mwebb Posted October 14, 2008 Author ID:30860 Share Posted October 14, 2008 I gave it a day and still founf that IE is hanging up and some times I can even open the program. After I "end task" or reboot it seems to work fine for awhile. Link to post Share on other sites More sharing options...
JeanInMontana Posted October 14, 2008 ID:30880 Share Posted October 14, 2008 Update MBAM and scan again, post that log please and a new HJT. Link to post Share on other sites More sharing options...
mwebb Posted October 15, 2008 Author ID:30935 Share Posted October 15, 2008 Here they are!Malwarebytes' Anti-Malware 1.28Database version: 1271Windows 5.1.2600 Service Pack 210/14/2008 11:44:25 PMmbam-log-2008-10-14 (23-44-25).txtScan type: Quick ScanObjects scanned: 54290Time elapsed: 4 minute(s), 7 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 1Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 11:46:58 PM, on 10/14/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Symantec AntiVirus\Smc.exeC:\Program Files\Symantec AntiVirus\SNAC.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ActivCard\acautoreg.exeC:\Program Files\Common Files\ActivCard\accoca.exeC:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\HPAVAD~1\avChgSvc.exeC:\Program Files\Memeo\AutoBackup\MemeoService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Remote tools\msraLinkMonitor.exeC:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exeC:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exeC:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Symantec AntiVirus\SmcGui.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exeC:\Program Files\Hewlett-Packard\PC COE\IDA.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\AccelerometerSt.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXEC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\ActivCard\ActivCard Gold\agquickp.exeC:\Program Files\Microsoft Office Communicator\communicator.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Jabber\Messenger\JabberMessenger.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\Program Files\Hewlett-Packard\OutlookUtility\HP.OutlookUtility.TaskbarNotifier.exeC:\Program Files\Memeo\AutoBackup\MemeoBackup.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\AIM6\aolsoftware.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPNRA.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXEC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\CMMON32.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.compaq.comO15 - Trusted Zone: *.cpqcorp.netO15 - Trusted Zone: http://*.dcu.orgO15 - Trusted Zone: http://*.dec.comO15 - Trusted Zone: *.hp.comO15 - Trusted Zone: http://*.hpe-learning.comO15 - Trusted Zone: *.hpqcorp.netO15 - Trusted Zone: *.hpshopping.comO15 - Trusted Zone: http://*.tandem.comO15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cabO16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPITWeb/Customer...DataManager.CABO16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://genview.gensurvey.com/download/CfxIEAx.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189776183175O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cabO16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cabO16 - DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} (HPPKI Control) - https://digitalbadge.external.hp.com/hp/HPPKI.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://g1t0061.austin.hp.com/hp/capicom.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americas.cpqcorp.netO17 - HKLM\Software\..\Telephony: DomainName = americas.hpqcorp.netO17 - HKLM\System\CCS\Services\Tcpip\..\{C90AE409-D5EC-4EC6-9086-5DCB048560B2}: NameServer = 16.110.135.51 16.110.135.52O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = americas.cpqcorp.netO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = americas.hpqcorp.net,americas.cpqcorp.net,hpqcorp.net,cpqcorp.netO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = americas.cpqcorp.netO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = americas.hpqcorp.net,americas.cpqcorp.net,hpqcorp.net,cpqcorp.netO17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = americas.cpqcorp.netO17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = americas.hpqcorp.net,americas.cpqcorp.net,hpqcorp.net,cpqcorp.netO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = americas.hpqcorp.net,americas.cpqcorp.net,hpqcorp.net,cpqcorp.netO23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exeO23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exeO23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: HP-AV Change Monitor Service (AvChgSvc) - Unknown owner - C:\PROGRA~1\HPAVAD~1\avChgSvc.exeO23 - Service: Memeo AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exeO23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYSO23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exeO23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exeO23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exeO23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXEO23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe--End of file - 18798 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted October 15, 2008 ID:31040 Share Posted October 15, 2008 first thanks for being patient and sticking with it. I think with help from the lead researcher we know what it is. It's not malware but it's stopping MBAM from fixing the registry.O4 - HKLM\..\Run: [PDF4 Registry Controller] "c:\Program Files\ScanSoft\PDF Professional 4.0\RegistryController.exe" <===== that program associated needs to be shut down or uninstalled for us to clean all the Zlob. Once you have done that update MBAM again, its a few versions out again and do a quick scan, post that log and a new HJT log, please. Link to post Share on other sites More sharing options...
mwebb Posted October 18, 2008 Author ID:31348 Share Posted October 18, 2008 Sorry for the delay, I was traveling. I uninstalled the program you mentioned...Scansoft. Here are the two reports.Hopefully this solves it.Malwarebytes' Anti-Malware 1.29Database version: 1280Windows 5.1.2600 Service Pack 210/17/2008 6:43:30 PMmbam-log-2008-10-17 (18-43-30).txtScan type: Quick ScanObjects scanned: 56605Time elapsed: 5 minute(s), 49 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 2Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 6:47:20 PM, on 10/17/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exec:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\Program Files\Symantec AntiVirus\Smc.exeC:\Program Files\Symantec AntiVirus\SNAC.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\ActivCard\acautoreg.exeC:\Program Files\Common Files\ActivCard\accoca.exeC:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\HPAVAD~1\avChgSvc.exeC:\Program Files\Memeo\AutoBackup\MemeoService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\Remote tools\msraLinkMonitor.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exeC:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exeC:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\UPHClean\uphclean.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Symantec AntiVirus\SmcGui.exeC:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exeC:\Program Files\Hewlett-Packard\PC COE\IDA.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\WINDOWS\AGRSMMSG.exeC:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exeC:\WINDOWS\system32\AccelerometerSt.exeC:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\HP\HP Software Update\HPWuSchd2.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Program Files\Intel\Wireless\bin\ZCfgSvc.exeC:\Program Files\Intel\Wireless\Bin\ifrmewrk.exeC:\Program Files\ActivCard\ActivCard Gold\agquickp.exeC:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXEC:\Program Files\Microsoft Office Communicator\communicator.exeC:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\Jabber\Messenger\JabberMessenger.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\HP\Digital Imaging\bin\hpqimzone.exeC:\Program Files\Hewlett-Packard\OutlookUtility\HP.OutlookUtility.TaskbarNotifier.exeC:\Program Files\Memeo\AutoBackup\MemeoBackup.exeC:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files\AIM6\aolsoftware.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.compaq.comO15 - Trusted Zone: *.cpqcorp.netO15 - Trusted Zone: http://*.dcu.orgO15 - Trusted Zone: http://*.dec.comO15 - Trusted Zone: *.hp.comO15 - Trusted Zone: http://*.hpe-learning.comO15 - Trusted Zone: *.hpqcorp.netO15 - Trusted Zone: *.hpshopping.comO15 - Trusted Zone: http://*.tandem.comO15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)O16 - DPF: {00000032-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms32 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall32.cabO16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h50203.www5.hp.com/HPITWeb/Customer...DataManager.CABO16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - https://genview.gensurvey.com/download/CfxIEAx.cabO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dllO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189776183175O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cabO16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cabO16 - DPF: {74F5614A-8A8C-43B4-8CC2-4B4EFAF4A6C5} (TSCCInstall Class) - http://www.techsmith.com/codec/tsccinst.cabO16 - DPF: {857ABA85-8AB2-4C9E-8FAA-D2A963739859} (HPPKI Control) - https://digitalbadge.external.hp.com/hp/HPPKI.cabO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://g1t0061.austin.hp.com/hp/capicom.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americas.cpqcorp.netO17 - HKLM\Software\..\Telephony: DomainName = americas.hpqcorp.netO17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = americas.cpqcorp.netO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = americas.hpqcorp.net,americas.cpqcorp.net,hpqcorp.net,cpqcorp.netO17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = americas.cpqcorp.netO17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = americas.hpqcorp.net,americas.cpqcorp.net,hpqcorp.net,cpqcorp.netO17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = americas.cpqcorp.netO17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = americas.hpqcorp.net,americas.cpqcorp.net,hpqcorp.net,cpqcorp.netO17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = americas.hpqcorp.net,americas.cpqcorp.net,hpqcorp.net,cpqcorp.netO23 - Service: ActivCard Gold Autoregister (acautoreg) - ActivIdentity - C:\Program Files\Common Files\ActivCard\acautoreg.exeO23 - Service: ActivCard Gold service (Accoca) - ActivCard - C:\Program Files\Common Files\ActivCard\accoca.exeO23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: HP-AV Change Monitor Service (AvChgSvc) - Unknown owner - C:\PROGRA~1\HPAVAD~1\avChgSvc.exeO23 - Service: Memeo AutoBackup (BMUService) - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exeO23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYSO23 - Service: HP OVCM Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exeO23 - Service: HP OVCM Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exeO23 - Service: HP OVCM MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exeO23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXEO23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe--End of file - 18437 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted October 19, 2008 ID:31475 Share Posted October 19, 2008 Looking good how is it running? Link to post Share on other sites More sharing options...
mwebb Posted October 19, 2008 Author ID:31526 Share Posted October 19, 2008 Everythings running good with one exception. Infrequently, IE locks up when I click on a hyperlink or even when I try to page back.I wonder what's causing that? Link to post Share on other sites More sharing options...
JeanInMontana Posted October 20, 2008 ID:31629 Share Posted October 20, 2008 O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing) <==== might have something to do with it. Your firewall is either damaged or gone and you should repair it or install another. Update MBAM and run a scan if it comes out clean I think your OK. You might need to do some basic maintenance to speed up the system. Do a disk scan for errors and defragment. Also your Java is out dated.You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.If your MBAM scan is clean we still have some final steps so don't run off. Link to post Share on other sites More sharing options...
Recommended Posts