Inactive [InActive] Think I might have a malware issue..

I'm not sure, that's why I'm posting here. For some reason windows installer pops up and says it's trime to configure a couple of programs. One is Roxio 7 and the other is my antivirus, Symantic EndPoint. When I close the boxes, SEP is shutdown. That's abnormal! I tried to use bitdefender, but it wouldn't let me connect to my corp email, so I uninstalled it. The eset online scanner didn't work for me either. AdAware didn't pick anything up. Also, I can't log on in safe mode, my password will not work, and the system does not shutdown when selected in safe mode. I have to power it off.
I have posted the files mentioned in the "read before post" note. Thanks in advance for your assistance.


DDS (Ver_09-01-19.01) - NTFSx86
Run by KimbroughB at 23:16:53.41 on Mon 02/09/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.5.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.883 [GMT -5:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated)
FW: Symantec Endpoint Protection *enabled*

============== Running Processes ===============

C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\System32\acs.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivCard\acautoreg.exe
C:\Program Files\Common Files\ActivCard\accoca.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\HPAVAD~1\avChgSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\HPAVAdminScan\hpavAdminScanService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Remote tools\msraLinkMonitor.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
C:\Program Files\Hewlett-Packard\Asset\bin\RemoteExecutionAgent.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Symantec AntiVirus\SNAC.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\ActivCard\ActivCard Gold\agquickp.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\Program Files\Atheros\ACU\Utility\ACU.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Hewlett-Packard\GetIT\GetIT.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\KimbroughB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Program Files\Infotriever\Agent\infoclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCM3.exe
C:\Documents and Settings\KimbroughB\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://h41302.www4.hp.com/km/saw/pmBrowse.do?oid=0
uWindow Title = Microsoft Internet Explorer provided by Hewlett-Packard
mDefault_Page_URL = hxxp://athp.hp.com
uInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {289BF0FF-79FC-47F6-9121-9F68D1ED3D87} - No File
BHO: {2afb0c39-38c0-4848-8291-fc7a4b7558fb}: {bf8557b4-a7cf-1928-8484-0c8393c0bfa2}
BHO: {488f16f2-d5fa-48e9-951a-6f6607610c30}: {03c01670-66f6-a159-9e84-af5d2f61f884}
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_15\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: {d54d27ad-7f8e-41ac-9a99-b64770baaf17}: {71faab07-746b-99a9-ca14-e8f7da72d45d}
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\kimbroughb\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RegistryMechanic] c:\program files\registry mechanic\regmech.exe /H
mRun: [QuickPassword] c:\program files\activcard\activcard gold\agquickp.exe
mRun: [IDA] c:\program files\hewlett-packard\pc coe\IDA.EXE
mRun: [ACU] c:\program files\atheros\acu\utility\ACU.exe -nogui
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [eFax 4.1] "c:\program files\efax messenger 4.1\J2GDllCmd.exe" /R
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [COEMsgDisplay] c:\program files\hewlett-packard\pc coe\COEMsgDisplay.exe
mRun: [GetIT] c:\program files\hewlett-packard\getit\GetIT.exe
mRun: [PrinTray] c:\windows\system32\spool\drivers\w32x86\3\printray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe /Enterprise
mRun: [TrueImageMonitor.exe] d:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] d:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_15\bin\jusched.exe "
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe "
StartupFolder: c:\docume~1\kimbro~1\startm~1\startup\infotr~1.lnk - c:\program files\infotriever\agent\infoclient.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
mPolicies-system: DisableNT4Policy = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\hewlett-packard\ietoolbar\HP IE Fix.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_15\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: compaq.com
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: cpqcorp.net
Trusted Zone: dcu.org
Trusted Zone: dec.com
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: hp.com
Trusted Zone: hpe-learning.com
Trusted Zone: hpqcorp.net
Trusted Zone: hpshopping.com
Trusted Zone: tandem.com
Trusted Zone: tandem.com\ie.config
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: tandem.com\ie.config
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: iLO Remote Console Applet - hxxps://16.113.246.151/dvc.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00000006-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall6.cab
DPF: {00000008-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall8.cab
DPF: {00000014-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall14.cab
DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxp://download.infotriever.com/bin/ifhelper.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {7FD6D544-74C6-4386-B93A-43CCF519F5BF} - hxxp://amssblprod.austin.hp.com/callcenter_enu/20412/applets/SiebelAx_HI_Client.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://amssblprod.austin.hp.com/callcenter_enu/20412/applets/SiebelAx_Desktop_Integration.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
DPF: {E75C1223-C7BE-42E4-B36D-4C37209AE3C8} - hxxp://amssblprod.austin.hp.com/callcenter_enu/20412/applets/SiebelAx_OutBound_mail.cab
TCP: {18395455-A6B4-45BA-BE07-6A55EEEA8BFC} = 68.28.114.91 68.28.122.93
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: pbykpy.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Quick View Plus - ShellExecute Hook: {0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\vtuSmkKB

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kimbro~1\applic~1\mozilla\firefox\profiles\mr7ebetw.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\documents and settings\kimbroughb\application data\mozilla\firefox\profiles\mr7ebetw.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\program files\mozilla firefox\components\FFComm.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-30 64160]
R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2004-5-12 13619]
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2004-10-20 9493]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2007-6-28 10161]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2004-11-2 182101]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-1-21 99376]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090204.022\NAVENG.SYS [2009-2-4 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090204.022\NAVEX15.SYS [2009-2-4 876112]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2007-8-3 23424]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\drivers\ar5211.sys [2004-11-2 380160]
R4 acautoreg;ActivCard Gold Autoregister;c:\program files\common files\activcard\acautoreg.exe [2007-6-26 53248]
R4 Accoca;ActivCard Gold service;c:\program files\common files\activcard\accoca.exe [2004-5-12 143360]
R4 AvChgSvc;HP-AV Change Monitor Service;c:\progra~1\hpavad~1\avChgSvc.exe [2008-10-9 238080]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-4-21 108392]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2008-4-21 108392]
R4 HPAVAdminScanSvc;HPAVAdminScanSvc;c:\program files\hpavadminscan\HPAVAdminScanService.exe [2008-10-23 32768]
R4 msralinkmonitor;MSRA Link Monitor;c:\program files\remote tools\msraLinkMonitor.exe [2007-11-29 151552]
R4 radexecd;HP OVCM Notify Daemon;c:\program files\hewlett-packard\pc coe 3\ov cms\radexecd.exe [2007-2-20 270510]
R4 radsched;HP OVCM Scheduler Daemon;c:\program files\hewlett-packard\pc coe 3\ov cms\radsched.exe [2007-3-22 172205]
R4 Radstgms;HP OVCM MSI Redirector;c:\program files\hewlett-packard\pc coe 3\ov cms\Radstgms.exe [2008-7-3 315570]
R4 RemoteExecutionAgent;HP Asset Remote Execution Agent;c:\program files\hewlett-packard\asset\bin\RemoteExecutionAgent.exe [2005-4-14 241664]
R4 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-5-26 115952]
R4 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec antivirus\Rtvscan.exe [2008-7-8 2240944]
S1 SocketQuadSerial;Novatel Wireless CDMA 1.9GHz Modem driver;c:\windows\system32\drivers\nvtlg2k.sys [2005-4-19 46600]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\drivers\apusbsnt.sys --> c:\windows\system32\drivers\apusbsnt.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-4-21 23888]
S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;c:\windows\system32\drivers\EL556ND5.sys [2004-10-12 55999]
S3 EraserUtilDrv10615;EraserUtilDrv10615;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10615.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10615.sys [?]
S3 maestro;ESS Maestro 3 Audio Driver (WDM);c:\windows\system32\drivers\es198x.sys [2004-10-12 174464]
S3 magaService;Lan Discover Agent;c:\program files\sygate\ssa\maga\maga.exe --> c:\program files\sygate\ssa\maga\maga.exe [?]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2004-11-2 5689]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2007-10-5 42000]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-9-6 13824]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\plcmpr5.sys --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2004-4-26 17280]
S3 SmartUSB;SmartReader-USB;c:\windows\system32\drivers\SmartUSB.sys [2004-10-20 17024]
S3 WDHAALBA;WDHAALBAMiniPCI Winmodem;c:\windows\system32\drivers\WDHAALBA.sys [2004-10-12 701386]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]

=============== Created Last 30 ================

2009-01-30 14:21 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-30 10:11 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-30 10:11 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-30 10:10 <DIR> --d----- c:\program files\Lavasoft
2009-01-28 16:03 121 a------- c:\windows\bdagent.INI
2009-01-28 15:59 81,984 a------- c:\windows\system32\bdod.bin
2009-01-28 15:52 850 a------- c:\windows\system32\ProductTweaks.xml
2009-01-28 15:52 385 a------- c:\windows\system32\user_gensett.xml
2009-01-28 15:40 <DIR> --d----- c:\windows\system32\logs
2009-01-28 15:38 <DIR> --d----- c:\program files\BitDefender
2009-01-27 17:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-01-26 18:07 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-01-19 17:25 <DIR> --d----- c:\windows\Recent
2009-01-19 17:25 <DIR> --d----- c:\windows\Cookies
2009-01-15 10:23 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-15 10:23 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-15 10:23 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-15 10:23 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe

==================== Find3M ====================

2009-01-20 20:44 149,760 a------- c:\windows\system32\drivers\WpsHelper.sys

============= FINISH: 23:17:10.64 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2/1/2005 12:24:02
System Uptime: 2/9/2009 20:59:51 (3 hours ago)

Motherboard: Hewlett-Packard | | 0890
Processor: Intel(R) Pentium(R) M processor 1600MHz | U10 | 1594/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 28 GiB total, 2.141 GiB free.
D: is FIXED (FAT32) - 28 GiB total, 12.497 GiB free.
E: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acronis*True*Image*Home
ActivCard Gold
ActivCard Initialization Utility
ActivIdentity Device Installer
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Agere Systems AC'97 Modem
Apple Mobile Device Support
Apple Software Update
Atheros Client Utility Install
ATI Display Driver
Attachmate Reflection for HP with NS/VT 14.0.1
Attachmate Reflection X 14.0.1
Ceres Client 6.0 P.07.09.260
Chinese Simplified Fonts Support For Adobe Reader 8
Chinese Traditional Fonts Support For Adobe Reader 8
Compatibility Pack for the 2007 Office system
Diagnostics for Windows
DlManifest for User State Migration Tools 3.0.1
DraftPak edit 2
eFax Messenger 4.1
ESET Online Scanner
EVA Documentation Tool
FlexHEX
Football Pro '98
FoxyTunes for Firefox
Google Chrome
Google Earth
Google Updater
HASP Device Driver
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB924867)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB944043-v3)
HP Asset Configuration Services 4.6
hp deskjet 3600 series
HP Driver Diagnostics
HP Fonts
HP Itanium Fundamentals WBT
HP One Click
HP OpenView Configuration Management Agent
HP StorageWorks Library And Tape Tools
HP Virtual Rooms
Infotriever
InterVideo WinDVD
iTunes
J2SE Runtime Environment 5.0 Update 13
J2SE Runtime Environment 5.0 Update 15
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Japanese Fonts Support For Adobe Reader 8
Korean Fonts Support For Adobe Reader 8
LiveUpdate 3.3 (Symantec Corporation)
Macromedia Flash Player 8
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Data Access Components KB870669
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2003 Web Components
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Runtime
Microsoft XML Parser
Migrate My PC
Mobile Broadband Generic Drivers
Mozilla Firefox (2.0.0.20)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Mutilate File Wiper 2.94
Napster
Napster Burn Engine
Navigator
PC COE
PC COE Required Settings
Quick Launch Buttons 5.00 B3
Quick View Plus
QuickTime
RealPlayer
Registry Mechanic 8.0
Remote Access to HP Network (MSRA 4.1.5.1 DigitalBadge Client)
Remote Access to HP Network (MSRA 4.1.5.1 Installer Suite)
Rhapsody
Rhapsody Player Engine
Roxio Easy Media Creator 7
SANXpert
SCANMASTER
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
Sling Link Turbo
SlingPlayer
Sprint Mobile Broadband (Novatel Wireless) - Lite
Symantec Endpoint Protection
Time Zone Data Update Tool for Microsoft Office Outlook
Update for Windows XP (KB896727)
Update for Windows XP (KB917425)
Update for Windows XP (KB919010)
Update for Windows XP (KB922580)
Update for Windows XP (KB927891)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB942763)
User Profile Hive Cleanup Service
User State Migration Tools version 3.0.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Rubber
WebFldrs XP
Winamp
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB894476
Windows Mobile Daylight Saving Time 2007 Updates
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB894083
Windows XP Service Pack 2
WinRAR archiver
WinZip-9.0-01

==== Event Viewer Messages From Past Week ========

2/4/2009 07:45:46, error: Service Control Manager [7000] - The hpdj service failed to start due to the following error: The system cannot find the file specified.
2/4/2009 07:45:46, error: Service Control Manager [7000] - The hardlock service failed to start due to the following error: The system cannot find the file specified.
2/4/2009 07:45:46, error: Service Control Manager [7000] - The Lexmark X73 MFP Scanner service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/4/2009 07:42:51, error: NETLOGON [5719] - No Domain Controller is available for domain AMERICAS due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
2/4/2009 07:36:35, error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
2/4/2009 07:14:33, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/3/2009 08:52:40, error: Dhcp [1002] - The IP address lease 192.168.2.203 for the Network Card with network address 000F2093B1C3 has been denied by the DHCP server 10.130.173.226 (The DHCP Server sent a DHCPNACK message).
2/3/2009 07:27:30, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
2/2/2009 21:29:41, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/2/2009 21:29:41, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/2/2009 12:07:09, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD bdftdif cdudf_xp eabfiltr eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip WPS
2/2/2009 12:07:09, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2009 12:07:09, error: Service Control Manager [7001] - The hpdj service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
2/2/2009 12:07:09, error: Service Control Manager [7001] - The Fax service depends on the Print Spooler service which failed to start because of the following error: The dependency service or group failed to start.
2/2/2009 12:07:09, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2009 12:07:09, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2009 12:07:09, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2009 10:00:44, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/2/2009 09:45:52, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
2/6/2009 09:19:12, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
2/6/2009 17:49:19, error: Service Control Manager [7031] - The Google Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
2/6/2009 17:49:32, error: Service Control Manager [7034] - The OSCM Utility Service service terminated unexpectedly. It has done this 1 time(s).
2/6/2009 17:49:54, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
2/7/2009 16:43:07, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdudf_xp eabfiltr eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv SRTSP SRTSPX SYMTDI Tcpip WPS
2/9/2009 06:08:29, error: Service Control Manager [7023] - The Symantec Endpoint Protection service terminated with the following error: The environment is incorrect.

==== End Of File ===========================

 

Welcome to WindowsBBS MstrKB

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

Here is the combofix log file. Unfortunately the installer still popped up for roxio7.


ComboFix 09-02-10.03 - KimbroughB 2009-02-11 6:27:20.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1535.837 [GMT -5:00]
Running from: c:\documents and settings\KimbroughB\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
FW: Symantec Endpoint Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\setup.exe
c:\windows\system\msvbvm60.dll
c:\windows\system32\drivers\npf.sys
c:\windows\wiaserviv.log
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-01-11 to 2009-02-11 )))))))))))))))))))))))))))))))
.

2009-01-30 14:21 . 2009-01-30 10:29 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-30 10:11 . 2009-01-30 10:11 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-30 10:11 . 2009-01-18 16:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-30 10:10 . 2009-01-30 10:10 <DIR> d-------- c:\program files\Lavasoft
2009-01-30 10:10 . 2009-01-30 10:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-28 16:03 . 2009-02-02 11:22 121 --a------ c:\windows\bdagent.INI
2009-01-28 15:59 . 2009-02-04 07:27 81,984 --a------ c:\windows\system32\bdod.bin
2009-01-28 15:52 . 2009-01-28 15:52 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-01-28 15:52 . 2009-01-28 15:52 385 --a------ c:\windows\system32\user_gensett.xml
2009-01-28 15:40 . 2009-01-28 15:40 <DIR> d-------- c:\windows\system32\logs
2009-01-28 15:38 . 2009-02-04 07:41 <DIR> d-------- c:\program files\BitDefender
2009-01-27 17:52 . 2009-02-09 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-26 18:07 . 2009-02-06 19:06 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-01-20 15:10 . 2009-02-11 06:40 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-19 17:25 . 2009-01-19 17:25 <DIR> d-------- c:\windows\Recent
2009-01-19 17:25 . 2009-01-19 17:25 <DIR> d-------- c:\windows\Cookies
2009-01-15 10:23 . 2008-08-14 05:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-15 10:23 . 2008-08-14 04:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-15 10:23 . 2008-08-14 04:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-15 10:23 . 2008-08-14 04:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-11 02:58 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-10 02:03 --------- d-----w c:\program files\Symantec AntiVirus
2009-02-07 00:23 --------- d-----w c:\program files\Winamp
2009-02-07 00:23 --------- d-----w c:\program files\USMT301
2009-02-07 00:23 --------- d-----w c:\program files\Symantec
2009-02-07 00:19 --------- d-----w c:\program files\Hewlett-Packard
2009-02-07 00:13 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 00:13 --------- d-----w c:\program files\Sling Media
2009-02-07 00:13 --------- d-----w c:\program files\iTunes
2009-02-07 00:13 --------- d-----w c:\program files\HP StorageWorks Library and Tape Tools
2009-02-07 00:13 --------- d-----w c:\program files\HP Itanium Fundamentals WBT
2009-02-07 00:08 --------- d-----w c:\program files\MozyHome
2009-02-07 00:07 --------- d-----w c:\program files\Rhapsody
2009-02-07 00:07 --------- d-----w c:\program files\Remote tools
2009-02-07 00:07 --------- d-----w c:\program files\QuickTime
2009-02-07 00:07 --------- d-----w c:\program files\Quick View Plus
2009-02-07 00:07 --------- d-----w c:\program files\Napster
2009-02-07 00:07 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-07 00:07 --------- d-----w c:\program files\Java
2009-02-07 00:06 --------- d-----w c:\program files\Google
2009-02-07 00:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-07 00:06 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-02-07 00:05 --------- d-----w c:\program files\Common Files\Real
2009-02-07 00:05 --------- d-----w c:\program files\Common Files\Napster Shared
2009-02-07 00:05 --------- d-----w c:\program files\Common Files\ActivCard
2009-02-07 00:05 --------- d-----w c:\program files\Common Files\Acronis
2009-02-07 00:05 --------- d-----w c:\program files\Apple Software Update
2009-02-06 23:32 --------- d-----w c:\documents and settings\KimbroughB\Application Data\Roxio
2009-02-06 23:28 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-06 23:28 --------- d-----w c:\documents and settings\All Users\Application Data\Sling Media
2009-01-28 15:35 --------- d-----w c:\program files\Xvid
2009-01-21 01:44 149,760 ----a-w c:\windows\system32\drivers\WpsHelper.sys
2008-12-16 22:52 47,616 ----a-w c:\program files\mozilla firefox\components\FFComm.dll
2009-01-05 21:59 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-05 21:59 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-05 21:59 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-05 21:59 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-05 21:59 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update "= "c:\documents and settings\KimbroughB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"RegistryMechanic "= "c:\program files\Registry Mechanic\regmech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickPassword "= "c:\program files\ActivCard\ActivCard Gold\agquickp.exe" [2007-06-26 225280]
"IDA "= "c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2008-01-03 176128]
"ACU "= "c:\program files\Atheros\ACU\Utility\ACU.exe" [2004-05-05 278528]
"eabconfg.cpl "= "c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720]
"eFax 4.1 "= "c:\program files\eFax Messenger 4.1\J2GDllCmd.exe" [2005-12-16 107008]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-26 124656]
"COEMsgDisplay "= "c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe" [2007-04-11 26624]
"GetIT "= "c:\program files\Hewlett-Packard\GetIT\GetIT.exe" [2007-12-03 286720]
"PrinTray "= "c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-12 36864]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-02-15 39792]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"Symantec NetDriver Monitor "= "c:\progra~1\SYMNET~1\SNDMon.exe" [2008-06-23 104128]
"TrueImageMonitor.exe "= "d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-07 2595480]
"AcronisTimounterMonitor "= "d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-07 905056]
"Acronis Scheduler2 Service "= "c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-07 140568]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.5.0_15\bin\jusched.exe" [2008-02-09 75256]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-30 509784]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-04-21 115560]

c:\documents and settings\KimbroughB\Start Menu\Startup\
Infotriever.lnk - c:\program files\Infotriever\Agent\infoclient.exe [2006-08-08 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy "= 0 (0x0)
"SynchronousUserGroupPolicy "= 0 (0x0)
"DisableNT4Policy "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=pbykpy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM "= mobilev.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\program files\Microsoft ActiveSync\rapimgr.exe "= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe "= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe "= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe "=
"c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RADUISHELL.exe "=
"c:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RadTray.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\Symantec AntiVirus\\Smc.exe "=
"c:\\Program Files\\Symantec AntiVirus\\SNAC.EXE "=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP "= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-30 64160]
R2 acautoreg;ActivCard Gold Autoregister;c:\program files\Common Files\ActivCard\acautoreg.exe [2007-06-26 53248]
R2 Accoca;ActivCard Gold service;c:\program files\Common Files\ActivCard\accoca.exe [2004-05-12 143360]
R2 AvChgSvc;HP-AV Change Monitor Service;c:\progra~1\HPAVAD~1\avChgSvc.exe [2008-10-09 238080]
R2 HPAVAdminScanSvc;HPAVAdminScanSvc;c:\program files\HPAVAdminScan\HPAVAdminScanService.exe [2008-10-23 32768]
R2 msralinkmonitor;MSRA Link Monitor;c:\program files\Remote tools\msraLinkMonitor.exe [2007-11-29 151552]
R2 radexecd;HP OVCM Notify Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [2007-02-20 270510]
R2 radsched;HP OVCM Scheduler Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [2007-03-22 172205]
R2 Radstgms;HP OVCM MSI Redirector;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [2008-07-03 315570]
R2 RemoteExecutionAgent;HP Asset Remote Execution Agent;c:\program files\Hewlett-Packard\Asset\bin\RemoteExecutionAgent.exe [2005-04-14 241664]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-05-26 115952]
R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2004-05-12 13619]
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2004-10-20 9493]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-04-06 13647]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2007-06-28 10161]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2004-11-02 182101]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-21 99376]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-10-12 99200]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2007-08-03 23424]
R3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\drivers\ar5211.sys [2004-11-02 380160]
S1 SocketQuadSerial;Novatel Wireless CDMA 1.9GHz Modem driver;c:\windows\system32\drivers\nvtlg2k.sys [2005-04-19 46600]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
S3 apusbsnt;Sierra Wireless USB Modem Device Driver;c:\windows\system32\DRIVERS\apusbsnt.sys --> c:\windows\system32\DRIVERS\apusbsnt.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-04-21 23888]
S3 EL556ND5;3Com 10/100 MiniPCI Ethernet Adapter Driver;c:\windows\system32\drivers\EL556ND5.sys [2004-10-12 55999]
S3 EraserUtilDrv10615;EraserUtilDrv10615;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys [?]
S3 maestro;ESS Maestro 3 Audio Driver (WDM);c:\windows\system32\drivers\es198x.sys [2004-10-12 174464]
S3 magaService;Lan Discover Agent;c:\program files\Sygate\SSA\maga\maga.exe --> c:\program files\Sygate\SSA\maga\maga.exe [?]
S3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2004-11-02 5689]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2007-09-06 13824]
S3 PLCMPR5;PLCMPR5 NDIS Protocol Driver;\??\c:\windows\system32\PLCMPR5.SYS --> c:\windows\system32\PLCMPR5.SYS [?]
S3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [2004-04-26 17280]
S3 SmartUSB;SmartReader-USB;c:\windows\system32\drivers\SmartUSB.sys [2004-10-20 17024]
S3 WDHAALBA;WDHAALBAMiniPCI Winmodem;c:\windows\system32\drivers\WDHAALBA.sys [2004-10-12 701386]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 10:28]

2009-02-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]

2009-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-839522115-1383384898-515967899-101348.job
- c:\documents and settings\KimbroughB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:50]

2009-02-11 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2008-01-03 23:42]

2009-02-11 c:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
- c:\progra~1\HEWLET~1\PCCOE~1\Aimsi.dll [2008-01-03 23:42]

2009-02-11 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\clinvsi.dll [2008-09-07 17:06]

2009-02-11 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
- c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-23 23:27]

2009-02-11 c:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\critupsi.dll [2008-09-07 16:13]
.
- - - - ORPHANS REMOVED - - - -

BHO-{289BF0FF-79FC-47F6-9121-9F68D1ED3D87} - (no file)
BHO-{2afb0c39-38c0-4848-8291-fc7a4b7558fb} - (no file)
BHO-{488f16f2-d5fa-48e9-951a-6f6607610c30} - (no file)
BHO-{d54d27ad-7f8e-41ac-9a99-b64770baaf17} - (no file)
ShellExecuteHooks-{0cab0400-7395-11d0-a5e5-0020afe2fdd9} - qvphook.dll
SafeBoot-Symantec Antvirus


.
------- Supplementary Scan -------
.
uStart Page = hxxp://h41302.www4.hp.com/km/saw/pmBrowse.do?oid=0
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{E270AB82-96D5-45DB-ABE3-0BC038B92334} - c:\program files\Hewlett-Packard\IEToolBar\HP IE Fix.exe
Trusted Zone: compaq.com
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: cpqcorp.net
Trusted Zone: dcu.org
Trusted Zone: dec.com
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: hp.com
Trusted Zone: hpe-learning.com
Trusted Zone: hpqcorp.net
Trusted Zone: hpshopping.com
Trusted Zone: tandem.com
Trusted Zone: tandem.com\ie.config
Trusted Zone: compaq.com\ie.config.asia
Trusted Zone: compaq.com\ie.config.eur
Trusted Zone: compaq.com\ie.config.im.hou
Trusted Zone: compaq.com\ie.config.jp
Trusted Zone: dec.com\ie.config.ecom
Trusted Zone: tandem.com\ie.config
TCP: {18395455-A6B4-45BA-BE07-6A55EEEA8BFC} = 68.28.114.91 68.28.122.93
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: iLO Remote Console Applet - hxxps://16.113.246.151/dvc.CAB
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} - hxxp://download.infotriever.com/bin/ifhelper.cab
FF - ProfilePath - c:\documents and settings\KimbroughB\Application Data\Mozilla\Firefox\Profiles\mr7ebetw.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - component: c:\documents and settings\KimbroughB\Application Data\Mozilla\Firefox\Profiles\mr7ebetw.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-11 06:39:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1384)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec AntiVirus\Smc.exe
c:\windows\system32\acs.exe
c:\program files\Symantec AntiVirus\SNAC.EXE
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Novatel Wireless\Sprint\Sprint PCS Connection Manager\OSCMUtilityService.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Symantec AntiVirus\SmcGui.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-11 6:46:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-11 11:45:05

Pre-Run: 2,127,567,872 bytes free
Post-Run: 6,986,723,328 bytes free

307

 

Highlight and copy the contents of the code box below.

Code:

reg add  "HKLM\software\microsoft\windows nt\currentversion\windows" /v AppInit_DLLs /t REG_SZ /d " " /f
exit
cls

Click Start>Run and type cmd then hit enter to open a command window. Right click in the command window and select paste. The command window will close on it's own.


Log looks good otherwise, so lets get an online scan. Please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.


Do you have Roxio 7 installed? If so, is it working properly?
If it is installed, I would say it's quite alright to allow both it and the SEP installers to run to completion.

You mentioned corporate email. Is this a corporate machine? Internal or external? If the machine is in a domain, which requires server authentication for logon, safe mode access would need to be done on a local machine account since the machine will not be able to communicate with the server.

 

Thanks for your help thusfar!! Here is the log from the kaspersky scan.
With regard to
1) Roxio: Yes it is installed, and yes, it was working properly until this "installer" issue arose. If I have to, I can attempt an uninstall and then reinstall it.
2) SEP in the corporate (HP) antivirus solution and is NOT installed or updated by the "installer" method. We use an HP software that distributes and installs updates automatically. That's why I know there's something going on.

As far as being able to logon in safe mode, I have never had a problem doing it before, weather or not I was on the corporate network. In safe mode you don't need to validate on the company network if you select "w/o network connectivity" option. I have always (and should still be able to) logon in safe mode.


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, February 13, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, February 13, 2009 11:16:42
Records in database: 1792002
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\

Scan statistics:
Files scanned: 104121
Threat name: 1
Infected objects: 0
Suspicious objects: 1
Duration of the scan: 02:53:55


File name / Threat name / Threats count
C:\Documents and Settings\KimbroughB\Local Settings\Application Data\Microsoft\Outlook\Personal Folders.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1

The selected area was scanned.

Oh, I amost forgot. I noticed a strange process runinng in the task manager. It's called MsPMSPSv.exe I did some preliminary research on it, and it looks like it might be malware. Can you verify that for me, please. I found the file in the sys32 folder. We run XP SP2, in case you need to know that. Thanks

 

MsPMSPSv.exe is related to Windows Media Player.

Again, I suspect it would be quite alright to allow the Roxio and SEP installers run ...... possible they are trying to repair themselves.

Can you login in safe mode on a local computer account? If so, it would confirm the ability to boot into safe mode is possible.

Have you sought help with any of this from the corporate IT dept?

 

Your kidding right? Oh, maybe not. Well, NO. They are halfway around the world.....don't speak or understand english very well and are about as useless as........well you get the point. That's kinda why I came to get help here.

Is there something else I need to do since posting the Kaspersky scan?

 

Actually, I was quite serious about the IT dept. The reason being, oftentimes corporations have a protocol to follow in the event of infections/problems, eg; some places don't want to risk infecting the network and do a full nuke and pave. The other reason being that since the SEP is a corporate distribution, it's very possible that they've faced the same or similar issues and know exactly what to do about it.

That said, you've got some infected emails though the online scan did not identify which ones. I'd recommend trying the Kaspersky Virus Removal Tool.

• Upon running the tool, you will be prompted to run it in safe mode, which should not be necessary so just click OK.
• Select Mail Databases from the Automatic Scan tab, then click Scan.
• When the scan completes you will be given an option to Neutralize all threats or right click any threat for further options.
• After use, uninstall the tool and delete the setup file.

Did you allow the Roxio and SEP installers to run? Results if you did?

 

Thanks Dave,
I will run the Kaspersky tool. Using the Roxio CD I uninstalled and then reinstalled the program. Everything seems fine with it. For SEP I reinstalled it using our corp HP openview config mgmnt app. It seems ok also.

 

I have run the Kaspersky tool. It neither identified nor removed any threats. What should I do next? Thanks.

 

It's been about two weeks since I made a post with no reply. Anyonw know who to get your case reactivated?????

 

Very sorry to have left you hanging.

Empty out the Outlook junk and deleted items folder then run another online scan with Kaspersky. Hopefully the previous scan picked up on something that had already been deleted and it will now be clean.

Everything else still seem to be working properly?

 

Just got back into the country. I will do as directed and report back. Thanks!

 

Deleted the outlook.pst file, reran KOS and everything looks good. One last question, how do I go about removing ComboFix and the other tools you had me install in order to diag the problem?

 

Click Start>Run and type ComboFix /u then hit Enter to uninstall ComboFix and remove the files it has quarantined. This action will also reset the System Restore points, removing any infected files there as well.
Verify the C:\Qoobox and C:\ComboFix folders were removed, as well as the C:\ComboFix.txt file.

You can delete the other tools and logs outright.
You should also uninstall all old Java components via Add/Remove Programs then install the latest JRE 6 Update 13 from here

 

Will do! Thanks a million for your help!!!!!!