Okay thought it worked but didn't.. I realised I hadn't done my windows update, so I did and when the system restarted I noticed the check_LSA7 file was back on my C drive.. So have done the Combofix again.. Here is log:
ComboFix 07-09-21.2 - "HP_Administrator" 2007-09-30 17:21:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.74 [GMT 10:00]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\WINDOWS\system32\geebc.dll
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-30 )))))))))))))))))))))))))))))))
.
2007-09-30 16:44 6,448 --ahs---- C:\WINDOWS\system32\cbeeg.bak1
2007-09-30 16:22 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-30 16:10 <DIR> d-------- C:\HJT
2007-09-30 15:37 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-09-30 11:29 84,032 --a------ C:\WINDOWS\system32\msonxspk.dll
2007-09-30 11:25 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\AdobeUM
2007-09-30 08:07 244 --a------ C:\WINDOWS\system\hpsysdrv.dat
2007-09-30 07:59 <DIR> dr------- C:\DOCUME~1\ALLUSE~1\Documents
2007-09-30 03:12 23,040 --------- C:\WINDOWS\kb913800.exe
2007-09-30 01:25 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-09-30 01:25 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-09-30 01:25 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-09-30 00:09 <DIR> d-------- C:\Games
2007-09-29 23:44 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-29 23:41 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-29 23:41 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-29 23:35 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-09-29 22:52 <DIR> d-------- C:\Program Files\Stardock
2007-09-29 22:39 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\Contacts
2007-09-29 22:37 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-29 22:36 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-29 22:22 <DIR> d-------- C:\Program Files\CursorXP
2007-09-29 21:52 187,392 --a------ C:\WINDOWS\system32\JPGUtils.dll
2007-09-29 21:45 163,712 --a------ C:\WINDOWS\system32\drivers\vidstub.sys
2007-09-29 21:35 <DIR> d-------- C:\Program Files\Common Files\Stardock
2007-09-29 21:07 35,328 --a------ C:\WINDOWS\system32\nnnkjig.dll
2007-09-29 20:37 <DIR> d-------- C:\Program Files\BitTorrent_DNA
2007-09-29 20:37 <DIR> d-------- C:\Program Files\BitTorrent
2007-09-29 20:37 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitTorrent DNA
2007-09-29 20:37 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\BitTorrent
2007-09-29 20:00 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-09-29 19:58 42,672 --a------ C:\WINDOWS\system32\wbsys.dll
2007-09-29 19:55 <DIR> d-------- C:\Emus & Roms
2007-09-29 19:41 <DIR> d-------- C:\Windows Design
2007-09-29 19:40 <DIR> d-------- C:\Program Files\SysShield Tools
2007-09-29 19:39 <DIR> d-------- C:\Program Files\DVD Shrink
2007-09-29 19:39 <DIR> d-------- C:\Program Files\DVD Decrypter
2007-09-29 19:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-09-29 19:38 <DIR> d-------- C:\WINDOWS\system32\quicktime
2007-09-29 19:38 <DIR> d-------- C:\Program Files\NimoCodec Pack
2007-09-29 19:26 <DIR> d-------- C:\Program Files\Shareaza
2007-09-29 19:26 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Shareaza
2007-09-29 17:51 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-09-29 17:50 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-29 17:50 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-29 17:49 <DIR> d-------- C:\Program Files\Symantec
2007-09-29 17:48 2,180,352 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-09-29 17:48 2,136,064 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2007-09-29 17:48 2,057,600 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-09-29 17:48 2,015,744 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2007-09-29 17:47 453,120 --------- C:\WINDOWS\system32\dllcache\mrxsmb.sys
2007-09-29 17:32 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2007-09-29 17:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
2007-09-29 17:24 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2007-09-29 17:23 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2007-09-29 17:22 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-09-29 17:21 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-09-29 17:20 <DIR> dr-h----- C:\MSOCache
2007-09-29 17:06 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-09-29 17:06 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-09-29 17:05 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-09-29 17:05 <DIR> d-------- C:\Program Files\Replay Converter
2007-09-29 17:03 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\GetRightToGo
2007-09-29 16:38 1,165 --a------ C:\WINDOWS\mozver.dat
2007-09-29 16:31 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Creative
2007-09-29 16:24 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-09-29 16:23 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2007-09-29 16:23 <DIR> d-------- C:\Program Files\Audible
2007-09-29 16:22 44,032 --a------ C:\WINDOWS\system32\CTSVCCDA.EXE
2007-09-29 16:22 25,088 --a------ C:\WINDOWS\system32\CTSVCCTL.EXE
2007-09-29 16:22 <DIR> d--h----- C:\Program Files\Creative Installation Information
2007-09-29 16:22 <DIR> d-------- C:\Program Files\Common Files\Creative
2007-09-29 16:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-09-29 16:20 <DIR> d-------- C:\Program Files\Creative
2007-09-29 15:50 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\dwhelper
2007-09-29 15:50 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Google
2007-09-29 15:46 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Logitech
2007-09-29 15:33 13,440 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.SYS
2007-09-29 15:32 68,864 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-09-29 15:32 55,040 --a------ C:\WINDOWS\system32\drivers\L8042MOU.SYS
2007-09-29 15:32 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-09-29 15:32 26,112 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-09-29 15:32 <DIR> d-------- C:\Program Files\Common Files\Logitech
2007-09-29 15:27 <DIR> d-------- C:\Program Files\Logitech
2007-09-29 15:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-09-29 15:23 0 --a------ C:\WINDOWS\nsreg.dat
2007-09-29 15:21 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-09-29 15:16 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\WINDOWS
2007-09-29 15:16 <DIR> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Real
2007-09-29 15:14 <DIR> d-------- C:\WINDOWS\system32\config\SYSTEM~1\WINDOWS
2007-09-29 15:13 <DIR> d-------- C:\DOCUME~1\DEFAUL~1\WINDOWS
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-30 17:21 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-30 16:11 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-30 00:44 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-30 00:28 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-29 19:38 --------- d-------- C:\Program Files\DivX
2007-09-29 19:26 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-09-29 19:26 10676 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-29 16:27 --------- d-------- C:\Program Files\Google
2007-09-29 16:14 --------- d-------- C:\Program Files\Oberon Media
2007-09-29 15:59 --------- d-------- C:\Program Files\GemMaster
2007-09-29 15:18 1914 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_RC621AA-ABG s7545a_YC_0Pavi_QCNH646_E64APemMPA1_48_IMAGNETITE_SASUSTeK Computer INC._V1.02_B3.01_T060712_WXP2_L409_M447_J160_7Intel_8T2050_91.6_#070106_N10EC813
_Z14F12F20_G10025A62.MRK
2007-09-18 14:44 1430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 14:44 1421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 14:44 1415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 14:44 10662 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 14:44 10658 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-06-13 20:23 1033216 --a------ C:\WINDOWS\explorer.exe
2006-02-19 10:28 12288 --a------ C:\WINDOWS\Fonts\RandFont.dll
2007-03-09 09:12:32 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 20:56]
"ftutil2"="ftutil2.dll" [2004-06-07 14:05 C:\WINDOWS\system32\ftutil2.dll]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 14:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 13:05 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 23:19 C:\WINDOWS\arpwrmsg.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 09:05]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14]
"PCDrProfiler"="" []
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 22:34]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 06:11]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-07 01:31]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-07 01:14]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 23:25 C:\WINDOWS\KHALMNPR.Exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 15:59]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 17:11]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"BootSkin Startup Jobs"="C:\Windows Design\BootSkin\BootSkin.exe" [2004-04-26 16:21]
"LogonStudio"="C:\Windows Design\LogonStudio\logonstudio.exe" [2002-09-03 18:38]
"SearchIndexer"="C:\WINDOWS\system32\msonxspk.dll" [2007-09-30 11:29]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 14:32]
"BitTorrent DNA"="C:\Program Files\BitTorrent_DNA\dna.exe" [2007-09-29 20:37]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 15:34]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-09-29 17:32:26]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-29 15:32:18]
Updates From HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [2006-08-29 01:28:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{8CEFE835-8EBF-420F-AFA2-807008E32917}"= C:\WINDOWS\system32\nnnkjig.dll [2007-09-29 21:07 35328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkjig]
nnnkjig.dll 2007-09-29 21:07 35328 C:\WINDOWS\system32\nnnkjig.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\WINDOW~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\WINDOW~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-09-29 09:17:00 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - HP_Administrator.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-30 17:30:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-30 17:36:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-30 17:36
.
--- E O F ---
Here is Combofix Quarrantine log:
2007-07-08 21:23 15399 --a------ C:\Qoobox\Quarantine\C\ComboFix\FProps.vbs.vir
2007-09-30 16:44 320608 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\geebc.dll.vir
2007-09-30 17:26 276 --a------ C:\Qoobox\Quarantine\catchme.log
2007-09-30 17:26 286611 --a------ C:\Qoobox\Quarantine\catchme2007-09-30_172959.67.zip
2007-09-30 17:28 3626 --a------ C:\Qoobox\Quarantine\C\check_LSA7.txt.vir
Folder PATH listing for volume HP_PAVILION
Volume serial number is 4035-0D0F
C:\QOOBOX\QUARANTINE
| catchme.log
| catchme2007-09-30_172959.67.zip
|
+---C
| | check_LSA7.txt.vir
| |
| +---ComboFix
| | FProps.vbs.vir
| |
| \---WINDOWS
| \---system32
| geebc.dll.vir
|
\---Registry_backups
Here is new HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 5:41:05 PM, on 30/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\BitTorrent_DNA\dna.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Windows Design\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LogonStudio] "C:\Windows Design\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\msonxspk.dll",sitypnow
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\BitTorrent_DNA\dna.exe"
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: nnnkjig - C:\WINDOWS\SYSTEM32\nnnkjig.dll
O20 - Winlogon Notify: WBSrv - C:\WINDOW~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
I haven't deleted anything, left qoobox folder etc alone.. Waiting for replies instead of a noob trying to fix it..
Madcrow
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
