAD.EXE %1
    VBSFile=NOTEPAD.EXE %1
    .
    =============== Created Last 30 ================
    .
    2012-07-19 19:26:39 -------- d--h--w- c:\windows\PIF
    2012-07-19 18:17:49 388096 ----a-r- c:\documents and settings\tmbiddle\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-07-19 18:17:47 -------- d-----w- c:\program files\Trend Micro
    2012-07-16 19:39:00 -------- d-----w- c:\documents and settings\tmbiddle\application data\ElevatedDiagnostics
    2012-07-16 19:20:27 -------- d-----w- C:\MATS
    2012-07-02 20:08:37 521728 ------w- c:\windows\system32\dllcache\jsdbgui.dll
    .
    ==================== Find3M ====================
    .
    2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
    2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
    2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
    2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
    2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
    2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
    2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
    2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
    2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
    2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
    2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 15:34:57.01 ===============
     

    Attached Files:

  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1061755

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice