Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicking links takes me to different random websites


  • This topic is locked This topic is locked
36 replies to this topic

#1 flyinghigh200178

flyinghigh200178

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 26 April 2009 - 11:04 AM

Hi all,

Many times clicking links or an attempt to go to a certain website redirects me to advertisements and spam, rather than the intended link i want to view. I have tried spyware removal tools (malwarebytes, spybot, windows defender), and they found trojans, i removed them, but i'm still having the problem. I just can't go to many URLs.

Here's a hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:55:22 AM, on 4/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cvsnt\cvsservice.exe
C:\Program Files\cvsnt\cvslock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\jbhatia\Application Data\pidle\pidle.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.sr...egXPWizCredOnly
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\Program Files\Virtual Account Numbers\BhoCitUS.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\jbhatia\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\nh0vcb.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\nh0vcb.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\nh0vcb.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SQL Prompt.lnk = C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://bba.bloomberg.net/default/Clients_c...ca32/icaweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237854743258
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237854735051
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://ssl01.dcinv.com/NELX.cab
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://ssl01.dcinv.com/MLWebCacheCleaner.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dcinv.com
O17 - HKLM\Software\..\Telephony: DomainName = dcinv.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dcinv.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\windows\system32\mapilika.dll c:\windows\system32\lupeyute.dll C:\WINDOWS\system32\wuyujedi.dll ,
O23 - Service: McAfee Application Installer Cleanup (0072091239938120) (0072091239938120mcinstcleanup) - Unknown owner - C:\DOCUME~1\jbhatia\LOCALS~1\Temp\007209~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CVSNT (CVS) - GNU - C:\Program Files\cvsnt\cvsservice.exe
O23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Program Files\cvsnt\cvslock.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 16734 bytes

BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 28 April 2009 - 03:20 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
If you see "random" name, just leave it.. If you see "GMER", please rename GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 03 May 2009 - 05:47 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 61,422 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:34 PM

Posted 05 May 2009 - 04:04 PM

Hello fenzodahl512, I am reopening this at OP's request via PM.
How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook Have you seen..Select Real Security

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 05 May 2009 - 06:21 PM

Thank you boopme :thumbup2:

flyinghigh200178, please do all above steps and post the logs here..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 flyinghigh200178

flyinghigh200178
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 05 May 2009 - 06:26 PM

The log for Anti-Malware Bytes is:


Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/5/2009 4:25:11 PM
mbam-log-2009-05-05 (16-25-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 310720
Time elapsed: 1 hour(s), 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\p2hhr.bat (Malware.Trace) -> Quarantined and deleted successfully.


#7 flyinghigh200178

flyinghigh200178
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 05 May 2009 - 06:29 PM

RSIT_LOG is as follows:



Logfile of random's system information tool 1.06 (written by random/random)
Run by jbhatia at 2009-05-05 14:24:03
Microsoft Windows XP Professional Service Pack 3
System drive C: has 49 GB (55%) free of 90 GB
Total RAM: 3054 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:24:09, on 5/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cvsnt\cvsservice.exe
C:\Program Files\cvsnt\cvslock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\ejgzrq286.exe
C:\WINDOWS\TEMP\ejgzrq286.exe
C:\WINDOWS\TEMP\2981219020.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\users\jatin\bleepingcomputer\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\jbhatia.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.sr...egXPWizCredOnly
O2 - BHO: C:\WINDOWS\system32\afnoinkdsfe.dll - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\ejgzrq286.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\ejgzrq286.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\2981219020.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SQL Prompt.lnk = C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://bba.bloomberg.net/default/Clients_c...ca32/icaweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237854743258
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237854735051
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dcinv.com
O17 - HKLM\Software\..\Telephony: DomainName = dcinv.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dcinv.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dcinv.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: c:\windows\system32\mapilika.dll c:\windows\system32\lupeyute.dll C:\WINDOWS\system32\wuyujedi.dll ,
O22 - SharedTaskScheduler: sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll
O23 - Service: McAfee Application Installer Cleanup (0072091239938120) (0072091239938120mcinstcleanup) - Unknown owner - C:\DOCUME~1\jbhatia\LOCALS~1\Temp\007209~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CVSNT (CVS) - GNU - C:\Program Files\cvsnt\cvsservice.exe
O23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Program Files\cvsnt\cvslock.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PFU - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jbhatia\LOCALS~1\Temp\PFU.exe
O23 - Service: Plpbiownsda - Sysinternals - www.sysinternals.com - (no file)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14302 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton Security Scan for jbhatia.job
C:\WINDOWS\tasks\PMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C2BA40A1-74F3-42BD-F434-12345A2C8953}]
C:\WINDOWS\system32\afnoinkdsfe.dll - C:\WINDOWS\system32\afnoinkdsfe.dll [2009-05-05 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-04-09 1015808]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007-08-10 110592]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-08-10 512000]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2007-03-09 66176]
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-23 136600]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"Adobe_ID0EYTHM"=C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2007-03-20 1884160]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-05-29 52840]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2007-10-07 125368]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-13 143360]
"AirPort Base Station Agent"=C:\Program Files\AirPort\APAgent.exe [2008-05-20 737280]
"SonicWALLNetExtender"=C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe [2008-07-09 562608]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-11-16 81920]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-11-16 8495104]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-03-29 321344]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-12 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPMfbb58cbb]
c:\windows\system32\lupeyute.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f886bf27]
C:\WINDOWS\system32\hidujuku.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet /keeploaded /nodetect []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\prnet]
C:\WINDOWS\system32\prnet.tmp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRMGRTR]
rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zakewukazo]
C:\WINDOWS\system32\juwufajo.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
SQL Prompt.lnk - C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe

C:\Documents and Settings\jbhatia\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\mapilika.dll c:\windows\system32\lupeyute.dll C:\WINDOWS\system32\wuyujedi.dll , "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2007-10-07 43448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-06 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2006-12-14 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
sdfsefsfdvdubgiungfuyd - {C2BA40A1-74F3-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\afnoinkdsfe.dll [2009-05-05 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\wuyujedi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jdk1.5.0_14\bin\java.exe"="C:\Program Files\Java\jdk1.5.0_14\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\Program Files\JetBrains\IntelliJ IDEA 7.0.2\bin\idea.exe"="C:\Program Files\JetBrains\IntelliJ IDEA 7.0.2\bin\idea.exe:*:Enabled:idea"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\AirPort\APAgent.exe"="C:\Program Files\AirPort\APAgent.exe:*:Enabled:APAgent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\setup\HPZNET01.EXE"="D:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"D:\setup\HPONICIFS01.EXE"="D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\Temp\nh0vcb.exe"="C:\WINDOWS\Temp\nh0vcb.exe:*:Enabled:nh0vcb"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07d378f7-1900-11de-b167-001e371e64e2}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-3-5-99-100014247-100022628-100004664-6936.com e:\
shell\Open\command - RECYCLER\S-3-5-99-100014247-100022628-100004664-6936.com e:\


======List of files/folders created in the last 3 months======

2009-05-05 14:23:14 ----D---- C:\rsit
2009-05-05 14:21:42 ----D---- C:\WINDOWS\ERDNT
2009-05-05 14:21:12 ----D---- C:\Program Files\ERUNT
2009-05-05 14:15:50 ----A---- C:\WINDOWS\system32\p2hhr.bat
2009-05-05 14:15:44 ----A---- C:\WINDOWS\system32\afnoinkdsfe.dll
2009-05-05 14:15:43 ----A---- C:\WINDOWS\system32\ak1.exe
2009-05-03 14:13:07 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-05-03 14:13:07 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-05-03 14:13:07 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-05-03 14:13:07 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-05-03 14:13:07 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-05-03 14:13:07 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-05-03 14:13:07 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-05-03 14:13:07 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-05-03 14:13:06 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-05-03 14:13:06 ----A---- C:\WINDOWS\system32\swsc.exe
2009-05-03 14:13:06 ----A---- C:\WINDOWS\system32\swreg.exe
2009-05-03 14:13:06 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-05-03 14:13:06 ----A---- C:\WINDOWS\system32\Process.exe
2009-05-03 14:13:06 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-05-03 13:53:32 ----A---- C:\WINDOWS\system32\Copy of userinit.exe
2009-05-02 11:11:14 ----A---- C:\WINDOWS\system32\loader49.exe
2009-05-02 10:48:31 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-28 19:53:01 ----A---- C:\WINDOWS\system32\winglsetup.exe
2009-04-28 19:52:21 ----A---- C:\WINDOWS\system32\tmp.txt
2009-04-28 19:52:00 ----A---- C:\rapport.txt
2009-04-26 10:04:21 ----D---- C:\WINDOWS\Prefetch
2009-04-26 09:57:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-04-26 09:57:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-04-26 09:57:45 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-04-26 09:57:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-04-26 09:57:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-04-26 09:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-04-26 09:57:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-04-26 09:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-04-26 09:57:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-04-26 09:57:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-04-26 09:57:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-04-26 09:57:00 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-04-26 09:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-04-26 09:56:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-04-26 09:56:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-04-26 09:56:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-04-26 09:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-04-26 09:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$
2009-04-26 09:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-04-26 09:56:22 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-04-26 09:56:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-04-26 09:56:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-04-26 09:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-04-26 09:56:02 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-04-26 09:55:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-04-26 09:53:20 ----D---- C:\WINDOWS\system32\scripting
2009-04-26 09:53:20 ----D---- C:\WINDOWS\system32\en
2009-04-26 09:53:20 ----D---- C:\WINDOWS\system32\bits
2009-04-26 09:53:20 ----D---- C:\WINDOWS\l2schemas
2009-04-26 09:51:48 ----D---- C:\WINDOWS\ServicePackFiles
2009-04-26 09:46:50 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-04-26 09:44:13 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-04-26 09:44:09 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-04-26 09:44:06 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-04-26 09:44:06 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-04-26 09:44:05 ----N---- C:\WINDOWS\system32\slserv.exe
2009-04-26 09:44:05 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-04-26 09:44:05 ----N---- C:\WINDOWS\system32\slgen.dll
2009-04-26 09:44:05 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-04-26 09:44:05 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-04-26 09:44:05 ----N---- C:\WINDOWS\slrundll.exe
2009-04-26 09:44:03 ----N---- C:\WINDOWS\system32\setupn.exe
2009-04-26 09:44:03 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-04-26 09:44:02 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-04-26 09:44:02 ----N---- C:\WINDOWS\system32\qutil.dll
2009-04-26 09:44:01 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-04-26 09:44:01 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-04-26 09:44:01 ----N---- C:\WINDOWS\system32\qagent.dll
2009-04-26 09:44:01 ----N---- C:\WINDOWS\system32\onex.dll
2009-04-26 09:43:58 ----N---- C:\WINDOWS\system32\napstat.exe
2009-04-26 09:43:58 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-04-26 09:43:58 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-04-26 09:43:57 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-04-26 09:43:57 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-04-26 09:43:57 ----N---- C:\WINDOWS\system32\mssha.dll
2009-04-26 09:43:57 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-04-26 09:43:52 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-04-26 09:43:51 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-04-26 09:43:51 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-04-26 09:43:51 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-04-26 09:43:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-04-26 09:43:47 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-04-26 09:43:47 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-04-26 09:43:47 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-04-26 09:43:47 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-04-26 09:43:47 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-04-26 09:43:44 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-04-26 09:43:44 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-04-26 09:43:42 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-04-26 09:43:41 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-04-26 09:43:39 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-04-26 09:43:39 ----A---- C:\WINDOWS\003391_.tmp
2009-04-26 09:43:38 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-04-26 09:43:38 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-04-26 09:43:38 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-04-26 09:43:38 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-04-26 09:43:38 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-04-26 09:43:38 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-04-26 09:43:38 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-04-26 09:43:38 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-04-26 09:43:37 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-04-26 09:43:37 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-04-26 09:43:37 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-04-26 09:43:37 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-04-26 09:43:37 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-04-26 09:43:37 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-04-26 09:43:37 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-04-26 09:43:37 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-04-26 09:43:37 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-04-26 09:43:36 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-04-26 09:43:35 ----N---- C:\WINDOWS\system32\credssp.dll
2009-04-26 09:43:33 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-04-26 09:43:33 ----N---- C:\WINDOWS\system32\azroles.dll
2009-04-26 09:43:32 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2009-04-26 09:43:32 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-04-26 09:43:32 ----N---- C:\WINDOWS\system32\ati3duag.dll
2009-04-26 09:43:31 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-04-26 09:43:31 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2009-04-26 09:43:31 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-04-26 09:43:31 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2009-04-26 06:57:19 ----D---- C:\WINDOWS\Minidump
2009-04-25 16:00:04 ----D---- C:\Documents and Settings\jbhatia\Application Data\Apple Computer
2009-04-25 10:09:29 ----D---- C:\Program Files\Common Files\xing shared
2009-04-25 10:09:23 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-04-25 10:09:17 ----D---- C:\Documents and Settings\jbhatia\Application Data\Twain
2009-04-25 10:09:14 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-04-25 10:09:14 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-04-25 10:09:13 ----D---- C:\Program Files\Real
2009-04-25 10:09:13 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-04-25 10:09:11 ----D---- C:\Program Files\Common Files\Real
2009-04-25 10:09:11 ----D---- C:\Documents and Settings\jbhatia\Application Data\Real
2009-04-23 18:52:09 ----A---- C:\WINDOWS\system32\SelfDel.bat
2009-04-23 07:34:22 ----A---- C:\WINDOWS\system32\sf87wuijndoio43j.dll
2009-04-19 09:49:08 ----D---- C:\Documents and Settings\jbhatia\Application Data\InterVideo
2009-04-17 19:57:21 ----D---- C:\users
2009-04-16 20:13:23 ----D---- C:\Documents and Settings\jbhatia\Application Data\BitTorrent
2009-04-16 20:13:03 ----D---- C:\Program Files\BitTorrent
2009-04-14 19:49:18 ----D---- C:\Documents and Settings\jbhatia\Application Data\Malwarebytes
2009-04-14 19:49:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-14 19:49:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-14 19:44:20 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-13 21:26:26 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2009-04-13 17:57:52 ----A---- C:\WINDOWS\iPlayer.INI
2009-04-13 12:45:08 ----D---- C:\Program Files\InterActual
2009-04-12 00:32:39 ----D---- C:\Program Files\AVG
2009-04-12 00:10:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-12 00:09:36 ----D---- C:\Program Files\Norton Security Scan
2009-04-12 00:09:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-04-11 22:51:59 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-04-11 22:51:43 ----D---- C:\Program Files\Common Files\McAfee
2009-04-11 22:51:08 ----D---- C:\Program Files\McAfee
2009-04-11 22:51:08 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-04-11 00:49:43 ----D---- C:\Program Files\Trend Micro
2009-04-11 00:33:34 ----D---- C:\Program Files\Windows Defender
2009-04-10 18:10:12 ----D---- C:\WINDOWS\pss
2009-04-09 21:42:33 ----D---- C:\Documents and Settings\jbhatia\Application Data\SonicWALL
2009-04-08 22:31:36 ----A---- C:\WINDOWS\system32\FFCore.dll
2009-04-08 22:31:35 ----D---- C:\Program Files\Virtual Account Numbers
2009-04-08 22:31:35 ----A---- C:\WINDOWS\system32\OBroker.exe
2009-04-08 22:31:04 ----D---- C:\Documents and Settings\jbhatia\Application Data\InstallShield
2009-04-07 00:56:04 ----SH---- C:\WINDOWS\system32\ikolifez.tmp
2009-04-06 20:58:32 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-04-05 21:57:25 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-05 21:57:12 ----D---- C:\Program Files\Lavasoft
2009-04-05 21:57:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-04 23:59:52 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-04 23:59:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-03 22:33:46 ----D---- C:\Documents and Settings\jbhatia\Application Data\DivX
2009-04-03 22:32:25 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-04-03 22:32:25 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-04-03 22:32:25 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-04-03 22:32:25 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-04-03 22:32:25 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-04-03 22:32:01 ----D---- C:\Program Files\Common Files\DivX Shared
2009-04-03 22:32:00 ----D---- C:\Program Files\DivX
2009-04-01 23:10:11 ----D---- C:\Documents and Settings\jbhatia\Application Data\Sun
2009-03-29 23:22:02 ----D---- C:\Program Files\DNA
2009-03-29 23:22:02 ----D---- C:\Documents and Settings\jbhatia\Application Data\DNA
2009-03-29 23:21:55 ----D---- C:\Program Files\AskBarDis
2009-03-24 22:44:29 ----D---- C:\Documents and Settings\jbhatia\Application Data\HP
2009-03-24 22:39:08 ----D---- C:\Documents and Settings\All Users\Application Data\HP
2009-03-24 22:31:37 ----D---- C:\bin
2009-03-24 22:30:56 ----D---- C:\Program Files\Common Files\HP
2009-03-24 22:28:11 ----D---- C:\Program Files\Hewlett-Packard
2009-03-24 22:27:40 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2009-03-24 22:26:25 ----RA---- C:\WINDOWS\system32\HPZIDS01.dll
2009-03-24 22:26:23 ----A---- C:\WINDOWS\system32\hpz3l054.dll
2009-03-24 22:26:14 ----RA---- C:\WINDOWS\system32\hpowiax2.dll
2009-03-24 22:26:14 ----RA---- C:\WINDOWS\system32\hpovst09.dll
2009-03-24 22:26:14 ----RA---- C:\WINDOWS\system32\hpotiop2.dll
2009-03-24 22:25:54 ----A---- C:\WINDOWS\system32\AddPort.ini
2009-03-24 22:25:30 ----A---- C:\WINDOWS\hpntwksetup.ini
2009-03-24 22:23:50 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2009-03-24 22:23:50 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2009-03-24 22:21:24 ----D---- C:\Program Files\HP
2009-03-24 22:19:10 ----HD---- C:\Config.Msi
2009-03-24 21:59:51 ----D---- C:\Documents and Settings\jbhatia\Application Data\Macromedia
2009-03-24 21:14:56 ----D---- C:\Documents and Settings\jbhatia\Application Data\Mozilla
2009-03-23 18:19:10 ----D---- C:\Documents and Settings\jbhatia\Application Data\Adobe
2009-03-23 18:18:37 ----D---- C:\Documents and Settings\jbhatia\Application Data\Roxio
2009-03-23 18:17:25 ----D---- C:\Documents and Settings\jbhatia\Application Data\Identities
2009-03-23 18:16:28 ----SD---- C:\Documents and Settings\jbhatia\Application Data\Microsoft
2009-03-23 18:16:28 ----ASH---- C:\Documents and Settings\jbhatia\Application Data\desktop.ini
2009-03-23 18:04:37 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-23 18:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-23 18:01:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-23 18:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-03-23 18:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-03-23 18:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-23 18:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-23 17:59:39 ----D---- C:\Program Files\NOS
2009-03-23 17:59:39 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-03-23 17:32:50 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-03-23 17:26:14 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-23 17:26:14 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-23 17:26:14 ----A---- C:\WINDOWS\system32\java.exe
2009-03-23 17:26:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-02-24 12:34:16 ----A---- C:\WINDOWS\system32\dpl100.dll
2009-02-24 12:34:14 ----A---- C:\WINDOWS\system32\divx_xx11.dll
2009-02-24 12:34:14 ----A---- C:\WINDOWS\system32\divx_xx0c.dll
2009-02-24 12:34:14 ----A---- C:\WINDOWS\system32\divx_xx0a.dll
2009-02-24 12:34:14 ----A---- C:\WINDOWS\system32\divx_xx07.dll
2009-02-24 12:34:14 ----A---- C:\WINDOWS\system32\DivX.dll
2009-02-16 16:36:56 ----A---- C:\WINDOWS\webica.ini

======List of files/folders modified in the last 3 months======

2009-05-05 14:21:42 ----D---- C:\WINDOWS
2009-05-05 14:21:12 ----RD---- C:\Program Files
2009-05-05 14:16:05 ----D---- C:\WINDOWS\Temp
2009-05-05 14:15:50 ----D---- C:\WINDOWS\system32
2009-05-05 14:14:03 ----D---- C:\Program Files\Mozilla Firefox
2009-05-05 14:05:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-05 14:02:50 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-05 14:01:25 ----SD---- C:\WINDOWS\Tasks
2009-05-05 13:58:23 ----A---- C:\TPHKLOCK.TXT
2009-05-03 14:20:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-03 14:14:46 ----D---- C:\WINDOWS\system32\drivers
2009-05-03 13:54:11 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-28 18:20:20 ----HD---- C:\WINDOWS\inf
2009-04-26 11:48:46 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-26 10:06:56 ----A---- C:\WINDOWS\setuplog.txt
2009-04-26 10:03:51 ----D---- C:\WINDOWS\system32\wbem
2009-04-26 10:03:51 ----D---- C:\WINDOWS\system32\Setup
2009-04-26 10:03:51 ----D---- C:\WINDOWS\ime
2009-04-26 10:03:51 ----D---- C:\WINDOWS\AppPatch
2009-04-26 10:03:51 ----D---- C:\Program Files\Messenger
2009-04-26 10:03:50 ----RSD---- C:\WINDOWS\Fonts
2009-04-26 10:03:20 ----D---- C:\WINDOWS\security
2009-04-26 09:57:57 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-26 09:56:32 ----D---- C:\WINDOWS\Help
2009-04-26 09:53:35 ----D---- C:\WINDOWS\WinSxS
2009-04-26 09:53:28 ----D---- C:\WINDOWS\system32\inetsrv
2009-04-26 09:53:28 ----D---- C:\WINDOWS\network diagnostic
2009-04-26 09:53:20 ----D---- C:\WINDOWS\system32\usmt
2009-04-26 09:53:20 ----D---- C:\WINDOWS\system32\en-us
2009-04-26 09:53:20 ----D---- C:\WINDOWS\PeerNet
2009-04-26 09:53:20 ----D---- C:\Program Files\Movie Maker
2009-04-26 09:51:42 ----D---- C:\WINDOWS\system32\Restore
2009-04-26 09:51:42 ----D---- C:\WINDOWS\system32\npp
2009-04-26 09:51:42 ----D---- C:\WINDOWS\mui
2009-04-26 09:51:41 ----D---- C:\WINDOWS\msagent
2009-04-26 09:51:40 ----D---- C:\WINDOWS\srchasst
2009-04-26 09:51:40 ----D---- C:\Program Files\NetMeeting
2009-04-26 09:51:39 ----D---- C:\WINDOWS\system32\Com
2009-04-26 09:51:38 ----D---- C:\Program Files\Windows Media Player
2009-04-26 09:51:37 ----D---- C:\Program Files\Windows NT
2009-04-26 09:51:37 ----D---- C:\Program Files\Outlook Express
2009-04-26 09:51:34 ----D---- C:\Program Files\Common Files\System
2009-04-26 09:51:21 ----D---- C:\WINDOWS\system32\oobe
2009-04-26 09:51:20 ----D---- C:\WINDOWS\system
2009-04-26 09:46:49 ----D---- C:\WINDOWS\ehome
2009-04-26 09:33:23 ----D---- C:\WINDOWS\Debug
2009-04-26 08:51:34 ----SHD---- C:\WINDOWS\CSC
2009-04-26 06:17:25 ----D---- C:\download
2009-04-26 05:03:50 ----RASH---- C:\boot.ini
2009-04-26 05:03:50 ----A---- C:\WINDOWS\win.ini
2009-04-26 05:03:50 ----A---- C:\WINDOWS\system.ini
2009-04-25 10:09:29 ----D---- C:\Program Files\Common Files
2009-04-25 10:09:13 ----A---- C:\WINDOWS\system32\msvcr71.dll
2009-04-23 07:19:11 ----ASH---- C:\WINDOWS\system32\penuzazu.exe
2009-04-13 20:06:21 ----D---- C:\Program Files\Symantec AntiVirus
2009-04-13 19:44:03 ----SHD---- C:\WINDOWS\Installer
2009-04-13 18:52:36 ----D---- C:\WINDOWS\system32\appmgmt
2009-04-12 00:32:21 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-12 00:09:41 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-04-12 00:09:05 ----D---- C:\Program Files\Google
2009-04-11 00:57:03 ----A---- C:\WINDOWS\wininit.ini
2009-04-11 00:33:34 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-08 22:31:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-05 22:02:43 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-03 18:28:35 ----SHD---- C:\RECYCLER
2009-03-24 22:37:14 ----D---- C:\WINDOWS\twain_32
2009-03-24 22:32:00 ----RSD---- C:\WINDOWS\assembly
2009-03-24 22:26:21 ----D---- C:\TEMP
2009-03-23 18:20:46 ----A---- C:\WINDOWS\ODBC.INI
2009-03-23 18:16:26 ----D---- C:\Documents and Settings
2009-03-23 18:04:55 ----D---- C:\Program Files\Adobe
2009-03-23 18:04:40 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-23 18:04:05 ----D---- C:\Program Files\Common Files\Adobe
2009-03-23 18:01:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-23 17:59:38 ----D---- C:\Program Files\Internet Explorer
2009-03-23 17:33:01 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-23 17:32:27 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-23 17:25:58 ----D---- C:\Program Files\Java
2009-02-24 12:35:32 ----N---- C:\WINDOWS\system32\VXBLOCK.dll
2009-02-24 12:35:32 ----N---- C:\WINDOWS\system32\PxWave.dll
2009-02-24 12:35:32 ----N---- C:\WINDOWS\system32\PxSFS.DLL
2009-02-24 12:35:32 ----N---- C:\WINDOWS\system32\PxMas.dll
2009-02-24 12:35:32 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-02-24 12:35:32 ----N---- C:\WINDOWS\system32\PxAFS.DLL
2009-02-24 12:35:32 ----N---- C:\WINDOWS\system32\Px.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2007-02-08 12856]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-02-08 28120]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-08-27 189320]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2006-10-23 17778]
R1 TPPWRIF;TPPWRIF; C:\WINDOWS\System32\drivers\Tppwrif.sys [2007-09-21 4442]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-02-09 51768]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-04-13 306176]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-03-23 94848]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-27 868042]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-07-09 128144]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-05-11 252312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2007-05-31 21424]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090411.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090411.003\navex15.sys []
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-21 2208512]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-16 6864064]
R3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
R3 SSLDrv;SSL-VPN NetExtender Adapter; C:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2008-02-04 20504]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-08-10 177664]
R3 TcUsb;TC USB Kernel Driver; C:\WINDOWS\System32\Drivers\tcusb.sys [2007-08-14 47376]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S1 bzvqkoph;bzvqkoph; \??\C:\WINDOWS\system32\drivers\bzvqkoph.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-01-24 67960]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-08-27 23944]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-02-18 30464]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2007-02-27 266295]
R2 CVS;CVSNT; C:\Program Files\cvsnt\cvsservice.exe [2004-10-29 39936]
R2 CVSLock;CVSNT Locking Service; C:\Program Files\cvsnt\cvslock.exe [2004-10-29 49664]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2007-05-31 36400]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-23 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-16 155716]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2007-10-07 116664]
R2 SONICWALL_NetExtender;SonicWALL NetExtender Service; C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [2008-07-09 263600]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-01-03 654848]
R3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S2 0072091239938120mcinstcleanup;McAfee Application Installer Cleanup (0072091239938120); C:\DOCUME~1\jbhatia\LOCALS~1\Temp\007209~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 183280]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-11 72704]
S3 Adobe Version Cue CS3;Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [2007-03-20 153792]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-05-29 192104]
S3 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-05-29 169576]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2007-10-07 31160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-08-28 2999664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PFU;PFU; C:\DOCUME~1\jbhatia\LOCALS~1\Temp\PFU.exe [2009-05-03 400256]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2007-09-27 230672]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-08-27 214408]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2007-07-26 1181016]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2007-10-07 1822648]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


RSIT_INFO is as follows:

info.txt logfile of random's system information tool 1.06 2009-05-05 14:23:35

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Add or Remove Adobe Creative Suite 3 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\c14ac4070fd9614ffe63f4bb533db2c\Setup.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B7F560B3-6EFF-4026-A982-843895A41149}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Creative Suite 3 Design Premium-->MsiExec.exe /I{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Flex Builder 2-->"C:\Program Files\Adobe\Flex Builder 2\Uninstall Adobe Flex Builder 2\Uninstall Adobe Flex Builder 2.exe"
Adobe Flex Builder 3-->"C:\Program Files\Adobe\Flex Builder 3\Uninstall Adobe Flex Builder 3\Uninstall Adobe Flex Builder 3.exe"
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe InDesign CS3-->MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Setup-->MsiExec.exe /I{09E2111C-16B1-4DDF-BF0D-F994C9A12350}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Version Cue CS3 Server {ko_KR} -->MsiExec.exe /I{1D58229F-C505-45CA-8223-F35F3A34B963}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
AirPort-->MsiExec.exe /I{599858EA-0422-481D-944A-DA049C626A25}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Citrix Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\icaweb.inf,DefaultUninstall
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CVSNT-->"C:\Program Files\cvsnt\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FastStone Capture 6.2-->C:\Program Files\FastStone Capture\uninst.exe
FileZilla Client 3.0.8.1-->C:\Program Files\FileZilla Client\uninstall.exe
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Document Viewer 7.0-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Intel® PRO Network Connections Drivers-->Prounstl.exe
IntelliJ IDEA 6.0-->C:\Program Files\JetBrains\IntelliJ IDEA 6.0\bin\Uninstall.exe
IntelliJ IDEA 7.0.2-->C:\Program Files\JetBrains\IntelliJ IDEA 7.0.2\bin\Uninstall.exe
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Development Kit 5.0 Update 14-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150140}
J2SE Runtime Environment 5.0 Update 14-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150140}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Resource Kit-->MsiExec.exe /I{90240409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{90CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\80\Tools\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\80\Tools\sqlsun.dll" -msql.mif
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\NSSSetup\{795AF20A-51C5-4BAF-9EF5-AA38105C6141}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{795AF20A-51C5-4BAF-9EF5-AA38105C6141}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
On Screen Display-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
Opera 9.27-->MsiExec.exe /X{503D6E3E-1A48-44F5-BB7C-EB3B593FAED0}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Redistributable_MM-->MsiExec.exe /I{9D4B411F-42F9-4566-9621-13D3A969F871}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SonicWALL Global VPN Client 4.0.0.830-->C:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe -runfromtemp -l0x0009 -FromCPL -removeonly
SonicWALL SSL-VPN NetExtender-->C:\Program Files\SonicWALL\SSL-VPN\NetExtender\uninst.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SQL Prompt-->MsiExec.exe /X{9FAEB5B2-4548-45AB-AC5B-510176BED53D}
Symantec AntiVirus-->MsiExec.exe /I{2085C617-589C-40F8-BE40-EDBC9E2CA2EB}
ThinkPad Bluetooth with Enhanced Data Rate Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10140588\UIU32m.exe -U -ITkp0588k.inf
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad Power Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}\SETUP.EXE" -l0x9 -AddRemove
ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThinkPad UltraNav Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17CBC505-D1AE-459D-B445-3D2000A85842}\SETUP.EXE" -l0x9 UNINSTALL
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Virtual Account Numbers-->"C:\Program Files\InstallShield Installation Information\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}\setup.exe" -runfromtemp -l0x0009 -removeonly
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

=====HijackThis Backups=====

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [2009-04-11]
O4 - HKLM\..\Run: [f886bf27] rundll32.exe "C:\WINDOWS\system32\hidujuku.dll",b [2009-04-11]
O4 - HKLM\..\Run: [CPMfbb58cbb] Rundll32.exe "c:\windows\system32\rusokano.dll",a [2009-04-11]
O4 - HKLM\..\Run: [zakewukazo] Rundll32.exe "C:\WINDOWS\system32\juwufajo.dll",s [2009-04-11]

======Hosts File======

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: Symantec AntiVirus Corporate Edition (disabled)

======System event log======

Computer Name: DCI-WGREENET61
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/ns1.novani.com. No authentication protocol was available.

Record Number: 13267
Source Name: LSASRV
Time Written: 20090415123743.000000-420
Event Type: warning
User:

Computer Name: DCI-WGREENET61
Event Code: 40960
Message: The Security System detected an attempted downgrade attack for
server DNS/ns1.novani.com. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Record Number: 13266
Source Name: LSASRV
Time Written: 20090415123743.000000-420
Event Type: warning
User:

Computer Name: DCI-WGREENET61
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/ns1.novani.com. No authentication protocol was available.

Record Number: 13265
Source Name: LSASRV
Time Written: 20090415113742.000000-420
Event Type: warning
User:

Computer Name: DCI-WGREENET61
Event Code: 40960
Message: The Security System detected an attempted downgrade attack for
server DNS/ns1.novani.com. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".

Record Number: 13264
Source Name: LSASRV
Time Written: 20090415113742.000000-420
Event Type: warning
User:

Computer Name: DCI-WGREENET61
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/ns1.novani.com. No authentication protocol was available.

Record Number: 13261
Source Name: LSASRV
Time Written: 20090415093851.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: DCI-WGREENET61
Event Code: 5
Message:


Risk Found!Risk: Packed.Generic.214 in File: C:\System Volume Information\_restore{B0DC3903-E336-4D1B-B47B-B0215F8098EE}\RP240\A0044600.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:



Record Number: 296
Source Name: Symantec AntiVirus
Time Written: 20090410005342.000000-420
Event Type: error
User:

Computer Name: DCI-WGREENET61
Event Code: 46
Message:


Security Risk Found!Risk: Packed.Generic.214 in File: C:\System Volume Information\_restore{B0DC3903-E336-4D1B-B47B-B0215F8098EE}\RP240\A0044600.dll by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:



Record Number: 295
Source Name: Symantec AntiVirus
Time Written: 20090410005318.000000-420
Event Type: error
User:

Computer Name: DCI-WGREENET61
Event Code: 51
Message:


Security Risk Found!Risk: Packed.Generic.214 in File: C:\WINDOWS\system32\sapemogi.dll.tmp by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:



Record Number: 294
Source Name: Symantec AntiVirus
Time Written: 20090410002745.000000-420
Event Type: error
User:

Computer Name: DCI-WGREENET61
Event Code: 5
Message:


Risk Found!Risk: Packed.Generic.214 in File: C:\WINDOWS\system32\sapemogi.dll.tmp by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:



Record Number: 293
Source Name: Symantec AntiVirus
Time Written: 20090410002744.000000-420
Event Type: error
User:

Computer Name: DCI-WGREENET61
Event Code: 46
Message:


Security Risk Found!Risk: Packed.Generic.214 in File: C:\WINDOWS\system32\sapemogi.dll.tmp by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:



Record Number: 292
Source Name: Symantec AntiVirus
Time Written: 20090410002744.000000-420
Event Type: error
User:

======Environment variables======

"ANT_HOME"=C:\thirdParty\ant-1.6.3
"ComSpec"=%SystemRoot%\system32\cmd.exe
"CVSROOT"=:pserver:whitney@dci-dev-01:/cvsRepository
"FP_NO_HOST_CHECK"=NO
"JAVA_HOME"=C:\Program Files\Java\jdk1.5.0_14
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\cvsnt;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0b
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------


#8 flyinghigh200178

flyinghigh200178
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 05 May 2009 - 06:39 PM

The GMER result is attached. One more thing, a friend of mine is a comp. science major and he did a RootKit Revealer scan on my machine and found that it gave an error: "Cannot mount volume". Also, when I connect my USB flash drive to the USB port, the computer recognizes it, but I don't see it in "My Computer". Another problem I see is this: For the registry entry used to run C:\Windows\system32\userinit.exe, I got "registry object infected" error in anti-malware bytes a few days ago and I tried to delete the registry, but the registry object re-appeared and even if I try deleting the file "userinit.exe", it re-appears almost immediately.

The reason I am mentioning all this is that I believe these issues are related and might help you catch and fix the problem. Please help me.

Thanks.

Attached Files



#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 05 May 2009 - 06:40 PM

Don't alter your log for whatever reason.. Don't bold, color, use code tag to your log.. Just post it as it is.. It will be very much easier for my eyes..

Do below...

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Edited by fenzodahl512, 05 May 2009 - 06:40 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 05 May 2009 - 06:42 PM

For the registry entry used to run C:\Windows\system32\userinit.exe, I got "registry object infected" error in anti-malware bytes a few days ago and I tried to delete the registry, but the registry object re-appeared and even if I try deleting the file "userinit.exe", it re-appears almost immediately.


Your friend is Computer Science student?.. So, why on earth he want to remove "userinit.exe"? Do you/your friend know what that file for?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 flyinghigh200178

flyinghigh200178
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 05 May 2009 - 06:45 PM

He did not try removing it. I did... I am a nerd... I read later that it is one of the most important files executed at startup... Anyway, here is the log for goored, option 1:

GooredFix v1.92 by jpshortstuff
Log created at 16:43 on 05/05/2009 running Option #1 (jbhatia)
Firefox version 3.0.9 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{11AAA4A1-2E57-49DA-B627-14D58FD51D61}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 05 May 2009 - 06:52 PM

Oh.. sorry, my bad.. Lets do this...

Please double-click Goored.exe on your Desktop to run it. Select 2. Fix Goored by typing 2 and pressing Enter. Make sure all instances of Firefox are closed at this point. Type y at the prompt and press Enter again. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).



Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#13 flyinghigh200178

flyinghigh200178
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 06 May 2009 - 11:57 AM

Log of Goored (option 2) is:

GooredFix v1.92 by jpshortstuff
Log created at 09:07 on 06/05/2009 running Option #2 (jbhatia)
Firefox version 3.0.9 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{11AAA4A1-2E57-49DA-B627-14D58FD51D61}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.9\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{B7082FAA-CB62-4872-9106-E42DD88EDE45}"="C:\Program Files\McAfee\SiteAdvisor"

#14 flyinghigh200178

flyinghigh200178
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 06 May 2009 - 11:58 AM

Log of Combofix is:

ComboFix 09-05-05.04 - jbhatia 05/06/2009 9:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.2553 [GMT -7:00]
Running from: c:\users\jatin\bleepingcomputer\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jbhatia\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\jbhatia\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\404Fix.exe
c:\windows\system32\afnoinkdsfe.dll
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\ak1.exe
c:\windows\system32\drivers\ovfsthjfumayhcumvvbyaiweyhhoxldpxlrqog.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\ovfsthffibnaducndyeivbsffdkfysowrpufck.dat
c:\windows\system32\ovfsthmhfrpepjlajhuiiwvnhwfsflsfukhjtx.dll
c:\windows\system32\ovfsthodqrxxbpurfqfhxpjbumfdqvdhysdpca.dll
c:\windows\system32\ovfsthosythbjvjcwftlkshqjeehsctdqavilc.dll
c:\windows\system32\ovfsthslyrdswxnqpbppitfpcjnnxeuvhooolm.dat
c:\windows\system32\Process.exe
c:\windows\system32\sf87wuijndoio43j.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\winglsetup.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Temp\1213351646.exe
c:\windows\Temp\2817625270.exe
c:\windows\Temp\2819344020.exe
c:\windows\Temp\2981219020.exe
c:\windows\Temp\3942850192.exe

----- BITS: Possible infected sites -----

hxxp://dcinls
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthtuikobmaclhgojrwxtwpsoueonqpyxcb


((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.

2009-05-05 23:56 . 2009-05-05 23:56 -------- d-----w c:\program files\Sophos
2009-05-05 21:23 . 2009-05-05 21:23 -------- d-----w C:\rsit
2009-05-05 21:21 . 2009-05-05 21:21 -------- d-----w c:\program files\ERUNT
2009-05-03 20:53 . 2008-04-14 00:12 26112 ----a-w c:\windows\system32\Copy of userinit.exe
2009-05-02 18:44 . 2009-05-02 18:44 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-05-02 17:48 . 2009-05-03 21:11 -------- d-----w c:\windows\system32\NtmsData
2009-04-26 16:53 . 2009-04-26 16:53 -------- d-----w c:\windows\system32\scripting
2009-04-26 16:53 . 2009-04-26 16:53 -------- d-----w c:\windows\l2schemas
2009-04-26 16:53 . 2009-04-26 16:53 -------- d-----w c:\windows\system32\en
2009-04-26 16:53 . 2009-04-26 16:53 -------- d-----w c:\windows\system32\bits
2009-04-26 16:51 . 2009-04-26 16:51 -------- d-----w c:\windows\ServicePackFiles
2009-04-26 16:43 . 2004-08-04 05:41 180360 ------w c:\windows\system32\drivers\ntmtlfax.sys
2009-04-25 23:00 . 2009-04-25 23:00 -------- d-----w c:\documents and settings\jbhatia\Application Data\Apple Computer
2009-04-25 17:09 . 2009-04-25 17:09 -------- d-----w c:\program files\Common Files\xing shared
2009-04-25 17:09 . 2009-04-25 17:10 -------- d-----w c:\documents and settings\jbhatia\Application Data\Twain
2009-04-25 17:09 . 2009-04-25 17:09 -------- d-----w c:\program files\Real
2009-04-25 17:09 . 2009-04-25 17:09 -------- d-----w c:\program files\Common Files\Real
2009-04-24 01:52 . 2009-04-24 01:52 155 ----a-w c:\windows\system32\SelfDel.bat
2009-04-19 16:49 . 2009-04-19 16:49 -------- d-----w c:\documents and settings\jbhatia\Application Data\InterVideo
2009-04-18 02:57 . 2009-04-18 02:57 -------- d-----w C:\users
2009-04-17 03:13 . 2009-04-25 18:54 -------- d-----w c:\documents and settings\jbhatia\Application Data\BitTorrent
2009-04-17 03:13 . 2009-04-17 03:13 -------- d-----w c:\program files\BitTorrent
2009-04-15 02:49 . 2009-04-15 02:49 -------- d-----w c:\documents and settings\jbhatia\Application Data\Malwarebytes
2009-04-15 02:49 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 02:49 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 02:49 . 2009-04-15 02:49 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 02:49 . 2009-04-15 02:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-14 04:26 . 2009-04-14 04:26 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-04-13 19:45 . 2009-04-13 19:45 -------- d-----w c:\program files\InterActual
2009-04-12 07:32 . 2009-04-12 07:32 -------- d-----w c:\program files\AVG
2009-04-12 07:10 . 2009-04-14 03:06 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-12 07:09 . 2009-04-24 22:00 -------- d-----w c:\program files\Norton Security Scan
2009-04-12 07:09 . 2009-05-05 21:00 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-12 05:53 . 2009-04-12 05:53 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-04-12 05:53 . 2009-04-12 05:53 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore
2009-04-12 05:51 . 2009-04-12 05:51 -------- d-----w c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-04-12 05:51 . 2009-04-12 05:51 -------- d-----w c:\program files\Common Files\McAfee
2009-04-12 05:51 . 2009-04-17 03:14 -------- d-----w c:\program files\McAfee
2009-04-12 05:51 . 2009-04-12 05:51 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-04-11 07:49 . 2009-04-11 07:49 -------- d-----w c:\program files\Trend Micro
2009-04-11 07:33 . 2009-04-11 07:33 -------- d-----w c:\program files\Windows Defender
2009-04-10 05:57 . 2009-04-10 05:57 -------- d-----w c:\documents and settings\jbhatia\Local Settings\Application Data\Apple
2009-04-10 04:42 . 2009-04-10 04:42 -------- d-----w c:\documents and settings\jbhatia\Application Data\SonicWALL
2009-04-09 05:31 . 2007-12-07 22:51 532480 ----a-w c:\windows\system32\FFCore.dll
2009-04-09 05:31 . 2009-04-09 05:31 -------- d-----w c:\program files\Virtual Account Numbers
2009-04-09 05:31 . 2007-12-07 22:51 102400 ----a-w c:\windows\system32\OBroker.exe
2009-04-09 05:31 . 2009-04-09 05:31 -------- d-----w c:\documents and settings\jbhatia\Application Data\InstallShield
2009-04-07 03:58 . 2009-03-09 19:06 15688 ----a-w c:\windows\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 16:15 . 2009-03-30 06:22 -------- d-----w c:\program files\DNA
2009-04-26 18:49 . 2009-03-24 01:19 80672 ----a-w c:\documents and settings\jbhatia\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 16:55 . 2007-12-07 18:44 87263 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-26 13:45 . 2009-04-05 06:59 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-25 17:09 . 2003-02-21 12:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-14 03:06 . 2007-12-14 02:59 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-12 07:09 . 2007-12-14 02:59 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-12 07:09 . 2007-12-08 01:19 -------- d-----w c:\program files\Google
2009-04-09 05:31 . 2007-12-07 19:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 07:56 . 2009-04-07 07:56 1422879 --sh--w c:\windows\system32\ikolifez.tmp
2009-04-06 04:57 . 2009-04-06 04:57 -------- d-----w c:\program files\Lavasoft
2009-04-04 05:32 . 2009-04-04 05:32 -------- d-----w c:\program files\DivX
2009-04-04 05:32 . 2009-04-04 05:32 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-02 06:12 . 2009-03-30 06:21 -------- d-----w c:\program files\AskBarDis
2009-03-25 05:46 . 2009-03-25 05:17 117361 ----a-w c:\windows\hpoins11.dat
2009-03-25 05:31 . 2009-03-25 05:30 -------- d-----w c:\program files\Common Files\HP
2009-03-25 05:28 . 2009-03-25 05:28 -------- d-----w c:\program files\Hewlett-Packard
2009-03-25 05:28 . 2009-03-25 05:21 -------- d-----w c:\program files\HP
2009-03-25 05:27 . 2009-03-25 05:27 -------- d-----w c:\program files\Common Files\Hewlett-Packard
2009-03-24 01:19 . 2009-03-24 01:19 130 ----a-w c:\documents and settings\jbhatia\Local Settings\Application Data\fusioncache.dat
2009-03-24 01:17 . 2009-03-24 00:59 -------- d-----w c:\program files\NOS
2009-03-24 01:04 . 2009-03-24 01:04 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-24 01:04 . 2007-12-08 01:15 -------- d-----w c:\program files\Common Files\Adobe
2009-03-24 00:26 . 2009-03-24 00:26 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-24 00:25 . 2007-12-08 01:19 -------- d-----w c:\program files\Java
2009-03-09 19:06 . 2009-04-06 05:02 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-02-24 19:35 . 2009-04-04 05:32 120056 ------w c:\windows\system32\pxcpyi64.exe
2009-02-24 19:35 . 2009-04-04 05:32 118520 ------w c:\windows\system32\pxinsi64.exe
2009-02-24 19:35 . 2006-09-15 00:13 129784 ------w c:\windows\system32\PxAFS.DLL
2009-02-24 19:35 . 2006-07-24 11:00 43528 ------w c:\windows\system32\drivers\pxhelp20.sys
2009-02-24 19:34 . 2009-02-24 19:34 90112 ----a-w c:\windows\system32\dpl100.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx0c.dll
2009-02-24 19:34 . 2009-02-24 19:34 823296 ----a-w c:\windows\system32\divx_xx07.dll
2009-02-24 19:34 . 2009-02-24 19:34 815104 ----a-w c:\windows\system32\divx_xx0a.dll
2009-02-24 19:34 . 2009-02-24 19:34 802816 ----a-w c:\windows\system32\divx_xx11.dll
2009-02-24 19:34 . 2009-02-24 19:34 684032 ----a-w c:\windows\system32\DivX.dll
2009-02-17 01:25 . 2009-02-17 01:25 81 ----a-w C:\CTX.DAT
2009-02-09 11:13 . 2004-08-04 10:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-30 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-30 321344]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-12 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-04-10 1015808]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 512000]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 66176]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 136600]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2008-05-20 737280]
"SonicWALLNetExtender"="c:\program files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe" [2008-07-10 562608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\jbhatia\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2007-2-27 561213]
SQL Prompt.lnk - c:\program files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe [2006-5-17 741376]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-07 00:37 34344 ----a-w c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2006-12-14 19:06 28672 ----a-w c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_14\\bin\\java.exe"=
"c:\\Program Files\\JetBrains\\IntelliJ IDEA 7.0.2\\bin\\idea.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\AirPort\\APAgent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:UDP"= 5353:UDP:Bonjour

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/5/2009 10:02 PM 64160]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [6/11/2008 1:29 PM 101528]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [12/7/2007 3:48 PM 4442]
R2 CVS;CVSNT;c:\program files\cvsnt\cvsservice.exe [10/29/2004 1:03 PM 39936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 12:06 PM 951632]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/11/2009 10:51 PM 210216]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/26/2009 7:01 PM 101936]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [6/11/2008 1:29 PM 24876]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [10/23/2007 5:09 PM 20504]
S1 bzvqkoph;bzvqkoph;\??\c:\windows\system32\drivers\bzvqkoph.sys --> c:\windows\system32\drivers\bzvqkoph.sys [?]
S2 0072091239938120mcinstcleanup;McAfee Application Installer Cleanup (0072091239938120);c:\docume~1\jbhatia\LOCALS~1\Temp\007209~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\jbhatia\LOCALS~1\Temp\007209~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8.tmp --> c:\windows\system32\8.tmp [?]
S3 PFU;PFU;c:\docume~1\jbhatia\LOCALS~1\Temp\PFU.exe --> c:\docume~1\jbhatia\LOCALS~1\Temp\PFU.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-12 07:09]

2009-05-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-04-24 c:\windows\Tasks\Norton Security Scan for jbhatia.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 11:18]

2009-04-11 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2007-12-07 09:19]
.
- - - - ORPHANS REMOVED - - - -

BHO-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - c:\windows\system32\afnoinkdsfe.dll
HKU-Default-Run-uidenhiufgsduiazghs - c:\windows\TEMP\ejgzrq286.exe
HKU-Default-Run-Diagnostic Manager - c:\windows\TEMP\1213351646.exe
SharedTaskScheduler-{C2BA40A1-74F3-42BD-F434-12345A2C8953} - c:\windows\system32\afnoinkdsfe.dll


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.sr...egXPWizCredOnly
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jbhatia\Application Data\Mozilla\Firefox\Profiles\9n92iqtj.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-06 09:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1560)
c:\program files\Lenovo\HOTKEY\tphklock.dll

- - - - - - - > 'explorer.exe'(3648)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\cvsnt\cvslock.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\ZOOM\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-05-06 9:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-06 16:53

Pre-Run: 51,039,498,240 bytes free
Post-Run: 51,003,777,024 bytes free

344 --- E O F --- 2009-03-24 01:08

#15 flyinghigh200178

flyinghigh200178
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:34 PM

Posted 06 May 2009 - 12:00 PM

Log of HijackThis is:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:55:03, on 5/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\cvsnt\cvsservice.exe
C:\Program Files\cvsnt\cvslock.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://accountservices.passport.net/reg.sr...egXPWizCredOnly
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe -hideGUI -clearReboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: SQL Prompt.lnk = C:\Program Files\Red Gate\SQL Prompt\RedGate.SQLPrompt.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Virtual Account Numbers - {DE700910-58F7-4D2E-B7E6-3BA2DA1B6806} - C:\PROGRA~1\VIRTUA~1\CitiVAN.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://bba.bloomberg.net/default/Clients_c...ca32/icaweb.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237854743258
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237854735051
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dcinv.com
O17 - HKLM\Software\..\Telephony: DomainName = dcinv.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dcinv.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dcinv.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0072091239938120) (0072091239938120mcinstcleanup) - Unknown owner - C:\DOCUME~1\jbhatia\LOCALS~1\Temp\007209~1.EXE (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: CVSNT (CVS) - GNU - C:\Program Files\cvsnt\cvsservice.exe
O23 - Service: CVSNT Locking Service (CVSLock) - Unknown owner - C:\Program Files\cvsnt\cvslock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PFU - Unknown owner - C:\DOCUME~1\jbhatia\LOCALS~1\Temp\PFU.exe (file missing)
O23 - Service: Plpbiownsda - Unknown owner - (no file)
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12845 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users