Virundo ? Can't get rid of...

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages
1
2
→

You cannot start a new topic
This topic is locked

Virundo ? Can't get rid of...

#1 Shawn_Evans

Member

Group: Members
Posts: 24
Joined: 11-July 08

Posted 21 November 2008 - 04:06 PM

Alright, long story short... I did a search last night on a password and well, ended up getting bit by a hoax (obviously) torrent site. Anywho, it got me. Trenc picked up something immediately, TROJ.DLOADER.DDY. Quarantined. Well, that did nothing. So, I ran MBAM. It picked up something like 38, deleted most of them and supposedly got the rest on a reboot. Scanned again, came up clean. Ran Kapersky and it found 1. So, I downloaded and ran spybot several times. It keeps picking up and cleaning the same files over and over. I am at a loss here. It is not that annoying. The pop ups are far and few between, like i can almost live with it. I just dont like the idea that I have something on my system. here is my HJ Log.

----------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:52 PM, on 11/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\WINDOWS\system32\ifxspmgt.exe
c:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\DFF86E.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\kix\UTLite33.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\NGS\Qport\QPORT.EXE
C:\PROGRA~1\NGS\Qport\QPortMon.exe
C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fcinternal.net/fc/default.asp?ID=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nfuse.czncorp.com/Citrix/MetaFrame/auth/login.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res:///3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198010915734
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1226282858039
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sapience360.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.pvt
O17 - HKLM\Software\..\Telephony: DomainName = corp.pvt
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.pvt
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = corp.pvt
O20 - AppInit_DLLs: APSHook.dll lmhfhs.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CCA Agent Stub (CCAAgentStub) - Unknown owner - C:\WINDOWS\system32\CCAAgentStub.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 16132 bytes

-------------------------------------------------------------------------------------

Any and all help would be greatly, greatly appreciated.

My MBAM logs as well...

-----------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

11/21/2008 3:03:21 PM
mbam-log-2008-11-21 (15-03-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 28148
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\lmhfhs.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3fc5dcb2-de29-4eb2-b9ed-745500ccd7b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3fc5dcb2-de29-4eb2-b9ed-745500ccd7b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\lmhfhs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\byXNfGVN.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\NVGfNXyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.

----------------------------------------------------------------------------------------

Every MBAM log looks the same...

This post has been edited by Shawn_Evans: 21 November 2008 - 04:12 PM

#2 Shawn_Evans

Member

Group: Members
Posts: 24
Joined: 11-July 08

Posted 26 November 2008 - 06:16 PM

bump. Not to criticize but there are posts on here posted 3 days after mine that have been resolved. I realize you are super busy and provide a phenomonal service fbut I am having major browser issues as well as trojan's popping up frequently and it is a WORK PC. I do not mean to be a pain in the ass but I am in DIRE STRAIGHTS. MBAM is comming up clean but I believe I have registry issues. Fresh RSIT Log. Kaspersky picked up (4).. 3 in Trend and (1) in the system directory. Log also attached:

------------------------------------------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by ShaEvans at 2008-11-26 15:32:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (61%) free of 76 GB
Total RAM: 2039 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:11 PM, on 11/26/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\WINDOWS\system32\ifxspmgt.exe
c:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\NM292E.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\shaevans\My Documents\RSIT.exe
C:\Program Files\trend micro\ShaEvans.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fcinternal.net/fc/default.asp?ID=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nfuse.czncorp.com/Citrix/MetaFrame/auth/login.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res:///3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198010915734
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227705794549
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sapience360.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.pvt
O17 - HKLM\Software\..\Telephony: DomainName = corp.pvt
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.pvt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.pvt
O20 - AppInit_DLLs: APSHook.dll lmhfhs.dll hubsls.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O20 - Winlogon Notify: yayyVopP - C:\WINDOWS\
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CCA Agent Stub (CCAAgentStub) - Unknown owner - C:\WINDOWS\system32\CCAAgentStub.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14529 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-17 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-05-01 404248]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]
"IFXSPMGT"=c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408]
""= []
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-03 293168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-01-02 40960]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-18 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-18 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-18 138008]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456]
"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-05-07 20530]
"Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-05-07 24626]
"Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-05-07 45056]
"Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-05-07 20530]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe [2008-10-09 709928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-15 185872]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-30 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll lmhfhs.dll hubsls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-05-03 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-03 281088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-04-30 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-05-13 85504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyVopP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=Legal Notice
"legalnoticetext"=This computer system and the data contained herein are property of Frontier Communications. Any unauthorized access and/or use of the data will be investigated and prosecuted to the full extent of the law. This system is to be used for business purposes. All information stored or processed is property of Frontier Communications and is subject to inspection.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe"
"C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe"="C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe:*:Enabled:Citrix Secure Access Agent"
"C:\Program Files\NET6\net6vpn.exe"="C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent"
"C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Citrix\ICA Client\wfica32.exe"="C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\SMSADMIN\bin\i386\statview.exe"="C:\SMSADMIN\bin\i386\statview.exe:*:Enabled:SMS 2.0 Utility - Status Message Viewer"
"C:\SMSADMIN\bin\i386\SETUP.EXE"="C:\SMSADMIN\bin\i386\SETUP.EXE:*:Enabled:SMS Setup"
"C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\VoissAssistant.exe"="C:\WINDOWS\system32\VoissAssistant.exe:*:Enabled:VoissAssistant"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\Program Files\NET6\net6vpn.exe"="C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent"
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Viryanet\MicroServer\VCM.exe"="C:\Program Files\Viryanet\MicroServer\VCM.exe:*:Enabled:VCM"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Citrix\ICA Client\wfica32.exe"="C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bd5546-adaa-11dc-bbbe-b02c9a8bec2e}]
shell\AutoRun\command - E:\setup.exe

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 3 months======

2008-11-26 15:32:55 ----D---- C:\rsit
2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\java.exe
2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-26 10:48:51 ----SHD---- C:\Config.Msi
2008-11-26 10:34:26 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-26 10:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-26 10:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-26 10:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-26 10:14:42 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-11-26 09:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953761$
2008-11-26 09:46:36 ----D---- C:\Program Files\msn gaming zone
2008-11-26 09:46:27 ----D---- C:\WINDOWS\Prefetch
2008-11-26 09:43:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-26 09:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-26 09:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-26 09:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-26 09:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-26 09:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-26 09:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-26 09:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-26 09:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-26 09:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-26 09:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-26 09:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-26 09:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$
2008-11-26 09:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-26 09:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-26 09:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-26 09:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-26 09:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-26 09:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-26 09:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-26 09:38:22 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-11-26 09:38:15 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-26 09:38:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-26 09:38:11 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-26 09:38:04 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-26 09:38:00 ----N---- C:\WINDOWS\slrundll.exe
2008-11-26 09:37:59 ----D---- C:\WINDOWS\system32\scripting
2008-11-26 09:37:57 ----D---- C:\WINDOWS\system32\en
2008-11-26 09:37:57 ----D---- C:\WINDOWS\l2schemas
2008-11-26 09:37:56 ----D---- C:\WINDOWS\system32\bits
2008-11-26 09:34:44 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-26 09:32:13 ----D---- C:\WINDOWS\network diagnostic
2008-11-26 09:31:23 ----A---- C:\WINDOWS\003302_.tmp
2008-11-26 09:28:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-26 09:12:01 ----A---- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-11-26 09:00:49 ----D---- C:\hotfix
2008-11-25 15:45:08 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-25 10:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-25 10:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-25 09:57:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-22 15:47:28 ----ASH---- C:\WINDOWS\system32\mSuuxyay.ini2
2008-11-22 15:47:27 ----ASH---- C:\WINDOWS\system32\mSuuxyay.ini
2008-11-21 08:57:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-21 08:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-20 23:07:52 ----N---- C:\WINDOWS\system32\ltgnycfw.dll
2008-11-20 23:07:12 ----A---- C:\WINDOWS\system32\f30f2094-.txt
2008-11-13 20:05:58 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-12 13:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2008-11-12 13:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-11-12 11:53:30 ----D---- C:\WINDOWS\ie7updates
2008-11-12 08:45:28 ----A---- C:\WINDOWS\cdplayer.ini
2008-11-11 22:36:50 ----D---- C:\WINDOWS\pss
2008-11-11 22:17:27 ----D---- C:\WINDOWS\WBEM
2008-11-11 22:15:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-11 22:15:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-11 22:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-11 22:14:58 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-11 21:59:14 ----A---- C:\WINDOWS\Active Setup Log.txt
2008-11-11 21:59:14 ----A---- C:\WINDOWS\Active Setup Log.BAK
2008-11-09 21:12:47 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-05 12:17:52 ----D---- C:\Documents and Settings\shaevans\Application Data\Thunderbird
2008-11-05 12:17:46 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-02 18:44:26 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-02 18:44:25 ----D---- C:\Program Files\Viewpoint
2008-11-02 18:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-11-02 18:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-02 18:44:01 ----D---- C:\Program Files\Common Files\AOL
2008-10-30 20:52:30 ----D---- C:\Documents and Settings\shaevans\Application Data\Motive
2008-10-30 20:32:40 ----D---- C:\Program Files\Yahoo!
2008-10-30 20:32:18 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2008-10-30 20:32:08 ----D---- C:\Program Files\Common Files\Motive
2008-10-30 20:24:28 ----D---- C:\WINDOWS\DSL
2008-10-30 20:24:28 ----D---- C:\Program Files\Common Files\SupportSoft
2008-10-30 14:59:07 ----D---- C:\Program Files\Adobe Media Player
2008-10-30 14:59:03 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-10-28 10:57:30 ----D---- C:\Program Files\Bonjour
2008-10-26 16:15:58 ----D---- C:\Documents and Settings\shaevans\Application Data\WinRAR
2008-10-23 21:05:41 ----D---- C:\Program Files\WinRAR
2008-10-22 12:03:25 ----D---- C:\Documents and Settings\shaevans\Application Data\webex
2008-10-20 08:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-20 08:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-20 08:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-20 08:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-20 08:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-20 08:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$
2008-10-15 21:05:14 ----D---- C:\Documents and Settings\shaevans\Application Data\Talkback
2008-10-15 21:03:39 ----D---- C:\Program Files\Common Files\xing shared
2008-10-15 21:03:35 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-10-15 21:03:32 ----D---- C:\Program Files\Real
2008-10-15 21:03:32 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-10-15 21:03:32 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-10-15 21:03:32 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-10-15 21:03:30 ----D---- C:\Program Files\Common Files\Real
2008-10-15 21:03:29 ----D---- C:\Documents and Settings\shaevans\Application Data\Real
2008-10-15 21:02:57 ----D---- C:\Documents and Settings\shaevans\Application Data\Mozilla
2008-10-15 21:02:54 ----D---- C:\Program Files\Mozilla Firefox
2008-10-14 07:25:14 ----A---- C:\tmuninst.ini
2008-10-14 07:24:41 ----D---- C:\WINDOWS\system32\log
2008-10-13 09:51:22 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-10-10 14:07:35 ----D---- C:\Documents and Settings\shaevans\Application Data\NCH Swift Sound
2008-10-03 16:40:38 ----D---- C:\Documents and Settings\shaevans\Application Data\DivX
2008-10-03 16:39:23 ----D---- C:\Program Files\DivX
2008-09-22 10:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-09-18 07:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-15 19:11:28 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-08-29 09:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe
2008-08-29 08:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll

======List of files/folders modified in the last 3 months======

2008-11-26 15:33:11 ----D---- C:\Program Files\Trend Micro
2008-11-26 15:32:52 ----D---- C:\WINDOWS\system32
2008-11-26 15:32:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-26 15:29:21 ----D---- C:\WINDOWS\Temp
2008-11-26 15:28:11 ----A---- C:\WINDOWS\system32\log.txt
2008-11-26 15:28:05 ----A---- C:\gina_pre.txt
2008-11-26 15:04:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-26 11:35:58 ----A---- C:\WINDOWS\SMSCFG.ini
2008-11-26 11:34:33 ----D---- C:\WINDOWS
2008-11-26 11:26:50 ----HD---- C:\WINDOWS\inf
2008-11-26 11:26:50 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-26 11:26:43 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-26 11:09:14 ----A---- C:\WINDOWS\hpbafd.ini
2008-11-26 10:57:42 ----D---- C:\Program Files\Common Files
2008-11-26 10:55:33 ----SHD---- C:\WINDOWS\Installer
2008-11-26 10:55:29 ----D---- C:\Program Files\Java
2008-11-26 10:50:46 ----RD---- C:\Program Files
2008-11-26 10:50:46 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-26 10:50:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-26 10:50:39 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 10:48:57 ----D---- C:\Program Files\Common Files\Apple
2008-11-26 10:45:29 ----SD---- C:\WINDOWS\Tasks
2008-11-26 10:45:04 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-26 10:38:46 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-26 10:35:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-26 10:15:35 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-26 09:46:33 ----A---- C:\WINDOWS\setuplog.txt
2008-11-26 09:45:50 ----RSD---- C:\WINDOWS\Fonts
2008-11-26 09:45:50 ----D---- C:\WINDOWS\system32\wbem
2008-11-26 09:45:50 ----D---- C:\WINDOWS\system32\Setup
2008-11-26 09:45:50 ----D---- C:\WINDOWS\AppPatch
2008-11-26 09:42:03 ----D---- C:\WINDOWS\Help
2008-11-26 09:41:30 ----D---- C:\Program Files\Messenger
2008-11-26 09:41:09 ----D---- C:\WINDOWS\security
2008-11-26 09:40:53 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-26 09:38:28 ----D---- C:\WINDOWS\WinSxS
2008-11-26 09:38:14 ----D---- C:\WINDOWS\ime
2008-11-26 09:38:00 ----D---- C:\WINDOWS\system32\usmt
2008-11-26 09:38:00 ----D---- C:\WINDOWS\system32\en-us
2008-11-26 09:37:57 ----D---- C:\Program Files\Internet Explorer
2008-11-26 09:37:56 ----D---- C:\WINDOWS\PeerNet
2008-11-26 09:37:56 ----D---- C:\Program Files\Movie Maker
2008-11-26 09:34:32 ----D---- C:\WINDOWS\system32\Restore
2008-11-26 09:34:32 ----D---- C:\WINDOWS\system32\npp
2008-11-26 09:34:32 ----D---- C:\WINDOWS\mui
2008-11-26 09:34:30 ----D---- C:\WINDOWS\msagent
2008-11-26 09:34:29 ----D---- C:\WINDOWS\srchasst
2008-11-26 09:34:28 ----D---- C:\Program Files\NetMeeting
2008-11-26 09:34:26 ----D---- C:\WINDOWS\system32\Com
2008-11-26 09:34:23 ----D---- C:\Program Files\Windows Media Player
2008-11-26 09:34:23 ----D---- C:\Program Files\Outlook Express
2008-11-26 09:34:18 ----D---- C:\Program Files\Common Files\System
2008-11-26 09:33:57 ----D---- C:\WINDOWS\system32\oobe
2008-11-26 09:33:56 ----D---- C:\WINDOWS\system
2008-11-26 09:28:43 ----D---- C:\WINDOWS\ehome
2008-11-26 08:38:25 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-26 08:23:18 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-26 08:20:52 ----D---- C:\Documents and Settings
2008-11-26 08:11:37 ----RASH---- C:\boot.ini
2008-11-26 08:11:37 ----A---- C:\WINDOWS\win.ini
2008-11-26 08:11:37 ----A---- C:\WINDOWS\system.ini
2008-11-26 08:10:13 ----A---- C:\WINDOWS\cfgall.ini
2008-11-25 16:49:50 ----D---- C:\Program Files\NCH Swift Sound
2008-11-25 16:15:46 ----D---- C:\Program Files\Google
2008-11-25 16:15:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-25 14:23:36 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-24 22:48:21 ----D---- C:\Program Files\Windows NT
2008-11-22 21:40:52 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-21 08:54:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-19 21:03:32 ----D---- C:\Program Files\Cisco Systems
2008-11-14 15:41:28 ----D---- C:\Program Files\Trillian
2008-11-11 22:17:18 ----D---- C:\WINDOWS\Media
2008-11-08 00:57:07 ----D---- C:\Documents and Settings\shaevans\Application Data\LimeWire
2008-11-07 08:16:45 ----SHD---- C:\WINDOWS\CSC
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 06:54:14 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-30 20:21:19 ----SD---- C:\Documents and Settings\shaevans\Application Data\Microsoft
2008-10-30 14:59:10 ----D---- C:\Documents and Settings\shaevans\Application Data\Adobe
2008-10-30 14:59:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-10-24 14:20:44 ----D---- C:\Program Files\ADTRAN DSL Assistant
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-15 21:03:32 ----A---- C:\WINDOWS\system32\msvcp71.dll
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 09:53:15 ----A---- C:\WINDOWS\ODBC.INI
2008-10-01 11:23:47 ----SHD---- C:\System Volume Information
2008-09-09 20:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll
2008-09-04 12:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-01-23 39080]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2008-01-02 143834]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-10-09 72072]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2008-01-02 206464]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-19 21361]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-19 255896]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-10-16 989312]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-10-16 211200]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-16 5707744]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608]
R3 kbstuff;SMS Virtual Input Device; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2003-02-23 7744]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-10-16 731136]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-09-15 9336]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-09-15 9464]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2008-01-02 25898]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2008-01-02 30630]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-05-16 27136]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2003-02-23 2704]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-03 182576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 atchksrv;Intel® Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 183064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE [2004-01-07 249856]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-17 168432]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688]
R2 IFXSpMgtSrv;Security Platform Management Service; c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408]
R2 IFXTCS;Trusted Platform Core Service; c:\WINDOWS\system32\ifxtcs.exe [2007-01-23 849440]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984]
R2 LMS;Intel® Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 121624]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-10-09 906536]
R2 PersonalSecureDriveService;Personal Secure Drive service; c:\WINDOWS\system32\IfxPsdSv.exe [2007-02-15 140832]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2008-10-09 984360]
R2 UNS;Intel® Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 1489688]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 CCAAgentStub;CCA Agent Stub; C:\WINDOWS\system32\CCAAgentStub.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-05-13 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2002-02-04 53296]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-04-30 172131]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-10-09 652552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-11-26 15:33:14

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL12.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL13.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL14.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL3.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL4.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL5.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL6.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL7.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL8.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL9.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL4.isu"
-->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
-->MsiExec.exe /X{87079BC7-1A1E-4520-B5C3-9AF582FA26FD}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ADTRAN DSL Assistant-->"C:\Program Files\ADTRAN DSL Assistant\UninstallerData\Uninstall DSLAsstistant3.exe"
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
AutoCAD LT 2006 - English-->MsiExec.exe /I{5783F2D7-4009-0409-0002-0060B0CE6BBA}
Autodesk Design Review 2009 - SP1-->C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {450063AA-643B-417C-8CF5-405BA3F4EF40} /M ADR
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~2\Setup.exe /remove
BIOS Configuration for HP ProtectTools-->MsiExec.exe /X{C74D0FA0-1D49-464F-A707-B427EE3385C1}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
CA eTrust GINA Option for Password Reset/Unlock-->MsiExec.exe /I{E90140E7-3D75-478E-AB57-78F21B9DA200}
Cisco Clean Access Agent-->MsiExec.exe /X{04010300-6D72-4D54-8686-91D884A27B5C}
Cisco Systems VPN Client 5.0.01.0600-->MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}
Credential Manager for HP ProtectTools-->MsiExec.exe /X{C15F7F16-941E-414B-A676-40190CD621D5}
Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Embedded Security for HP ProtectTools-->MsiExec.exe /I{20A1D306-CE83-492A-8525-D6DF50B5944A}
FLEXR 7.81-->C:\WINDOWS\IsUninst.exe -fC:\FLEXR781\Uninst.isu
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB953761)-->"C:\WINDOWS\$NtUninstallKB953761$\spuninst\spuninst.exe"
HP 3D DriveGuard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{429E92A4-159F-4AEC-85A1-D693E1E4274D}\Setup.exe" -l0x9 UNINSTALL
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP ProtectTools Security Manager-->MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.40 B2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
IBM iSeries Access for Windows-->"C:\Program Files\IBM\Client Access\cwbinarp.exe"
Intel® Active Management Technology Device Software-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Java Card Security for HP ProtectTools-->MsiExec.exe /I{77130095-2039-424F-A633-4FAF0261258A}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Authorware Web Player-->C:\WINDOWS\system32\Macromed\AUTHORWA\UNWISE.EXE C:\WINDOWS\system32\Macromed\AUTHORWA\Install.log
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MetaASSIST View-->"C:\Program Files\Actelis Networks\MetaASSIST View\Uninstall_MetaASSIST View\Uninstall MetaASSIST View.exe"
MetaFrame Presentation Server Client-->MsiExec.exe /I{E92B7A19-5FD5-4AEE-9FEF-7AD5DD3A675E}
mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Access 2000 SR-1-->MsiExec.exe /I{00100409-78E1-11D2-B60F-006097C998E7}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Standard 2003-->MsiExec.exe /I{91530409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Streets and Trips 2005-->MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Mozilla Firefox (2.0)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NGS Qport Access - 5.10.19-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{29EA1C3E-2D8F-42FF-A5A9-CD3D45C2315E}
NGS Qport Access - 5.10.37-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DF45EF6C-9E13-4CBD-B393-9FDC306F8E18}
PrintKey2000-->C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RICOH R5C853 Driver Ver.1.00.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
ScrewDrivers Client v4-->MsiExec.exe /I{E8DDBFBC-6C65-4CEE-A4D7-CD6781E94BCC}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Serif PhotoPlus 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795\UIU32m.exe -U -IhpqZ3795.INF
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Trend Micro OfficeScan Client-->msiexec /x {ECEA7878-2100-4525-915D-B09174E36971}
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Verizon High Speed Internet-->"C:\WINDOWS\DSL\unins000.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Volo View Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
WebEx-->C:\WINDOWS\Downlo~1\atcliun.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Trend Micro OfficeScan Antivirus
AV: Trend Micro OfficeScan Antivirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Hewlett-Packard\IAM\bin;c:\Program Files\ActivIdentity\ActivClient\;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Autodesk Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, November 26, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, November 26, 2008 16:29:29
Records in database: 1419058

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
C:\
N:\
T:\

Scan statistics
Files scanned 65633
Threat name 3
Infected objects 4
Suspicious objects 0
Duration of the scan 01:18:00

File name Threat name Threats count
C:\Program Files\Trend Micro\OfficeScan Client\Suspect\Roger Clyne and the Peacemakers - Winter in your Heart.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1

C:\Program Files\Trend Micro\OfficeScan Client\Suspect\wpv341227228046.cpx Infected: Trojan-Downloader.Win32.Agent.akwa 1

C:\Program Files\Trend Micro\OfficeScan Client\Suspect\wpv581227228222.cpx Infected: Trojan-Downloader.Win32.Agent.akwa 1

C:\WINDOWS\system32\installq.exe Infected: Trojan-Downloader.Win32.Obfuscated.blz 1

The selected area was scanned.

--------------------------------

PLEASE PLEASE... Its been over 5 days...

Attached File(s)

kapersky_11_26_2008.html (3.55K)
Number of downloads: 6

This post has been edited by Shawn_Evans: 26 November 2008 - 07:21 PM

#3 Billy O'Neal

Bleepin Engineer

Group: Malware Response Instructor
Posts: 10,079
Joined: 17-January 08
Gender:Male
Location:Cleveland, Ohio

Posted 26 November 2008 - 10:28 PM

Hello, Shawn_Evans
:thumbsup:

to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:

In the meantime, please refrain from making any changes to your computer.
Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Finally, please reply using the button in the lower left hand corner of your screen.

We need to run a Scan with DDS

Please download DDS, and save it to your desktop, from one of the following mirrors:
- This is a mirror
- This is another mirror
Disable any type of "Script Blockers" or "Script Protection" installed on your system.
Double click on your desktop.
If prompted by any script blocking tools, please allow any actions taken by DDS.
When prompted to preform an Optional Scan, please select
Two reports will open. Please reply with the generated reports:
- DDS.txt <-- Copy and paste into your next post
- Attach.txt <-- Attach to your next post

We need to scan for rootkits with GMER

Please download gmer.zip and save to your desktop.
- alternate download site 1
- alternate download site 2
Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.)
When you have done this, disconnect from the Internet and close all running programs.
Note: There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on "Settings", then check the first five settings:
- System Protection and Tracing
- Processes
- Save created processes to the log
- Drivers
- Save loaded drivers to the log
You will be prompted to restart your computer. Please do so.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Important! Please do not select the "Show all" checkbox during the scan.
Click on the "Scan" and wait for the scan to finish.
- Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in Safe Mode

In your next reply, please include the following:
DDS.txt
Attach.txt
GMER's Log

Billy3

Look buddy, I'm an Engineer, and that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy....
Twitter: @MalwareMinigun Blog: WinWrench
Students get free software through Microsoft DreamSpark
Students compete to solve world problems in the Microsoft Imagine Cup

#4 Shawn_Evans

Member

Group: Members
Posts: 24
Joined: 11-July 08

Posted 27 November 2008 - 01:00 AM

DDS.txt

DDS (Version 1.0) - NTFSx86
Run by ShaEvans at 0:42:11.43 on Thu 11/27/2008
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1375 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\WINDOWS\system32\ifxspmgt.exe
c:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\JRE1D8.EXE
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\shaevans\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://home.fcinternal.net/fc/default.asp?ID=2
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://nfuse.czncorp.com/Citrix/MetaFrame/auth/login.aspx
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon
mRun: [<NO NAME>]
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe"
mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN
mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe"
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\Pccntmon.exe" -HideWindow
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
uPolicies-system: Wallpaper =
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - /3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: ackpbsc - c:\windows\system32\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: DeviceNP - DeviceNP.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll lmhfhs.dll hubsls.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ,

============= SERVICES / DRIVERS ===============

R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080]
R2 accoca;ActivClient Middleware Service;"c:\program files\actividentity\activclient\accoca.exe" [2007-5-3 182576]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336]
R2 atchksrv;Intel® Active Management Technology System Status Service;c:\program files\intel\amt\atchksrv.exe [2007-12-19 183064]
R2 LMS;Intel® Active Management Technology Local Management Service;c:\program files\intel\amt\LMS.exe [2007-12-19 121624]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-12-19 1489688]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-11-2 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\IFXTPM.SYS [2007-1-23 36608]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2006-8-16 47616]
S2 CCAAgentStub;CCA Agent Stub;"c:\windows\system32\CCAAgentStub.exe" []
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-4-23 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-4-30 172131]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2006-8-16 47616]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2008-11-26 21:13 <DIR> --d----- C:\VundoFix Backups
2008-11-26 11:56 5,174 a------- C:\Internetshortcut.reg
2008-11-26 10:55 410,976 a------- c:\windows\system32\deploytk.dll
2008-11-26 10:34 138,752 ac------ c:\windows\system32\dllcache\sndvol32.exe
2008-11-26 10:34 138,752 a------- c:\windows\system32\sndvol32.exe
2008-11-26 10:14 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-11-26 10:14 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-26 09:50 126,976 -c------ c:\windows\system32\dllcache\dhcpcsvc.dll
2008-11-26 09:46 <DIR> --d----- c:\program files\msn gaming zone
2008-11-26 09:37 <DIR> --d----- c:\windows\system32\scripting
2008-11-26 09:37 <DIR> --d----- c:\windows\system32\en
2008-11-26 09:37 <DIR> --d----- c:\windows\l2schemas
2008-11-26 09:37 <DIR> --d----- c:\windows\system32\bits
2008-11-26 09:34 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-26 09:31 19,569 a------- c:\windows\003302_.tmp
2008-11-26 09:12 331,805,736 a------- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-11-26 09:00 <DIR> --d----- C:\hotfix
2008-11-26 08:14 65,584 a------- c:\windows\system32\SMSCfg.cpl
2008-11-25 15:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan
2008-11-25 10:01 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-11-25 09:57 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-11-22 15:47 885,141 a--sh--- c:\windows\system32\mSuuxyay.ini2
2008-11-22 15:47 885,141 a--sh--- c:\windows\system32\mSuuxyay.ini
2008-11-21 08:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-11-21 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-11-21 08:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-20 23:07 72,704 -------- c:\windows\system32\ltgnycfw.dll
2008-11-13 20:06 5,504 a------- c:\windows\system32\drivers\mstee.sys
2008-11-13 20:06 10,880 a------- c:\windows\system32\drivers\ndisip.sys
2008-11-13 20:06 16,384 a------- c:\windows\system32\ipsink.ax
2008-11-13 20:06 15,232 a------- c:\windows\system32\drivers\streamip.sys
2008-11-13 20:06 11,136 a------- c:\windows\system32\drivers\slip.sys
2008-11-13 20:06 19,200 a------- c:\windows\system32\drivers\wstcodec.sys
2008-11-13 20:06 85,248 a------- c:\windows\system32\drivers\nabtsfec.sys
2008-11-13 20:06 17,024 a------- c:\windows\system32\drivers\ccdecode.sys
2008-11-13 20:05 91,136 a------- c:\windows\system32\kswdmcap.ax
2008-11-13 20:05 61,952 a------- c:\windows\system32\kstvtune.ax
2008-11-13 20:05 53,760 a------- c:\windows\system32\vfwwdm32.dll
2008-11-13 20:05 51,200 a------- c:\windows\system32\drivers\msdv.sys
2008-11-13 20:05 43,008 a------- c:\windows\system32\ksxbar.ax
2008-11-13 20:05 28,672 a------- c:\windows\system32\vidcap.ax
2008-11-13 20:05 38,912 a------- c:\windows\system32\drivers\avc.sys
2008-11-13 20:05 48,128 a------- c:\windows\system32\drivers\61883.sys
2008-11-12 23:22 142,096 a------- c:\windows\system32\drivers\tmcomm.sys
2008-11-12 11:53 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-11-12 11:53 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-11-12 11:53 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-11-12 11:53 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-11-12 11:53 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-12 11:53 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-11-12 11:53 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-11-12 11:53 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-12 11:53 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-11-12 08:45 420 a------- c:\windows\cdplayer.ini
2008-11-11 22:36 <DIR> --d----- c:\windows\pss
2008-11-11 21:59 856 a------- c:\windows\Active Setup Log.BAK
2008-11-09 21:12 <DIR> --d----- c:\windows\RegisteredPackages
2008-11-08 10:57 1,172 a------- c:\windows\mozver.dat
2008-11-02 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-11-02 18:44 <DIR> --d----- c:\program files\Viewpoint
2008-11-02 18:44 <DIR> --d----- c:\program files\common files\AOL
2008-11-02 18:43 465 a---h--- C:\IPH.PH
2008-10-30 20:32 <DIR> --d----- c:\program files\Yahoo!
2008-10-30 20:32 <DIR> --d----- c:\program files\common files\Motive
2008-10-30 20:24 <DIR> --d----- c:\windows\DSL
2008-10-30 20:24 <DIR> --d----- c:\program files\common files\SupportSoft
2008-10-30 14:59 <DIR> --d----- c:\program files\Adobe Media Player
2008-10-28 10:57 <DIR> --d----- c:\program files\Bonjour

==================== Find3M ====================

2008-11-26 15:33 <DIR> --d----- c:\program files\Trend Micro
2008-11-26 10:49 <DIR> --d----- c:\program files\DivX
2008-11-26 09:41 <DIR> --d----- c:\program files\Messenger
2008-11-26 09:39 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-11-25 16:49 <DIR> --d----- c:\program files\NCH Swift Sound
2008-11-25 16:49 <DIR> --d----- c:\docume~1\shaevans\applic~1\NCH Swift Sound
2008-11-24 22:48 <DIR> --d----- c:\program files\Windows NT
2008-11-21 08:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-11-19 21:03 <DIR> --d----- c:\program files\Cisco Systems
2008-11-08 00:57 <DIR> --d----- c:\docume~1\shaevans\applic~1\LimeWire
2008-10-24 14:20 <DIR> --d----- c:\program files\ADTRAN DSL Assistant
2008-10-24 08:27 <DIR> --d----- c:\docume~1\shaevans\applic~1\webex
2008-10-15 21:03 <DIR> --d----- c:\program files\common files\xing shared
2008-10-15 21:03 <DIR> --d----- c:\program files\common files\Real
2008-10-15 21:03 499,712 a------- c:\windows\system32\msvcp71.dll
2008-10-15 21:03 <DIR> --d----- c:\program files\Real
2008-09-15 19:11 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll
2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll
2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll
2008-07-25 09:06 <DIR> --d----- c:\docume~1\shaevans\applic~1\Desktopicon
2008-07-11 12:16 <DIR> --d----- c:\docume~1\shaevans\applic~1\Malwarebytes
2008-07-11 12:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-06-13 09:47 <DIR> --d----- c:\docume~1\shaevans\applic~1\Amazon
2008-06-12 14:47 <DIR> --d----- c:\docume~1\shaevans\applic~1\Snapfish
2008-05-16 10:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Swift Sound
2008-05-16 10:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Software
2008-05-13 14:02 <DIR> --d----- c:\docume~1\shaevans\applic~1\Autodesk
2008-05-13 14:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Autodesk
2008-05-06 15:12 <DIR> --d----- c:\docume~1\shaevans\applic~1\MAPILab Ltd
2008-04-30 09:37 <DIR> --d----- c:\docume~1\shaevans\applic~1\ICAClient
2008-04-29 10:24 <DIR> --d----- c:\docume~1\shaevans\applic~1\Downloaded Installations
2008-01-02 11:29 <DIR> --d----- c:\docume~1\shaevans\applic~1\CiscoCAA
2007-12-19 11:04 <DIR> --d----- c:\docume~1\shaevans\applic~1\Infineon
2007-12-19 11:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Infineon
2007-12-19 11:03 <DIR> --d----- c:\docume~1\shaevans\applic~1\hpqLog
2007-12-19 09:30 <DIR> --d----- c:\docume~1\shaevans\applic~1\Intel
2007-12-19 09:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel
2007-12-18 16:54 <DIR> --d----- c:\docume~1\shaevans\applic~1\OfficeUpdate12

============= FINISH: 0:42:19.43 ===============

attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/21/2008 9:39:09 AM
System Uptime: 11/26/2008 8:56:01 PM (4 hours ago)

Motherboard: Hewlett-Packard | | 30BE
Processor: Intel® Core™2 Duo CPU T7700 @ 2.40GHz | U10 | 2393/200mhz
BIOS: KBC Version 68.35 | HP - 20020820 | 68MCU Ver. F.13 | 2/19/2008 7:00:00 PM

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 45.327 GiB free.
D: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMMATbleepA_UJDA775_DVD/CDRW_______________1.00____\5&280A00E3&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: MATbleepA UJDA775 DVD/CDRW
PNP Device ID: IDE\CDROMMATbleepA_UJDA775_DVD/CDRW_______________1.00____\5&280A00E3&0&0.0.0
Service: cdrom

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

ActivClient 6.1 x86
Adobe AIR
Adobe Flash Player ActiveX
Adobe Media Player
Adobe Reader 7.0.9
Adobe Shockwave Player
ADTRAN DSL Assistant
Amazon MP3 Downloader 1.0.3
AnswerWorks Runtime
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
AutoCAD LT 2006 - English
Autodesk Design Review 2009
Autodesk Design Review 2009 - SP1
Autodesk DWF Viewer
BIOS Configuration for HP ProtectTools
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CA eTrust GINA Option for Password Reset/Unlock
Cisco Clean Access Agent
Cisco Systems VPN Client 5.0.01.0600
Credential Manager for HP ProtectTools
Device Access Manager for HP ProtectTools
Easy CD Creator 5 Basic
Embedded Security for HP ProtectTools
FLEXR 7.81
Google Earth
Google Updater
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953761)
HP 3D DriveGuard
HP Integrated Module with Bluetooth wireless technology
HP ProtectTools Security Manager
HP Quick Launch Buttons 6.40 B2
HP Wireless Assistant
IBM iSeries Access for Windows
Intel® Active Management Technology Device Software
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
Intel® PROSet/Wireless Software
InterVideo Register Manager
InterVideo WinDVD
Java Card Security for HP ProtectTools
Java™ 6 Update 10
Java™ 6 Update 5
Java™ 6 Update 7
Macromedia Authorware Web Player
Macromedia Flash Player 8
Malwarebytes' Anti-Malware
mCore
mDrWiFi
MetaASSIST View
MetaFrame Presentation Server Client
mHelp
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Access 2000 SR-1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Standard
Microsoft Office Standard Edition 2003
Microsoft Office Visio Standard 2003
Microsoft Silverlight
Microsoft Streets and Trips 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mLogView
mMHouse
MobileMe Control Panel
Mozilla Firefox (2.0)
Mozilla Thunderbird (2.0.0.18)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSXML 6.0 Parser (KB933579)
mWlsSafe
mZConfig
NGS Qport Access
NGS Qport Access - 5.10.19
NGS Qport Access - 5.10.37
PrintKey2000
RealPlayer
RICOH R5C853 Driver Ver.1.00.02
ScrewDrivers Client v4
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Serif PhotoPlus 6.0
Soft Data Fax Modem with SmartCP
SoundMAX
Synaptics Pointing Device Driver
Trend Micro OfficeScan Client
Trillian
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Verizon High Speed Internet
Viewpoint Media Player
Volo View Express
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Install Manager

==== Event Viewer Messages ===================

11/20/2008 12:42:02 PM, error: Kerberos [4] - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/nyjthaswnfs01.corp.pvt. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (CORP.PVT), and the client realm. Please contact your system administrator.
11/20/2008 9:13:22 AM, error: Service Control Manager [7000] - The CCA Agent Stub service failed to start due to the following error: The system cannot find the file specified.
11/20/2008 6:42:30 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CORP due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
11/20/2008 6:45:20 PM, error: Dhcp [1002] - The IP address lease 192.168.1.42 for the Network Card with network address 0013E8F33FDD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/21/2008 8:07:28 AM, error: Dhcp [1002] - The IP address lease 10.32.26.130 for the Network Card with network address 001B389389E4 has been denied by the DHCP server 10.27.84.72 (The DHCP Server sent a DHCPNACK message).
11/22/2008 4:41:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/22/2008 4:42:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp Fips intelppm tmtdi
11/24/2008 8:37:11 AM, error: Dhcp [1002] - The IP address lease 10.34.37.80 for the Network Card with network address 001B389389E4 has been denied by the DHCP server 10.32.1.49 (The DHCP Server sent a DHCPNACK message).
11/24/2008 10:04:45 AM, error: Kerberos [4] - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/nyrofcs03fs03.corp.pvt. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (CORP.PVT), and the client realm. Please contact your system administrator.
11/24/2008 10:44:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/25/2008 4:32:28 PM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\nyjthrs2kdc01.corp.pvt for the domain CORP is not responsive. The current RPC call from Netlogon on \\NYMTJSLXP041364 to \\nyjthrs2kdc01.corp.pvt has been cancelled.
11/25/2008 4:46:24 PM, error: Service Control Manager [7031] - The Google Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.
11/26/2008 10:59:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook
11/26/2008 11:03:12 AM, error: Print [22] - Failed to ugrade printer settings for printer \\nymt00s2kfp01\NYMTJSP24607,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PS5UI.DLL error 5.
11/24/2008 9:16:13 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\cacls.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2195.2104, the version of the system file is 5.1.2600.0.

==== End Of File ===========================

GMER

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-27 00:54:56
Windows 5.1.2600 Service Pack 3

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

---- EOF - GMER 1.0.14 ----

Thanks for all the help, regardless of outcome. A Donation is coming BC's way.

Shawn

#5 Billy O'Neal

Bleepin Engineer

Group: Malware Response Instructor
Posts: 10,079
Joined: 17-January 08
Gender:Male
Location:Cleveland, Ohio

Posted 27 November 2008 - 12:33 PM

Hello, Shawn_Evans
I don't see malware in there. Are you still having problems?

Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here:
http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player.

We need to uninstall one or more programs
Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present):
Java™ 6 Update 5
Java™ 6 Update 7

Download FileFind.zip and unzip to your desktop.

Double-click FindFile.exe
In the box labeled "Enter the directory to search" enter the Drive: C:\
In the box labeled "Enter the File to Search" hubsls.dll to search for the file(s).
Click "Find" to begin the search.
When the search is done, it will list the total number of files found.
Double-click on "Export"
This will create and save a text file named export.txt in the root of your C:\ directory.
Locate export.txt and copy/paste its contents in your next post.

I would like us to use ESET (NOD32)'s Online Scanner

Please go to ESET OnlineScan (NOD32)
You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
Now click Start
Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
Click Start
- Note: (the Onlinescanner will now prepare itself for running on your pc)
To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
Press Scan
The Onlinescan will now start and scan your pc (this could take a while)
When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
The Scanresults will now open in Notepad
Click into the text area, right-click and chose "select all" (or use <Control>+A)
Right-click again and chose "Copy" (or <Control>+C)
Close/Exit Notepad
Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.

Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

In your next reply, please include the following:
FileFind log
ESET OnlineScan's Log

Billy3

#6 Shawn_Evans

Member

Group: Members
Posts: 24
Joined: 11-July 08

Posted 28 November 2008 - 12:10 AM

Alright, I am not sure if my browser is hijacked or just plain eff'd up then. I was browsing espn, clicked on a link and 65 browsers popped up. Blank, nothing on them. After I rcvd a msg something like, "windows does not have the appropriate permissions to view this link". Here are my two scans. And then I just got another, an attempt was made to retrieve a token that does not exist. ????? I am posting my scans tomorrow as I need to get some sleep. To effing tired right now.

#7 Billy O'Neal

Bleepin Engineer

Group: Malware Response Instructor
Posts: 10,079
Joined: 17-January 08
Gender:Male
Location:Cleveland, Ohio

Posted 28 November 2008 - 01:13 AM

Alright... Please run the ESET scan after removing those outdated javas and we'll go from there :thumbsup:

Billy3

#8 Shawn_Evans

Member

Group: Members
Posts: 24
Joined: 11-July 08

Posted 28 November 2008 - 10:42 AM

Here we go.. ESET picked up nothing..

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3647 (20081127)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=91d53b63e878a649a6ca71177a342735
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-28 05:33:24
# local_time=2008-11-28 12:33:24 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=455792
# found=0
# scan_time=2867

-------------------------------------------------------------------------------------

Filefind found no instances of that .dll file.

-------------------------------------------------------------------------------------

Now, just some more background.

1. Couple of day ago, I did have a Antivirus 2009 pop up. Only 2 pop ups. That was it.

2. My browser is completely F**KED. Not completly, that is being a little melodramatic. But it is off. I need to have an open window in order to open a favorite of folder/desktop shortcut. I HAVE to open up all URL's in a seperate window. If I don't have that setting checked, it locks explorer. I updated my service pack to 3 and I recently removed IE7 or tried to. I am going to run another Kaspersky scan and post results. This has me miffed.

And thanks for your help, especially around the holidays.

Shawn

****UPDATE****

Ran Kaspersky online scanner.. Found multiple threats... Posting logs from past 3 scans.

Attached File(s)

kapersky_11_21_2008.html (3.47K)
Number of downloads: 23
kapersky_11_26_2008.html (3.55K)
Number of downloads: 21
kapersky_11_29_2008.html (3.7K)
Number of downloads: 27

This post has been edited by Shawn_Evans: 28 November 2008 - 11:33 AM

#9 Billy O'Neal

Bleepin Engineer

Group: Malware Response Instructor
Posts: 10,079
Joined: 17-January 08
Gender:Male
Location:Cleveland, Ohio

Posted 28 November 2008 - 12:08 PM

Hello, Shawn_Evans
The files detected by kaspersky were already taken care of by TrendMicro on your machine.

Except this one:
C:\WINDOWS\system32\installq.exe

Please do this to get rid of that

I'm not sure what's causing your other problems with Internet Exploder. Please let me know if DialAFix helps.

If you saw an A-V 2009 popup it may have simply been generated by the website you are on. Popups aren't usually an indicator of malware unless they are generated when you aren't even browsing the internet.

We need to execute an OTMoveIt3 script

Please download OTMoveIt3 by OldTimer and save it to your desktop.
Double click the icon on your desktop.
Paste the following code under the area. Do not include the word "Code".
```
:files
C:\WINDOWS\system32\installq.exe
```
Push the large button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

We need to repair some of windows' internal registration settings

Please download Dial-A-Fix from one of the following mirrors:
- Primary Mirror
- Secondary Mirror
Extract the zip file to your desktop.
Double click Dial-a-Fix.exe to start the program.
Press the green double checkmark box (Looks like this: )
UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
When the window looks like this, press the GO button in the bottom of the window.
Exit/Close Dial-A-Fix

In your next reply, please include the following:
OTMoveIt3's Log
A New HiJack This log

Billy3

#10 Shawn_Evans

Member

Group: Members
Posts: 24
Joined: 11-July 08

Posted 28 November 2008 - 12:55 PM

Ok, here we go....

OTM results...

========== FILES ==========
C:\WINDOWS\system32\installq.exe moved successfully.

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11282008_124217

------------------------------------
New RTIS Log.

Logfile of random's system information tool 1.04 (written by random/random)
Run by shaevans at 2008-11-28 12:48:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (61%) free of 76 GB
Total RAM: 2039 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:21 PM, on 11/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\WINDOWS\system32\ifxspmgt.exe
c:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\TEMP\SCAFC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\hkcmd.exe
C:\kix\UTLite33.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\MS\SMS\CORE\BIN\Launch32.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\shaevans\My Documents\RSIT.exe
C:\Program Files\trend micro\shaevans.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fcinternal.net/fc/default.asp?ID=2
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nfuse.czncorp.com/Citrix/MetaFrame/auth/login.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res:///3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198010915734
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227705794549
O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sapience360.webex.com/client/T26L/webex/ieatgpc.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.pvt
O17 - HKLM\Software\..\Telephony: DomainName = corp.pvt
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.pvt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.pvt
O20 - AppInit_DLLs: APSHook.dll lmhfhs.dll hubsls.dll
O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O20 - Winlogon Notify: yayyVopP - C:\WINDOWS\
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CCA Agent Stub (CCAAgentStub) - Unknown owner - C:\WINDOWS\system32\CCAAgentStub.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 14792 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-17 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-05-01 404248]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]
"IFXSPMGT"=c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408]
""= []
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-03 293168]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-01-02 40960]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-18 138008]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-18 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-18 138008]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456]
"Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-05-07 20530]
"Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-05-07 24626]
"Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-05-07 45056]
"Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-05-07 20530]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe [2008-10-09 709928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-15 185872]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-03-19 439736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-30 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll lmhfhs.dll hubsls.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-05-03 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-03 281088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-04-30 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-05-13 85504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyVopP]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"=

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=Legal Notice
"legalnoticetext"=This computer system and the data contained herein are property of Frontier Communications. Any unauthorized access and/or use of the data will be investigated and prosecuted to the full extent of the law. This system is to be used for business purposes. All information stored or processed is property of Frontier Communications and is subject to inspection.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe"
"C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe"="C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe:*:Enabled:Citrix Secure Access Agent"
"C:\Program Files\NET6\net6vpn.exe"="C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent"
"C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Citrix\ICA Client\wfica32.exe"="C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\SMSADMIN\bin\i386\statview.exe"="C:\SMSADMIN\bin\i386\statview.exe:*:Enabled:SMS 2.0 Utility - Status Message Viewer"
"C:\SMSADMIN\bin\i386\SETUP.EXE"="C:\SMSADMIN\bin\i386\SETUP.EXE:*:Enabled:SMS Setup"
"C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp.exe"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\VoissAssistant.exe"="C:\WINDOWS\system32\VoissAssistant.exe:*:Enabled:VoissAssistant"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"C:\Program Files\NET6\net6vpn.exe"="C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent"
"C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw"
"C:\Program Files\Viryanet\MicroServer\VCM.exe"="C:\Program Files\Viryanet\MicroServer\VCM.exe:*:Enabled:VCM"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Citrix\ICA Client\wfica32.exe"="C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bd5546-adaa-11dc-bbbe-b02c9a8bec2e}]
shell\AutoRun\command - E:\setup.exe

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2008-11-28 12:42:17 ----D---- C:\_OTMoveIt
2008-11-28 10:37:33 ----A---- C:\Export.txt
2008-11-27 23:41:45 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-27 00:43:10 ----A---- C:\WINDOWS\gmer.ini
2008-11-27 00:43:08 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-11-27 00:43:08 ----A---- C:\WINDOWS\gmer.exe
2008-11-27 00:43:08 ----A---- C:\WINDOWS\gmer.dll
2008-11-26 21:13:01 ----D---- C:\VundoFix Backups
2008-11-26 21:13:01 ----A---- C:\VundoFix.txt
2008-11-26 15:32:55 ----D---- C:\rsit
2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\java.exe
2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-26 10:48:51 ----SHD---- C:\Config.Msi
2008-11-26 10:34:26 ----A---- C:\WINDOWS\system32\sndvol32.exe
2008-11-26 10:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-26 10:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-26 10:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-11-26 10:14:42 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-11-26 09:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953761$
2008-11-26 09:46:36 ----D---- C:\Program Files\msn gaming zone
2008-11-26 09:46:27 ----D---- C:\WINDOWS\Prefetch
2008-11-26 09:43:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-26 09:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-26 09:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-26 09:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-26 09:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-26 09:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-26 09:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-26 09:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-11-26 09:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-11-26 09:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-11-26 09:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-11-26 09:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-11-26 09:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$
2008-11-26 09:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-11-26 09:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-11-26 09:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-26 09:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-11-26 09:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$
2008-11-26 09:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-26 09:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-11-26 09:38:22 ----A---- C:\WINDOWS\system32\msxml6r.dll
2008-11-26 09:38:15 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-11-26 09:38:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-11-26 09:38:11 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\azroles.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\credssp.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mssha.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-11-26 09:38:04 ----N---- C:\WINDOWS\system32\napstat.exe
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qutil.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qagent.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\onex.dll
2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slserv.exe
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slgen.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\setupn.exe
2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-11-26 09:38:00 ----N---- C:\WINDOWS\slrundll.exe
2008-11-26 09:37:59 ----D---- C:\WINDOWS\system32\scripting
2008-11-26 09:37:57 ----D---- C:\WINDOWS\system32\en
2008-11-26 09:37:57 ----D---- C:\WINDOWS\l2schemas
2008-11-26 09:37:56 ----D---- C:\WINDOWS\system32\bits
2008-11-26 09:34:44 ----D---- C:\WINDOWS\ServicePackFiles
2008-11-26 09:32:13 ----D---- C:\WINDOWS\network diagnostic
2008-11-26 09:31:23 ----A---- C:\WINDOWS\003302_.tmp
2008-11-26 09:28:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-11-26 09:12:01 ----A---- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
2008-11-26 09:00:49 ----D---- C:\hotfix
2008-11-25 15:45:08 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-11-25 10:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-11-25 10:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-11-25 09:57:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-11-22 15:47:28 ----ASH---- C:\WINDOWS\system32\mSuuxyay.ini2
2008-11-22 15:47:27 ----ASH---- C:\WINDOWS\system32\mSuuxyay.ini
2008-11-21 08:57:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-11-21 08:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-20 23:07:52 ----N---- C:\WINDOWS\system32\ltgnycfw.dll
2008-11-20 23:07:12 ----A---- C:\WINDOWS\system32\f30f2094-.txt
2008-11-13 20:05:58 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-11-12 13:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$
2008-11-12 13:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2008-11-12 11:53:30 ----D---- C:\WINDOWS\ie7updates
2008-11-12 08:45:28 ----A---- C:\WINDOWS\cdplayer.ini
2008-11-11 22:36:50 ----D---- C:\WINDOWS\pss
2008-11-11 22:17:27 ----D---- C:\WINDOWS\WBEM
2008-11-11 22:15:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-11-11 22:15:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-11-11 22:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-11-11 22:14:58 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-11-11 21:59:14 ----A---- C:\WINDOWS\Active Setup Log.txt
2008-11-11 21:59:14 ----A---- C:\WINDOWS\Active Setup Log.BAK
2008-11-09 21:12:47 ----D---- C:\WINDOWS\RegisteredPackages
2008-11-05 12:17:52 ----D---- C:\Documents and Settings\shaevans\Application Data\Thunderbird
2008-11-05 12:17:46 ----D---- C:\Program Files\Mozilla Thunderbird
2008-11-02 18:44:26 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-11-02 18:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-11-02 18:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-11-02 18:44:01 ----D---- C:\Program Files\Common Files\AOL
2008-10-30 20:52:30 ----D---- C:\Documents and Settings\shaevans\Application Data\Motive
2008-10-30 20:32:40 ----D---- C:\Program Files\Yahoo!
2008-10-30 20:32:18 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2008-10-30 20:32:08 ----D---- C:\Program Files\Common Files\Motive
2008-10-30 20:24:28 ----D---- C:\WINDOWS\DSL
2008-10-30 20:24:28 ----D---- C:\Program Files\Common Files\SupportSoft
2008-10-30 14:59:07 ----D---- C:\Program Files\Adobe Media Player
2008-10-30 14:59:03 ----D---- C:\Program Files\Common Files\Adobe AIR

======List of files/folders modified in the last 1 months======

2008-11-28 12:48:15 ----D---- C:\Program Files\Trend Micro
2008-11-28 12:47:52 ----D---- C:\WINDOWS\system32
2008-11-28 12:47:52 ----D---- C:\Program Files\DivX
2008-11-28 10:53:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-28 10:51:47 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-28 10:31:06 ----D---- C:\WINDOWS\security
2008-11-28 10:26:19 ----A---- C:\WINDOWS\cfgall.ini
2008-11-28 10:25:57 ----D---- C:\WINDOWS\Temp
2008-11-28 10:25:57 ----A---- C:\WINDOWS\SMSCFG.ini
2008-11-28 10:24:08 ----A---- C:\WINDOWS\system32\log.txt
2008-11-28 10:24:03 ----A---- C:\gina_pre.txt
2008-11-28 00:35:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-27 23:41:45 ----RD---- C:\Program Files
2008-11-27 23:41:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-27 20:53:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-11-27 00:43:10 ----D---- C:\WINDOWS
2008-11-27 00:43:08 ----D---- C:\WINDOWS\system32\drivers
2008-11-26 19:38:01 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-26 11:26:50 ----HD---- C:\WINDOWS\inf
2008-11-26 11:26:50 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-26 11:09:14 ----A---- C:\WINDOWS\hpbafd.ini
2008-11-26 10:57:42 ----D---- C:\Program Files\Common Files
2008-11-26 10:55:33 ----SHD---- C:\WINDOWS\Installer
2008-11-26 10:55:29 ----D---- C:\Program Files\Java
2008-11-26 10:50:46 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-11-26 10:50:39 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-26 10:48:57 ----D---- C:\Program Files\Common Files\Apple
2008-11-26 10:45:29 ----SD---- C:\WINDOWS\Tasks
2008-11-26 10:38:46 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-26 10:35:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-26 10:15:35 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-26 09:46:33 ----A---- C:\WINDOWS\setuplog.txt
2008-11-26 09:45:50 ----RSD---- C:\WINDOWS\Fonts
2008-11-26 09:45:50 ----D---- C:\WINDOWS\system32\wbem
2008-11-26 09:45:50 ----D---- C:\WINDOWS\system32\Setup
2008-11-26 09:45:50 ----D---- C:\WINDOWS\AppPatch
2008-11-26 09:42:03 ----D---- C:\WINDOWS\Help
2008-11-26 09:41:30 ----D---- C:\Program Files\Messenger
2008-11-26 09:40:53 ----D---- C:\WINDOWS\system32\inetsrv
2008-11-26 09:38:28 ----D---- C:\WINDOWS\WinSxS
2008-11-26 09:38:14 ----D---- C:\WINDOWS\ime
2008-11-26 09:38:00 ----D---- C:\WINDOWS\system32\usmt
2008-11-26 09:38:00 ----D---- C:\WINDOWS\system32\en-us
2008-11-26 09:37:57 ----D---- C:\Program Files\Internet Explorer
2008-11-26 09:37:56 ----D---- C:\WINDOWS\PeerNet
2008-11-26 09:37:56 ----D---- C:\Program Files\Movie Maker
2008-11-26 09:34:32 ----D---- C:\WINDOWS\system32\Restore
2008-11-26 09:34:32 ----D---- C:\WINDOWS\system32\npp
2008-11-26 09:34:32 ----D---- C:\WINDOWS\mui
2008-11-26 09:34:30 ----D---- C:\WINDOWS\msagent
2008-11-26 09:34:29 ----D---- C:\WINDOWS\srchasst
2008-11-26 09:34:28 ----D---- C:\Program Files\NetMeeting
2008-11-26 09:34:26 ----D---- C:\WINDOWS\system32\Com
2008-11-26 09:34:23 ----D---- C:\Program Files\Windows Media Player
2008-11-26 09:34:23 ----D---- C:\Program Files\Outlook Express
2008-11-26 09:34:18 ----D---- C:\Program Files\Common Files\System
2008-11-26 09:33:57 ----D---- C:\WINDOWS\system32\oobe
2008-11-26 09:33:56 ----D---- C:\WINDOWS\system
2008-11-26 09:28:43 ----D---- C:\WINDOWS\ehome
2008-11-26 08:38:25 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-26 08:23:18 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-26 08:20:52 ----D---- C:\Documents and Settings
2008-11-26 08:11:37 ----RASH---- C:\boot.ini
2008-11-26 08:11:37 ----N---- C:\WINDOWS\system.ini
2008-11-26 08:11:37 ----A---- C:\WINDOWS\win.ini
2008-11-25 16:49:50 ----D---- C:\Program Files\NCH Swift Sound
2008-11-25 16:49:50 ----D---- C:\Documents and Settings\shaevans\Application Data\NCH Swift Sound
2008-11-25 16:15:46 ----D---- C:\Program Files\Google
2008-11-25 16:15:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-11-24 22:48:21 ----D---- C:\Program Files\Windows NT
2008-11-21 08:54:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-19 21:03:32 ----D---- C:\Program Files\Cisco Systems
2008-11-14 15:41:28 ----D---- C:\Program Files\Trillian
2008-11-13 22:46:25 ----D---- C:\Program Files\Mozilla Firefox
2008-11-11 22:17:18 ----D---- C:\WINDOWS\Media
2008-11-08 00:57:07 ----D---- C:\Documents and Settings\shaevans\Application Data\LimeWire
2008-11-07 08:16:45 ----SHD---- C:\WINDOWS\CSC
2008-11-05 12:17:53 ----D---- C:\Documents and Settings\shaevans\Application Data\Mozilla
2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
2008-11-02 06:54:14 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-30 20:21:19 ----SD---- C:\Documents and Settings\shaevans\Application Data\Microsoft
2008-10-30 14:59:10 ----D---- C:\Documents and Settings\shaevans\Application Data\Adobe
2008-10-30 14:59:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-01-23 39080]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2008-01-02 143834]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-10-09 72072]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2008-01-02 206464]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-19 21361]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-19 255896]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-10-16 989312]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-10-16 211200]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-16 5707744]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608]
R3 kbstuff;SMS Virtual Input Device; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2003-02-23 7744]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-10-16 731136]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-09-15 9336]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-09-15 9464]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008]
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2008-01-02 25898]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys []
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-27 85969]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2008-01-02 30630]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-05-16 27136]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2003-02-23 2704]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-03 182576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 atchksrv;Intel® Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 183064]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE [2004-01-07 249856]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-17 168432]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688]
R2 IFXSpMgtSrv;Security Platform Management Service; c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408]
R2 IFXTCS;Trusted Platform Core Service; c:\WINDOWS\system32\ifxtcs.exe [2007-01-23 849440]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984]
R2 LMS;Intel® Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 121624]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-10-09 906536]
R2 PersonalSecureDriveService;Personal Secure Drive service; c:\WINDOWS\system32\IfxPsdSv.exe [2007-02-15 140832]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2008-10-09 984360]
R2 UNS;Intel® Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 1489688]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 CCAAgentStub;CCA Agent Stub; C:\WINDOWS\system32\CCAAgentStub.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-05-13 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2002-02-04 53296]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-04-30 172131]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-10-09 652552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

With regards to the Dial A Fix. I recvd an additional dialog box. Not sure what it meant so I am posting it now before proceeding. I have attached it.

Attached File(s)

restrictions.gif (14.82K)
Number of downloads: 16

#11 Shawn_Evans

Member

Group: Members
Posts: 24
Joined: 11-July 08

Posted 28 November 2008 - 01:22 PM

Bill,

Someone has brought to my attention that the following files may be part of my problem as well.

Quote

C:\WINDOWS\system32\mSuuxyay.ini2
C:\WINDOWS\system32\mSuuxyay.ini
C:\WINDOWS\system32\ltgnycfw.dll
C:\WINDOWS\system32\f30f2094-.txt

Any idea's...

Shawn

#12 Billy O'Neal

Bleepin Engineer

Group: Malware Response Instructor
Posts: 10,079
Joined: 17-January 08
Gender:Male
Location:Cleveland, Ohio

Posted 28 November 2008 - 08:41 PM

I don't think those are good, but they are not starting themselves and are not part of the current problem. However, malware is not causing your current issues.

You should be able to manually delete them without problems.

However, that's not causing your issues.

If you'd like, we can try resetting your browser to factory defaults. However if I do that, it will possibly lose some amount of personalization of the browser. Would you like me to do that?

Billy3

#13 Shawn_Evans

Member

Group: Members
Posts: 24
Joined: 11-July 08

Posted 29 November 2008 - 08:00 AM

I have not personalized my browser at all so that would not be a problem. And I would love to clean up the system a little . Very slow on start up.

And it would be alright if I removed those files with combo fix or something..?? And what was with that Dial A Fix Dialog box I rcvd regarding those reg keys.

-Shawn

This post has been edited by Shawn_Evans: 29 November 2008 - 08:03 AM

#14 Billy O'Neal

Bleepin Engineer

Group: Malware Response Instructor
Posts: 10,079
Joined: 17-January 08
Gender:Male
Location:Cleveland, Ohio

Posted 29 November 2008 - 07:51 PM

Hello, Shawn_Evans
Sure... this will get rid of those for you. Using CF here would be like killing a mouse with an elephant gun.

To reset the browser:

Go to Start -> Control Panel -> Internet Options (You may have to select classic view first)
Click the Advanced tab.
Push the Reset... button.
Follow the onscreen instructions.

We need to execute an OTMoveIt3 script

Please download OTMoveIt3 by OldTimer and save it to your desktop.
Double click the icon on your desktop.

Paste the following code under the Posted Image

area. Do not include the word "Code".

:files
C:\WINDOWS\system32\mSuuxyay.ini2
C:\WINDOWS\system32\mSuuxyay.ini
C:\WINDOWS\system32\ltgnycfw.dll
C:\WINDOWS\system32\f30f2094-.txt

Push the large button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the line here in your next reply.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

We need to scan for Rootkits with GMER

Please download GMER from one of the following mirrors:
Close any and all open programs, as this process may crash your computer.
Unzip the downloaded file to your desktop.
Double click on your desktop.
Allow the gmer.sys driver to load if asked.
You may see this window. If you do, click No.
Click on and wait for the scan to finish.
If you see a rootkit warning window, click OK.
Push and save the logfile to your desktop.
Copy and Paste the contents of that file in your next post.

We need to create an OTViewIt Report

Please download OTViewIt by OldTimer.
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTViewIt.txt <-- Will be opened
- Extra.txt <-- Will be minimized

In your next reply, please include the following:
OTMoveIt3's Log
GMER's Log
OTViewIt.txt
Extra.txt

Billy3

#15 Shawn_Evans

Member

Group: Members
Posts: 24
Joined: 11-July 08

Posted 29 November 2008 - 10:20 PM

Ok, firstly, The reset button was not located under the advanced button tab. Only restore defaults. I did so.. doubt it worked.

Secondly, the OTmoveit on those 4 files did not work. See log below. The rest of the scans are cut and pasted.

OTMOVEIT results

Error: Unable to interpret <C:\WINDOWS\system32\mSuuxyay.ini2> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\mSuuxyay.ini> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\ltgnycfw.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\system32\f30f2094-.txt> in the current context!

OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_215848

-----------------------------------------------------------------------------------------------------------

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-11-29 22:08:09
Windows 5.1.2600 Service Pack 3

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.14 ----

OTViewIt logfile created on: 11/29/2008 10:09:22 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\shaevans\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.85% Memory free
3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 45.09 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NYMTJSLXP041364
Current User Name: ShaEvans
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/02/06 15:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
[2007/10/08 14:06:44 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[2007/05/03 18:51:42 | 00,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
[2007/05/03 18:51:44 | 00,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2007/05/01 16:52:14 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2007/07/16 11:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
[2004/01/07 17:41:22 | 00,249,856 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
[2007/10/08 14:27:02 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[2008/10/17 10:29:42 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[2007/02/15 13:00:04 | 00,677,408 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IFXSPMGT.exe
[2007/01/23 19:26:02 | 00,849,440 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IFXTCS.exe
[2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
[2008/11/26 10:55:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
[2007/05/01 16:52:06 | 00,121,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\Lms.exe
[2008/10/09 15:47:06 | 00,906,536 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe
[2007/02/15 12:55:18 | 00,140,832 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IfxPsdSv.exe
[2007/10/08 14:01:54 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[2007/05/01 16:52:18 | 01,489,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\Uns.exe
[2007/12/05 16:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
[2008/10/09 15:47:02 | 00,984,360 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe
[2007/03/07 05:19:00 | 00,066,048 | R--- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
[2008/10/09 15:47:22 | 00,296,224 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Temp\IU7186.EXE
[2008/10/09 15:47:20 | 00,435,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
[2007/05/01 16:52:10 | 00,404,248 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
[2007/09/15 02:27:20 | 01,015,808 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2007/03/01 13:18:36 | 00,472,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[2008/04/14 05:42:42 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/10/08 14:18:04 | 00,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
[2007/10/08 14:13:36 | 01,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
[2007/05/03 18:51:06 | 00,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
[2007/01/05 17:36:48 | 00,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
[2007/05/18 21:50:08 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
[2007/05/18 21:50:16 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
[2007/05/18 21:50:20 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
[2007/11/06 16:34:02 | 00,177,456 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
[2007/05/03 18:51:42 | 00,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
[2002/12/17 12:28:00 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
[2008/10/09 15:47:02 | 00,709,928 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe
[2008/11/26 10:55:34 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
[2007/01/23 20:15:14 | 00,181,792 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
[2007/05/16 09:43:04 | 00,677,432 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
[2007/02/06 15:14:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[1999/09/30 20:31:38 | 00,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe
[2008/09/26 11:12:16 | 01,897,184 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
[2007/10/08 14:09:26 | 00,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
[2007/02/06 15:11:50 | 01,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
[2008/04/14 05:42:24 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/15 21:03:31 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[2008/11/28 12:41:13 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTMoveIt3.exe
[2008/04/14 05:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/11/29 21:59:47 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/05/03 18:51:44 | 00,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca [Auto | Running])
[2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/05/01 16:52:14 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running])
[2008/05/13 13:26:00 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped])
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2007/02/06 15:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
File not found -- -- (CCAAgentStub [Auto | Stopped])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/07/16 11:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
[2002/02/04 05:20:00 | 00,053,296 | ---- | M] (IBM Corporation) -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd [On_Demand | Stopped])
[2004/01/07 17:41:22 | 00,249,856 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE -- (DWMRCS [Auto | Running])
[2007/10/08 14:27:02 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
[2007/04/30 08:28:34 | 00,172,131 | ---- | M] (Hewlett-Packard Ltd) -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK [On_Demand | Stopped])
[2008/10/17 10:29:42 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
[2007/12/05 16:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running])
[2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2007/02/15 13:00:04 | 00,677,408 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IFXSPMGT.exe -- (IFXSpMgtSrv [Auto | Running])
[2007/01/23 19:26:02 | 00,849,440 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IFXTCS.exe -- (IFXTCS [Auto | Running])
[2007/12/19 17:01:28 | 00,155,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imapihp.exe -- (ImapiService [On_Demand | Stopped])
[2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running])
[2008/11/26 10:55:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
[2007/05/01 16:52:06 | 00,121,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\Lms.exe -- (LMS [Auto | Running])
[2008/10/09 15:47:06 | 00,906,536 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/02/15 12:55:18 | 00,140,832 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService [Auto | Running])
[2007/10/08 14:01:54 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2007/10/08 14:06:44 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2008/10/09 15:47:02 | 00,984,360 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten [Auto | Running])
[2008/10/09 15:47:08 | 00,652,552 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy [On_Demand | Stopped])
[2007/05/01 16:52:18 | 01,489,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\Uns.exe -- (UNS [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2008/04/14 00:16:22 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped])
[2006/10/17 10:59:06 | 00,022,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
[2007/10/01 13:27:40 | 00,281,600 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
[2007/07/13 10:26:12 | 00,094,976 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio [On_Demand | Running])
[2007/12/19 09:30:25 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2007/08/28 15:47:36 | 00,146,560 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV [On_Demand | Running])
[2008/04/14 00:16:22 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped])
[2007/02/14 14:20:56 | 00,530,861 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running])
[2007/02/14 14:20:58 | 00,030,459 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Running])
[2007/02/14 14:20:58 | 00,868,298 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2007/02/14 14:20:58 | 00,149,123 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Running])
[2007/02/14 14:21:00 | 00,067,960 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
[2008/09/15 19:14:18 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Stopped])
[2008/09/15 19:14:20 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Stopped])
[2002/12/17 12:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running])
[2007/01/18 15:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
[2007/07/16 11:57:12 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
[2007/04/23 13:13:44 | 00,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv [On_Demand | Stopped])
[2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running])
[2008/01/02 11:34:13 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped])
[2007/06/19 18:47:58 | 00,255,896 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running])
[2008/11/27 00:43:08 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Running])
[2006/06/28 09:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand | Running])
[2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2006/10/17 10:57:58 | 00,017,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt [Boot | Running])
[2007/06/18 16:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
[2007/10/16 07:28:20 | 00,211,200 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
[2007/10/16 07:29:00 | 00,989,312 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
[2007/05/16 11:14:58 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running])
[2003/02/23 02:05:00 | 00,002,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km [Disabled | Stopped])
[2007/01/23 19:13:26 | 00,036,608 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM [On_Demand | Running])
[2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2003/02/23 02:05:00 | 00,007,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff [On_Demand | Running])
[2006/06/19 06:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2008/01/02 11:34:13 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Stopped])
[2007/09/28 13:30:57 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped])
[2007/09/28 13:30:49 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped])
[2008/04/14 00:16:10 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped])
[2008/05/16 10:20:10 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Stopped])
[2007/09/26 06:01:32 | 02,236,032 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
[2007/01/23 20:07:30 | 00,039,080 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive [System | Running])
[2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2008/01/02 11:34:13 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running])
[2008/09/15 19:14:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
[2006/12/20 01:08:00 | 00,047,616 | ---- | M] (RICOH Company, Ltd.) -- C:\WINDOWS\system32\drivers\rismc32.sys -- (RICOH SmartCard Reader [On_Demand | Stopped])
[2007/02/24 14:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2006/12/20 01:08:00 | 00,047,616 | ---- | M] (RICOH Company, Ltd.) -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32 [On_Demand | Running])
[2007/08/27 11:10:36 | 00,012,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])
[2008/04/14 00:06:46 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/06/16 11:19:58 | 00,046,080 | ---- | M] (SMSC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Running])
[2007/09/15 02:09:44 | 00,213,696 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2008/10/09 15:47:28 | 00,142,096 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
[2008/10/09 15:47:10 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter [Auto | Running])
[2008/10/09 15:47:08 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter [Auto | Running])
[2008/10/09 15:47:28 | 00,072,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running])
[2008/01/02 11:34:13 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running])
[2008/10/09 15:47:10 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt [Auto | Running])
[2005/01/26 09:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
[2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2007/10/16 07:28:16 | 00,731,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[ 2008/04/14 00:06:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.google.com/ie
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.google.com/ie
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://home.fcinternal.net/fc/default.asp?ID=2

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"SearchMigratedDefaultName"=Google
"SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
"Start Page"=http://home.fcinternal.net/fc/default.asp?ID=2

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Internet Explorer\Search]
"SearchAssistant"=http://www.google.com/ie

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Internet Explorer\SearchURL]
""=http://www.google.com/search?q=%s
"provider"=gogl

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (288033 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
9926 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"accrdsub"="c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" (ActivIdentity)
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio)
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
"atchk"="C:\Program Files\Intel\AMT\atchk.exe" (Intel Corporation)
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN (IBM Corporation)
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" (IBM Corporation)
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" (IBM Corporation)
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" (IBM Corporation)
"CognizanceTS"=rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule (Cognizance Corporation)
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe ()
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
"hpWirelessAssistant"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
"IFXSPMGT"=c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon (Infineon Technologies AG)
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow (Trend Micro Inc.)
"Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start (Hewlett-Packard Development Company, L.P.)
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
"Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe File not found

========== (O4) Startup Folders ==========

[2005/03/05 08:18:22 | 00,010,872 | ---- | M] (Autodesk, Inc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
[2007/02/06 15:14:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2007/12/07 18:18:00 | 00,028,672 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe
[2000/01/21 03:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
[1999/09/30 20:31:38 | 00,869,376 | ---- | M] (Fred's Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoExternalBranding"=1

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\policies\microsoft\internet explorer\Restrictions]
"NoExternalBranding"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWelcomeScreen"=1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=Legal Notice
"legalnoticetext"=This computer system and the data contained herein are property of Frontier Communications. Any unauthorized access and/or use of the data will be investigated and prosecuted to the full extent of the law. This system is to be used for business purposes. All information stored or processed is property of Frontier Communications and is subject to inspection.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ClassicShell"=2

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"Wallpaper"=

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"CDRAutoRun"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"ClassicShell"=2

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"Wallpaper"=

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: File not found
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/16 07:16:32 | 00,002,773 | ---- | M] ()

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: File not found
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/16 07:16:32 | 00,002,773 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/08/16 07:16:32 | 00,005,589 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/08/16 07:16:32 | 00,005,589 | ---- | M] ()
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
ADTRAN.COM\WWW: https in My Computer
czn.com: http in Local intranet
czncorp.com: http in Local intranet
fcinternal.net: http in Local intranet
frontiercorp.com: http in Local intranet
54 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
ADTRAN.COM\WWW: https in My Computer
czn.com: http in Local intranet
czncorp.com: http in Local intranet
fcinternal.net: http in Local intranet
frontiercorp.com: http in Local intranet
54 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{01113300-3E00-11D2-8470-0060089874ED}: https://activatemydsl.verizon.net/sdcCommon...20Installer.cab -- Support.com Configuration Class
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=58813 -- Office Genuine Advantage Validation Tool
{233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://www.pandasecurity.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{406B5949-7190-4245-91A9-30A17DE16AD0}: http://photo.walgreens.com/WalgreensActivia.cab -- Snapfish Activia
{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1198010915734 -- WUWebControl Class
{644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1227705794549 -- MUWebControl Class
{82B56B47-90DC-4F58-9A7D-D27BA46D3C0F}: http://schleppy1975.myphotoalbum.com/ImageUploader4.cab -- MyPhotoAlbum Easy Upload Tool Combo Control
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{DC11F230-5717-4C25-BAD7-37B879C19655}: http://schleppy1975.myphotoalbum.com/ImageUploader4.cab -- MyPhotoAlbum Easy Upload Tool Combo Control
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: https://sapience360.webex.com/client/T26L/webex/ieatgpc.cab -- GpcContainer Class
{F281A59C-7B65-11D3-8617-0010830243BD}: file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx -- AcPreview Control
Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{41972733-2A33-40AC-A2BA-3AD2BD78437E} (Servers: | Description: )
{67A49BF5-5987-41F5-A8E8-FBA029658758} (Servers: | Description: )
{7C5D1D32-CCFD-42AA-98CE-0B13C125E8E9} (Servers: | Description: Intel® 82566MM Gigabit Network Connection)
{BACE2D51-2962-466D-BAD9-3004EF25CC6B} (Servers: | Description: Intel® Wireless WiFi Link 4965AG)
{C77CD8BD-14AB-48B3-AE2E-8541B9457289} (Servers: | Description: )
{E38DD2C0-2C57-44D6-941B-7C22FD297756} (Servers: | Description: 1394 Net Adapter)

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=APSHook.dll lmhfhs.dll hubsls.dll
>[2007/02/26 03:49:00 | 00,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
>File not found --
>File not found --

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"GinaDLL"=ginaunlock.dll
>[2006/07/21 11:06:04 | 00,122,880 | ---- | M] () -- C:\WINDOWS\system32\ginaunlock.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
ackpbsc: "DllName" = c:\WINDOWS\system32\ackpbsc.dll -- c:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
acunlock: "DllName" = c:\Program Files\ActivIdentity\ActivClient\acunlock.dll -- c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
DeviceNP: "DllName" = DeviceNP.dll -- C:\WINDOWS\system32\DeviceNP.dll (Hewlett-Packard Limited)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
OneCard: "DllName" = C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
yayyVopP: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ,
>File not found --

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2007/12/18 14:59:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57bd5546-adaa-11dc-bbbe-b02c9a8bec2e}\Shell\AutoRun\command]
""=E:\setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/11/29 21:59:42 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTViewIt.exe
[2008/11/29 08:34:27 | 01,364,995 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\CamStudio20.exe
[2008/11/28 12:51:11 | 00,015,174 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\restrictions.gif
[2008/11/28 12:49:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Desktop\Dial-a-fix-v0.60.0.24
[2008/11/28 12:42:17 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/11/28 12:41:29 | 00,335,992 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\Dial-a-fix-v0.60.0.24.zip
[2008/11/28 12:41:09 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTMoveIt3.exe
[2008/11/28 11:30:56 | 00,003,785 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-29-2008.html
[2008/11/27 23:41:45 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2008/11/27 23:40:47 | 00,019,663 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\FileFind.zip
[2008/11/27 00:47:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Desktop\gmer
[2008/11/27 00:43:10 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/11/27 00:43:08 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/11/27 00:43:08 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/11/27 00:43:08 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/27 00:43:08 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/27 00:40:19 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\gmer.zip
[2008/11/27 00:39:46 | 00,356,792 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\dds.scr
[2008/11/26 21:13:01 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/11/26 19:39:56 | 21,383,61856 | -HS- | C] () -- C:\hiberfil.sys
[2008/11/26 17:54:48 | 00,003,636 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-26-2008.html
[2008/11/26 15:32:55 | 00,000,000 | ---D | C] -- C:\rsit
[2008/11/26 15:32:42 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\RSIT.exe
[2008/11/26 13:23:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\My Documents\IBM
[2008/11/26 11:56:52 | 00,005,174 | ---- | C] () -- C:\Internetshortcut.reg
[2008/11/26 10:48:51 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/11/26 10:34:26 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2008/11/26 10:34:26 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2008/11/26 10:14:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/11/26 10:14:37 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2008/11/26 09:50:09 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpcsvc.dll
[2008/11/26 09:46:36 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2008/11/26 09:46:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/11/26 09:38:23 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/11/26 09:38:22 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/11/26 09:38:22 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/11/26 09:38:21 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll
[2008/11/26 09:38:15 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2008/11/26 09:38:15 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2008/11/26 09:38:10 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/11/26 09:38:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/11/26 09:38:09 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/11/26 09:38:09 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/11/26 09:38:09 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/11/26 09:38:09 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/11/26 09:38:09 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/11/26 09:38:09 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/11/26 09:38:09 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/11/26 09:38:09 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/11/26 09:38:09 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/11/26 09:38:09 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/11/26 09:38:09 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/11/26 09:38:09 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/11/26 09:38:08 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/11/26 09:38:08 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/11/26 09:38:08 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/11/26 09:38:08 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/11/26 09:38:08 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/11/26 09:38:08 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/11/26 09:38:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/11/26 09:38:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/11/26 09:38:07 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/11/26 09:38:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/11/26 09:38:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/11/26 09:38:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/11/26 09:38:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/11/26 09:38:06 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/11/26 09:38:06 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/11/26 09:38:06 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/11/26 09:38:06 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/11/26 09:38:06 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/11/26 09:38:06 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/11/26 09:38:05 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/11/26 09:38:05 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/11/26 09:38:04 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/11/26 09:38:03 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/11/26 09:38:03 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/11/26 09:38:03 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/11/26 09:38:03 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/11/26 09:38:03 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/11/26 09:38:03 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/11/26 09:38:03 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/11/26 09:38:02 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/11/26 09:38:02 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/11/26 09:38:02 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/11/26 09:38:01 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/11/26 09:38:01 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/11/26 09:38:01 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/11/26 09:37:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/11/26 09:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/11/26 09:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/11/26 09:37:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2008/11/26 09:34:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/11/26 09:32:13 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys
[2008/11/26 09:32:13 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys
[2008/11/26 09:32:13 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys
[2008/11/26 09:32:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008/11/26 09:32:11 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2008/11/26 09:32:11 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2008/11/26 09:32:11 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2008/11/26 09:32:11 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2008/11/26 09:32:10 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2008/11/26 09:32:10 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys
[2008/11/26 09:32:10 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2008/11/26 09:32:10 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2008/11/26 09:32:09 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2008/11/26 09:32:09 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2008/11/26 09:32:09 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2008/11/26 09:32:09 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/11/26 09:32:08 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2008/11/26 09:32:08 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys
[2008/11/26 09:32:08 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys
[2008/11/26 09:32:08 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2008/11/26 09:32:08 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2008/11/26 09:32:08 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2008/11/26 09:28:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/11/26 09:12:01 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[2008/11/26 09:00:49 | 00,000,000 | ---D | C] -- C:\hotfix
[2008/11/26 08:14:41 | 00,065,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SMSCfg.cpl
[2008/11/25 16:30:33 | 00,000,190 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\MetaFrame Presentation Server Log In.url
[2008/11/25 15:45:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2008/11/25 10:01:45 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2008/11/25 09:57:18 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/11/22 15:47:28 | 00,885,141 | -HS- | C] () -- C:\WINDOWS\System32\mSuuxyay.ini2
[2008/11/22 15:47:27 | 00,885,141 | -HS- | C] () -- C:\WINDOWS\System32\mSuuxyay.ini
[2008/11/21 16:16:11 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\dosen rd count.xls
[2008/11/21 12:14:08 | 00,022,651 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\spybotmsg.gif
[2008/11/21 11:35:55 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\shaevans\My Documents\HJTInstall.exe
[2008/11/21 09:00:14 | 00,003,549 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-21-2008.html
[2008/11/21 08:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/21 08:57:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/11/21 08:54:47 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/11/21 08:54:01 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\shaevans\My Documents\spybotsd160.exe
[2008/11/20 23:07:52 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\ltgnycfw.dll
[2008/11/20 14:06:26 | 00,045,097 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\TimesHeraldRecord Fiber Makeup.jpg
[2008/11/19 21:03:35 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk
[2008/11/19 16:20:47 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\TimesHeraldRecord Fiber Makeup.vsd
[2008/11/15 18:45:59 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\Doc1.doc
[2008/11/14 08:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Local Settings\Application Data\Identities
[2008/11/13 21:46:01 | 01,760,245 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\rcr815-manual.zip
[2008/11/13 20:06:20 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys
[2008/11/13 20:06:15 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys
[2008/11/13 20:06:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2008/11/13 20:06:14 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys
[2008/11/13 20:06:12 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys
[2008/11/13 20:06:09 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys
[2008/11/13 20:06:07 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys
[2008/11/13 20:06:05 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys
[2008/11/13 20:05:58 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2008/11/13 20:05:58 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2008/11/13 20:05:58 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2008/11/13 20:05:58 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2008/11/13 20:05:58 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2008/11/13 20:05:58 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2008/11/13 20:05:53 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\avc.sys
[2008/11/13 20:05:50 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\61883.sys
[2008/11/13 13:21:40 | 00,131,803 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\HA HA.gif
[2008/11/12 23:22:46 | 00,142,096 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2008/11/12 11:53:45 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/11/12 11:53:45 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/11/12 11:53:45 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/11/12 11:53:45 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/11/12 11:53:45 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/11/12 11:53:45 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/11/12 11:53:44 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat
[2008/11/12 11:53:44 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui
[2008/11/12 11:53:43 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/11/12 11:53:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/11/12 08:45:28 | 00,000,420 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/11 22:36:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/11/11 22:17:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/11/11 22:15:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/11/11 22:15:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/11/11 22:14:58 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/11/11 21:59:14 | 00,000,856 | ---- | C] () -- C:\WINDOWS\Active Setup Log.BAK
[2008/11/11 21:59:09 | 00,508,240 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\shaevans\My Documents\ie6setupOe.exe
[2008/11/09 21:16:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Local Settings\Application Data\WMTools Downloaded Files
[2008/11/09 21:12:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2008/11/09 21:11:22 | 12,580,696 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\shaevans\My Documents\mm20enu.exe
[2008/11/08 10:57:01 | 00,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/11/07 09:52:48 | 00,251,904 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\1069193.XLS
[2008/11/05 12:17:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Local Settings\Application Data\Thunderbird
[2008/11/05 12:17:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Application Data\Thunderbird
[2008/11/05 12:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2008/11/04 16:25:24 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\Suicide Pool.xls
[2008/11/03 09:50:08 | 00,614,296 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\1070318 CABLE RUNNING.PDF
[2008/11/02 18:44:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Local Settings\Application Data\AOL
[2008/11/02 18:44:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/11/02 18:44:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2008/11/02 18:44:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/11/02 18:44:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2008/11/02 18:43:41 | 00,000,465 | -H-- | C] () -- C:\IPH.PH

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/11/29 22:00:37 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/11/29 21:59:47 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTViewIt.exe
[2008/11/29 08:34:36 | 01,364,995 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\CamStudio20.exe
[2008/11/28 15:16:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/11/28 15:15:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/11/28 15:15:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/28 15:15:31 | 21,383,61856 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/28 12:51:11 | 00,015,174 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\restrictions.gif
[2008/11/28 12:41:29 | 00,335,992 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\Dial-a-fix-v0.60.0.24.zip
[2008/11/28 12:41:13 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTMoveIt3.exe
[2008/11/28 11:30:56 | 00,003,785 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-29-2008.html
[2008/11/28 10:53:15 | 00,468,688 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/11/28 10:53:15 | 00,401,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/11/28 10:53:15 | 00,061,026 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/11/28 10:48:10 | 00,126,976 | ---- | M] () -- C:\Documents and Settings\shaevans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/28 10:26:19 | 00,013,828 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2008/11/28 10:25:57 | 00,000,199 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2008/11/27 23:40:48 | 00,019,663 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\FileFind.zip
[2008/11/27 00:43:08 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/11/27 00:43:08 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/11/27 00:43:08 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/11/27 00:40:21 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\gmer.zip
[2008/11/27 00:39:48 | 00,356,792 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\dds.scr
[2008/11/26 17:54:48 | 00,003,636 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-26-2008.html
[2008/11/26 15:32:47 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\RSIT.exe
[2008/11/26 11:56:52 | 00,005,174 | ---- | M] () -- C:\Internetshortcut.reg
[2008/11/26 10:38:50 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\shaevans\My Documents\desktop.ini
[2008/11/26 10:34:26 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2008/11/26 10:34:26 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2008/11/26 10:32:16 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2003.lnk
[2008/11/26 09:45:54 | 00,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/11/26 09:31:51 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/11/26 08:35:41 | 00,000,856 | ---- | M] () -- C:\WINDOWS\Active Setup Log.BAK
[2008/11/26 08:11:37 | 00,000,743 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/11/26 08:11:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/11/26 08:11:37 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/11/25 16:30:33 | 00,000,190 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\MetaFrame Presentation Server Log In.url
[2008/11/25 13:42:17 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\Suicide Pool.xls
[2008/11/24 22:59:57 | 04,321,198 | -H-- | M] () -- C:\Documents and Settings\shaevans\Local Settings\Application Data\IconCache.db
[2008/11/22 16:09:49 | 00,885,141 | -HS- | M] () -- C:\WINDOWS\System32\mSuuxyay.ini
[2008/11/22 16:09:13 | 00,885,141 | -HS- | M] () -- C:\WINDOWS\System32\mSuuxyay.ini2
[2008/11/21 16:16:11 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\dosen rd count.xls
[2008/11/21 15:03:49 | 00,001,120 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\S2K400.WS
[2008/11/21 12:14:08 | 00,022,651 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\spybotmsg.gif
[2008/11/21 11:35:59 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\shaevans\My Documents\HJTInstall.exe
[2008/11/21 09:02:25 | 00,288,033 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/11/21 09:00:15 | 00,003,549 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-21-2008.html
[2008/11/21 08:54:20 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\shaevans\My Documents\spybotsd160.exe
[2008/11/20 23:39:18 | 00,072,704 | ---- | M] () -- C:\WINDOWS\System32\ltgnycfw.dll
[2008/11/20 14:06:32 | 00,045,097 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\TimesHeraldRecord Fiber Makeup.jpg
[2008/11/20 14:05:48 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\TimesHeraldRecord Fiber Makeup.vsd
[2008/11/19 21:03:35 | 00,001,958 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk
[2008/11/19 21:03:35 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk
[2008/11/19 21:01:18 | 00,002,433 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\VPN Client.lnk
[2008/11/19 09:05:26 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\Trillian.lnk
[2008/11/18 11:28:42 | 00,000,420 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2008/11/15 18:46:00 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\Doc1.doc
[2008/11/13 21:46:07 | 01,760,245 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\rcr815-manual.zip
[2008/11/13 13:21:40 | 00,131,803 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\HA HA.gif
[2008/11/11 21:59:14 | 00,508,240 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\shaevans\My Documents\ie6setupOe.exe
[2008/11/11 13:08:28 | 00,065,118 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\2008nfl.pdf
[2008/11/09 21:12:35 | 12,580,696 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\shaevans\My Documents\mm20enu.exe
[2008/11/08 10:57:02 | 00,001,172 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2008/11/07 09:52:48 | 00,251,904 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\1069193.XLS
[2008/11/06 09:05:29 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\Thingstodo.xls
[2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/11/03 09:50:08 | 00,614,296 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\1070318 CABLE RUNNING.PDF
[2008/11/02 18:44:42 | 00,000,465 | -H-- | M] () -- C:\IPH.PH
< End of report >

-------------------------------------------------------------------------------------------

OTViewIt Extras logfile created on: 11/29/2008 10:09:32 PM - Run
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\shaevans\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.85% Memory free
3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 45.09 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NYMTJSLXP041364
Current User Name: ShaEvans
NOT logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
""=
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE
[2008/04/14 05:42:16 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe
[2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\SMSADMIN\bin\i386\statview.exe:*:Enabled:SMS 2.0 Utility - Status Message Viewer
File not found -- C:\SMSADMIN\bin\i386\SETUP.EXE:*:Enabled:SMS Setup
[2001/08/23 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp.exe
[2008/04/14 05:42:24 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer
[2008/04/14 05:42:26 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console
File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
File not found -- C:\WINDOWS\system32\VoissAssistant.exe:*:Enabled:VoissAssistant
[2008/01/30 13:48:38 | 00,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE
File not found -- C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent
File not found -- C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw
File not found -- C:\Program Files\Viryanet\MicroServer\VCM.exe:*:Enabled:VCM
[2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2005/09/08 18:07:52 | 00,819,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/11/26 10:55:34 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP
[2008/04/14 05:42:16 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe
File not found -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE
[2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe:*:Enabled:Citrix Secure Access Agent
File not found -- C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent
[2001/08/23 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI
File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2005/09/08 18:07:52 | 00,819,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)
File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/12/23 05:45:14 | 00,217,088 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Standard
"{00100409-78E1-11D2-B60F-006097C998E7}"=Microsoft Access 2000 SR-1
"{04010300-6D72-4D54-8686-91D884A27B5C}"=Cisco Clean Access Agent
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}"=Serif PhotoPlus 6.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}"=Cisco Systems VPN Client 5.0.01.0600
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{20A1D306-CE83-492A-8525-D6DF50B5944A}"=Embedded Security for HP ProtectTools
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10
"{29EA1C3E-2D8F-42FF-A5A9-CD3D45C2315E}"=NGS Qport Access
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}"=HP ProtectTools Security Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.40 B2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{3912A629-0020-0005-3131-2FBA74D4DF0A}"=InterVideo WinDVD
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA
"{429E92A4-159F-4AEC-85A1-D693E1E4274D}"=HP 3D DriveGuard
"{450063AA-643B-417C-8CF5-405BA3F4EF40}"=Autodesk Design Review 2009
"{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0
"{55B52830-024A-443E-AF61-61E1E71AFA1B}"=Device Access Manager for HP ProtectTools
"{5783F2D7-4009-0409-0002-0060B0CE6BBA}"=AutoCAD LT 2006 - English
"{59F6A514-9813-47A3-948C-8A155460CC2A}"=RICOH R5C853 Driver Ver.1.00.02
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}"=Adobe Media Player
"{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}"=Microsoft Streets and Trips 2005
"{69333A04-5134-40A5-A055-9166A7AA1EC8}"=
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77130095-2039-424F-A633-4FAF0261258A}"=Java Card Security for HP ProtectTools
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}"=mSCfg
"{84814E6B-2581-46EC-926A-823BD1C670F6}"=HP Integrated Module with Bluetooth wireless technology
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}"=mHelp
"{90120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz
"{91530409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Standard 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD
"{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}"=ActivClient 6.1 x86
"{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{C15F7F16-941E-414B-A676-40190CD621D5}"=Credential Manager for HP ProtectTools
"{C74D0FA0-1D49-464F-A707-B427EE3385C1}"=BIOS Configuration for HP ProtectTools
"{D32067CD-7409-4792-BFA0-1469BCD8F0C8}"=HP Wireless Assistant
"{DF45EF6C-9E13-4CBD-B393-9FDC306F8E18}"=NGS Qport Access
"{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore
"{E8DDBFBC-6C65-4CEE-A4D7-CD6781E94BCC}"=ScrewDrivers Client v4
"{E90140E7-3D75-478E-AB57-78F21B9DA200}"=CA eTrust GINA Option for Password Reset/Unlock
"{E92B7A19-5FD5-4AEE-9FEF-7AD5DD3A675E}"=MetaFrame Presentation Server Client
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}"=AuthenTec Fingerprint Sensor Minimum Install
"{ECEA7878-2100-4525-915D-B09174E36971}"=Trend Micro OfficeScan Client
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}"=InterVideo Register Manager
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe
"ActiveTouchMeetingClient"=WebEx
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Shockwave Player"=Adobe Shockwave Player
"ADTRAN DSL Assistant"=ADTRAN DSL Assistant
"Amazon MP3 Downloader"=Amazon MP3 Downloader 1.0.3
"AnswerWorks"=AnswerWorks Runtime
"Autodesk Design Review 2009"=Autodesk Design Review 2009 - SP1
"Autodesk DWF Viewer"=Autodesk DWF Viewer
"Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter
"ClientAccessExpress"=IBM iSeries Access for Windows
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795"=Soft Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"EsetOnlineScanner"=ESET Online Scanner
"FLEXR 7.81"=FLEXR 7.81
"Google Updater"=Google Updater
"HDMI"=Intel® Graphics Media Accelerator Driver
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{29EA1C3E-2D8F-42FF-A5A9-CD3D45C2315E}"=NGS Qport Access - 5.10.19
"InstallShield_{DF45EF6C-9E13-4CBD-B393-9FDC306F8E18}"=NGS Qport Access - 5.10.37
"Macromedia Authorware Web Player"=Macromedia Authorware Web Player
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MESOL"=Intel® Active Management Technology Device Software
"MetaASSIST View"=MetaASSIST View
"Mozilla Firefox (2.0)"=Mozilla Firefox (2.0)
"Mozilla Thunderbird (2.0.0.18)"=Mozilla Thunderbird (2.0.0.18)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"PrintKey2000"=PrintKey2000
"ProInst"=Intel® PROSet/Wireless Software
"PROSet"=Intel® PRO Network Connections Drivers
"RealPlayer 6.0"=RealPlayer
"ShockwaveFlash"=Macromedia Flash Player 8
"SynTPDeinstKey"=Synaptics Pointing Device Driver
"Trillian"=Trillian
"Verizon High Speed Internet_is1"=Verizon High Speed Internet
"Volo View Express"=Volo View Express
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 3
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"YInstHelper"=Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/28/2008 4:15:39 PM | Computer Name = NYMTJSLXP041364 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/28/2008 4:15:40 PM | Computer Name = NYMTJSLXP041364 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/28/2008 4:15:40 PM | Computer Name = NYMTJSLXP041364 | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 11/28/2008 4:15:42 PM | Computer Name = NYMTJSLXP041364 | Source = Intel® AMT | ID = 2002
Description = [UNS] Failed to subscribe to local Intel® AMT.

Error - 11/28/2008 4:15:52 PM | Computer Name = NYMTJSLXP041364 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 11/29/2008 8:57:01 AM | Computer Name = NYMTJSLXP041364 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 11/29/2008 9:01:19 AM | Computer Name = NYMTJSLXP041364 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2008 9:39:26 AM | Computer Name = NYMTJSLXP041364 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/29/2008 9:40:59 AM | Computer Name = NYMTJSLXP041364 | Source = Application Error | ID = 1000
Description = Faulting application recorder.exe, version 1.0.0.1, faulting module
recorder.exe, version 1.0.0.1, fault address 0x000211a7.

Error - 11/29/2008 10:54:36 PM | Computer Name = NYMTJSLXP041364 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

[ Credential Manager Events ]
Error - 5/6/2008 8:17:04 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: shaevans@CORP Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 5/19/2008 8:20:09 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: cArson5@CORP Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 6/3/2008 9:12:04 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: shaevans@CORP Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 6/10/2008 9:27:13 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: shaevans@CORP Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 6/10/2008 9:27:17 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: shaevans@CORP Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 9/2/2008 8:38:24 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796070
Description = The submitted user identity was rejected. User: shaevans@CORP Error:
(0xC5160102) The system could not perform the requested operation. Verify that
Credential Manager for HP ProtectTools is properly installed on your computer. If
the problem persists, please contact your system administrator.

Error - 10/28/2008 3:31:42 PM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100861620
Description = The submitted credentials were not successfully registered. User:
shaevans@CORP Credentials: Password Error: (0x8007052B) Unable to update the password.
The value provided as the current password is incorrect.

Error - 10/28/2008 3:31:49 PM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100861620
Description = The submitted credentials were not successfully registered. User:
shaevans@CORP Credentials: Password Error: (0x8007052B) Unable to update the password.
The value provided as the current password is incorrect.

[ System Events ]
Error - 11/29/2008 9:42:51 AM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2008 10:42:53 AM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2008 12:42:56 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2008 2:23:17 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2008 2:25:51 PM | Computer Name = NYMTJSLXP041364 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain CORP due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 11/29/2008 2:38:20 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2008 3:08:21 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2008 10:54:44 PM | Computer Name = NYMTJSLXP041364 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain CORP due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 11/29/2008 10:54:48 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/29/2008 11:09:48 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

< End of report >

And thats it.. Something just does not feel right about this PC. I am going to reboot.