 Virundo ? Can't get rid of... |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 21 2008, 04:06 PM
Post
#1
|
|
|
Member  Group: Members Posts: 24 Joined: 11-July 08 Member No.: 221,858  |
---------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:57:52 PM, on 11/21/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\ifxspmgt.exe c:\WINDOWS\system32\ifxtcs.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe c:\WINDOWS\system32\IfxPsdSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\TEMP\DFF86E.EXE C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\kix\UTLite33.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\Office\EXCEL.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\NGS\Qport\QPORT.EXE C:\PROGRA~1\NGS\Qport\QPortMon.exe C:\Program Files\IBM\Client Access\Emulator\PCSCM.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fcinternal.net/fc/default.asp?ID=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nfuse.czncorp.com/Citrix/MetaFrame/auth/login.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res:///3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/ka...can_unicode.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198010915734 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1226282858039 O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sapience360.webex.com/client/T26L/webex/ieatgpc.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.pvt O17 - HKLM\Software\..\Telephony: DomainName = corp.pvt O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.pvt O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = corp.pvt O20 - AppInit_DLLs: APSHook.dll lmhfhs.dll O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CCA Agent Stub (CCAAgentStub) - Unknown owner - C:\WINDOWS\system32\CCAAgentStub.exe (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 16132 bytes ------------------------------------------------------------------------------------- Any and all help would be greatly, greatly appreciated. My MBAM logs as well... ----------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.30 Database version: 1306 Windows 5.1.2600 Service Pack 2 11/21/2008 3:03:21 PM mbam-log-2008-11-21 (15-03-21).txt Scan type: Full Scan (C:\|) Objects scanned: 28148 Time elapsed: 4 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 2 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\lmhfhs.dll (Trojan.Vundo.H) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3fc5dcb2-de29-4eb2-b9ed-745500ccd7b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3fc5dcb2-de29-4eb2-b9ed-745500ccd7b8} (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\lmhfhs.dll (Trojan.Vundo.H) -> Delete on reboot. C:\WINDOWS\system32\byXNfGVN.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\NVGfNXyb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully. ---------------------------------------------------------------------------------------- Every MBAM log looks the same... This post has been edited by Shawn_Evans: Nov 21 2008, 04:12 PM |
 |
 
|
|
Nov 26 2008, 06:16 PM
Post
#2
|
|
|
Member Group: Members Posts: 24 Joined: 11-July 08 Member No.: 221,858 |
bump. Not to criticize but there are posts on here posted 3 days after mine that have been resolved. I realize you are super busy and provide a phenomonal service fbut I am having major browser issues as well as trojan's popping up frequently and it is a WORK PC. I do not mean to be a pain in the ass but I am in DIRE STRAIGHTS. MBAM is comming up clean but I believe I have registry issues. Fresh RSIT Log. Kaspersky picked up (4).. 3 in Trend and (1) in the system directory. Log also attached:
------------------------------------------------------ Logfile of random's system information tool 1.04 (written by random/random) Run by ShaEvans at 2008-11-26 15:32:55 Microsoft Windows XP Professional Service Pack 3 System drive C: has 46 GB (61%) free of 76 GB Total RAM: 2039 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:33:11 PM, on 11/26/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\ifxspmgt.exe c:\WINDOWS\system32\ifxtcs.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe c:\WINDOWS\system32\IfxPsdSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\TEMP\NM292E.EXE C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Java\jre6\bin\java.exe C:\Documents and Settings\shaevans\My Documents\RSIT.exe C:\Program Files\trend micro\ShaEvans.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fcinternal.net/fc/default.asp?ID=2 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nfuse.czncorp.com/Citrix/MetaFrame/auth/login.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res:///3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198010915734 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227705794549 O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sapience360.webex.com/client/T26L/webex/ieatgpc.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.pvt O17 - HKLM\Software\..\Telephony: DomainName = corp.pvt O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.pvt O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.pvt O20 - AppInit_DLLs: APSHook.dll lmhfhs.dll hubsls.dll O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O20 - Winlogon Notify: yayyVopP - C:\WINDOWS\ O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CCA Agent Stub (CCAAgentStub) - Unknown owner - C:\WINDOWS\system32\CCAAgentStub.exe (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 14529 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-17 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400] "atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-05-01 404248] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088] "PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184] "CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920] "IFXSPMGT"=c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408] ""= [] "accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-03 293168] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448] "Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-01-02 40960] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-18 138008] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-18 162584] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-18 138008] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456] "Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-05-07 20530] "Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-05-07 24626] "Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-05-07 45056] "Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-05-07 20530] "AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032] "OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe [2008-10-09 709928] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-15 185872] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936] "Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-30 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] C:\Documents and Settings\All Users\Start Menu\Programs\Startup AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="APSHook.dll lmhfhs.dll hubsls.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc] c:\WINDOWS\system32\ackpbsc.dll [2007-05-03 112640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock] c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-03 281088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP] C:\WINDOWS\system32\DeviceNP.dll [2007-04-30 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-05-16 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard] C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-05-13 85504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyVopP] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "Wallpaper"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"=Legal Notice "legalnoticetext"=This computer system and the data contained herein are property of Frontier Communications. Any unauthorized access and/or use of the data will be investigated and prosecuted to the full extent of the law. This system is to be used for business purposes. All information stored or processed is property of Frontier Communications and is subject to inspection. "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoWelcomeScreen"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe" "C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe"="C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe:*:Enabled:Citrix Secure Access Agent" "C:\Program Files\NET6\net6vpn.exe"="C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent" "C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Citrix\ICA Client\wfica32.exe"="C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\SMSADMIN\bin\i386\statview.exe"="C:\SMSADMIN\bin\i386\statview.exe:*:Enabled:SMS 2.0 Utility - Status Message Viewer" "C:\SMSADMIN\bin\i386\SETUP.EXE"="C:\SMSADMIN\bin\i386\SETUP.EXE:*:Enabled:SMS Setup" "C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp.exe" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\WINDOWS\system32\VoissAssistant.exe"="C:\WINDOWS\system32\VoissAssistant.exe:*:Enabled:VoissAssistant" "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE" "C:\Program Files\NET6\net6vpn.exe"="C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent" "C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw" "C:\Program Files\Viryanet\MicroServer\VCM.exe"="C:\Program Files\Viryanet\MicroServer\VCM.exe:*:Enabled:VCM" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Citrix\ICA Client\wfica32.exe"="C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bd5546-adaa-11dc-bbbe-b02c9a8bec2e}] shell\AutoRun\command - E:\setup.exe ======File associations====== .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 3 months====== 2008-11-26 15:32:55 ----D---- C:\rsit 2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\java.exe 2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-26 10:48:51 ----SHD---- C:\Config.Msi 2008-11-26 10:34:26 ----A---- C:\WINDOWS\system32\sndvol32.exe 2008-11-26 10:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-26 10:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-26 10:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-11-26 10:14:42 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-11-26 09:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953761$ 2008-11-26 09:46:36 ----D---- C:\Program Files\msn gaming zone 2008-11-26 09:46:27 ----D---- C:\WINDOWS\Prefetch 2008-11-26 09:43:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-11-26 09:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-11-26 09:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-11-26 09:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-11-26 09:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ 2008-11-26 09:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-26 09:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-11-26 09:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$ 2008-11-26 09:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-11-26 09:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-11-26 09:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-11-26 09:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-11-26 09:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$ 2008-11-26 09:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-11-26 09:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-11-26 09:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-11-26 09:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-11-26 09:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$ 2008-11-26 09:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-11-26 09:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-11-26 09:38:22 ----A---- C:\WINDOWS\system32\msxml6r.dll 2008-11-26 09:38:15 ----N---- C:\WINDOWS\system32\comsdupd.exe 2008-11-26 09:38:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2008-11-26 09:38:11 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\azroles.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\credssp.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mssha.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-11-26 09:38:04 ----N---- C:\WINDOWS\system32\napstat.exe 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qutil.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qagent.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\onex.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\nv4_disp.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slserv.exe 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slgen.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\setupn.exe 2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-11-26 09:38:00 ----N---- C:\WINDOWS\slrundll.exe 2008-11-26 09:37:59 ----D---- C:\WINDOWS\system32\scripting 2008-11-26 09:37:57 ----D---- C:\WINDOWS\system32\en 2008-11-26 09:37:57 ----D---- C:\WINDOWS\l2schemas 2008-11-26 09:37:56 ----D---- C:\WINDOWS\system32\bits 2008-11-26 09:34:44 ----D---- C:\WINDOWS\ServicePackFiles 2008-11-26 09:32:13 ----D---- C:\WINDOWS\network diagnostic 2008-11-26 09:31:23 ----A---- C:\WINDOWS\003302_.tmp 2008-11-26 09:28:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-11-26 09:12:01 ----A---- C:\WindowsXP-KB936929-SP3-x86-ENU.exe 2008-11-26 09:00:49 ----D---- C:\hotfix 2008-11-25 15:45:08 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-11-25 10:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$ 2008-11-25 10:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$ 2008-11-25 09:57:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2008-11-22 15:47:28 ----ASH---- C:\WINDOWS\system32\mSuuxyay.ini2 2008-11-22 15:47:27 ----ASH---- C:\WINDOWS\system32\mSuuxyay.ini 2008-11-21 08:57:38 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-21 08:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-20 23:07:52 ----N---- C:\WINDOWS\system32\ltgnycfw.dll 2008-11-20 23:07:12 ----A---- C:\WINDOWS\system32\f30f2094-.txt 2008-11-13 20:05:58 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2008-11-12 13:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$ 2008-11-12 13:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$ 2008-11-12 11:53:30 ----D---- C:\WINDOWS\ie7updates 2008-11-12 08:45:28 ----A---- C:\WINDOWS\cdplayer.ini 2008-11-11 22:36:50 ----D---- C:\WINDOWS\pss 2008-11-11 22:17:27 ----D---- C:\WINDOWS\WBEM 2008-11-11 22:15:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 2008-11-11 22:15:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 2008-11-11 22:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$ 2008-11-11 22:14:58 ----N---- C:\WINDOWS\system32\xmllite.dll 2008-11-11 21:59:14 ----A---- C:\WINDOWS\Active Setup Log.txt 2008-11-11 21:59:14 ----A---- C:\WINDOWS\Active Setup Log.BAK 2008-11-09 21:12:47 ----D---- C:\WINDOWS\RegisteredPackages 2008-11-05 12:17:52 ----D---- C:\Documents and Settings\shaevans\Application Data\Thunderbird 2008-11-05 12:17:46 ----D---- C:\Program Files\Mozilla Thunderbird 2008-11-02 18:44:26 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-11-02 18:44:25 ----D---- C:\Program Files\Viewpoint 2008-11-02 18:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-11-02 18:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\AOL 2008-11-02 18:44:01 ----D---- C:\Program Files\Common Files\AOL 2008-10-30 20:52:30 ----D---- C:\Documents and Settings\shaevans\Application Data\Motive 2008-10-30 20:32:40 ----D---- C:\Program Files\Yahoo! 2008-10-30 20:32:18 ----D---- C:\Documents and Settings\All Users\Application Data\Motive 2008-10-30 20:32:08 ----D---- C:\Program Files\Common Files\Motive 2008-10-30 20:24:28 ----D---- C:\WINDOWS\DSL 2008-10-30 20:24:28 ----D---- C:\Program Files\Common Files\SupportSoft 2008-10-30 14:59:07 ----D---- C:\Program Files\Adobe Media Player 2008-10-30 14:59:03 ----D---- C:\Program Files\Common Files\Adobe AIR 2008-10-28 10:57:30 ----D---- C:\Program Files\Bonjour 2008-10-26 16:15:58 ----D---- C:\Documents and Settings\shaevans\Application Data\WinRAR 2008-10-23 21:05:41 ----D---- C:\Program Files\WinRAR 2008-10-22 12:03:25 ----D---- C:\Documents and Settings\shaevans\Application Data\webex 2008-10-20 08:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$ 2008-10-20 08:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-20 08:20:04 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$ 2008-10-20 08:19:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$ 2008-10-20 08:19:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$ 2008-10-20 08:18:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956390_0$ 2008-10-15 21:05:14 ----D---- C:\Documents and Settings\shaevans\Application Data\Talkback 2008-10-15 21:03:39 ----D---- C:\Program Files\Common Files\xing shared 2008-10-15 21:03:35 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2008-10-15 21:03:32 ----D---- C:\Program Files\Real 2008-10-15 21:03:32 ----A---- C:\WINDOWS\system32\pndx5032.dll 2008-10-15 21:03:32 ----A---- C:\WINDOWS\system32\pndx5016.dll 2008-10-15 21:03:32 ----A---- C:\WINDOWS\system32\pncrt.dll 2008-10-15 21:03:30 ----D---- C:\Program Files\Common Files\Real 2008-10-15 21:03:29 ----D---- C:\Documents and Settings\shaevans\Application Data\Real 2008-10-15 21:02:57 ----D---- C:\Documents and Settings\shaevans\Application Data\Mozilla 2008-10-15 21:02:54 ----D---- C:\Program Files\Mozilla Firefox 2008-10-14 07:25:14 ----A---- C:\tmuninst.ini 2008-10-14 07:24:41 ----D---- C:\WINDOWS\system32\log 2008-10-13 09:51:22 ----HD---- C:\WINDOWS\system32\GroupPolicy 2008-10-10 14:07:35 ----D---- C:\Documents and Settings\shaevans\Application Data\NCH Swift Sound 2008-10-03 16:40:38 ----D---- C:\Documents and Settings\shaevans\Application Data\DivX 2008-10-03 16:39:23 ----D---- C:\Program Files\DivX 2008-09-22 10:04:02 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$ 2008-09-18 07:17:42 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2008-09-15 19:11:28 ----A---- C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-08-29 09:18:58 ----A---- C:\WINDOWS\system32\dns-sd.exe 2008-08-29 08:53:50 ----A---- C:\WINDOWS\system32\dnssd.dll ======List of files/folders modified in the last 3 months====== 2008-11-26 15:33:11 ----D---- C:\Program Files\Trend Micro 2008-11-26 15:32:52 ----D---- C:\WINDOWS\system32 2008-11-26 15:32:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-26 15:29:21 ----D---- C:\WINDOWS\Temp 2008-11-26 15:28:11 ----A---- C:\WINDOWS\system32\log.txt 2008-11-26 15:28:05 ----A---- C:\gina_pre.txt 2008-11-26 15:04:26 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-26 11:35:58 ----A---- C:\WINDOWS\SMSCFG.ini 2008-11-26 11:34:33 ----D---- C:\WINDOWS 2008-11-26 11:26:50 ----HD---- C:\WINDOWS\inf 2008-11-26 11:26:50 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-26 11:26:43 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-26 11:09:14 ----A---- C:\WINDOWS\hpbafd.ini 2008-11-26 10:57:42 ----D---- C:\Program Files\Common Files 2008-11-26 10:55:33 ----SHD---- C:\WINDOWS\Installer 2008-11-26 10:55:29 ----D---- C:\Program Files\Java 2008-11-26 10:50:46 ----RD---- C:\Program Files 2008-11-26 10:50:46 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-11-26 10:50:39 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-11-26 10:50:39 ----D---- C:\WINDOWS\system32\drivers 2008-11-26 10:48:57 ----D---- C:\Program Files\Common Files\Apple 2008-11-26 10:45:29 ----SD---- C:\WINDOWS\Tasks 2008-11-26 10:45:04 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-26 10:38:46 ----A---- C:\WINDOWS\OEWABLog.txt 2008-11-26 10:35:33 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-26 10:15:35 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-26 09:46:33 ----A---- C:\WINDOWS\setuplog.txt 2008-11-26 09:45:50 ----RSD---- C:\WINDOWS\Fonts 2008-11-26 09:45:50 ----D---- C:\WINDOWS\system32\wbem 2008-11-26 09:45:50 ----D---- C:\WINDOWS\system32\Setup 2008-11-26 09:45:50 ----D---- C:\WINDOWS\AppPatch 2008-11-26 09:42:03 ----D---- C:\WINDOWS\Help 2008-11-26 09:41:30 ----D---- C:\Program Files\Messenger 2008-11-26 09:41:09 ----D---- C:\WINDOWS\security 2008-11-26 09:40:53 ----D---- C:\WINDOWS\system32\inetsrv 2008-11-26 09:38:28 ----D---- C:\WINDOWS\WinSxS 2008-11-26 09:38:14 ----D---- C:\WINDOWS\ime 2008-11-26 09:38:00 ----D---- C:\WINDOWS\system32\usmt 2008-11-26 09:38:00 ----D---- C:\WINDOWS\system32\en-us 2008-11-26 09:37:57 ----D---- C:\Program Files\Internet Explorer 2008-11-26 09:37:56 ----D---- C:\WINDOWS\PeerNet 2008-11-26 09:37:56 ----D---- C:\Program Files\Movie Maker 2008-11-26 09:34:32 ----D---- C:\WINDOWS\system32\Restore 2008-11-26 09:34:32 ----D---- C:\WINDOWS\system32\npp 2008-11-26 09:34:32 ----D---- C:\WINDOWS\mui 2008-11-26 09:34:30 ----D---- C:\WINDOWS\msagent 2008-11-26 09:34:29 ----D---- C:\WINDOWS\srchasst 2008-11-26 09:34:28 ----D---- C:\Program Files\NetMeeting 2008-11-26 09:34:26 ----D---- C:\WINDOWS\system32\Com 2008-11-26 09:34:23 ----D---- C:\Program Files\Windows Media Player 2008-11-26 09:34:23 ----D---- C:\Program Files\Outlook Express 2008-11-26 09:34:18 ----D---- C:\Program Files\Common Files\System 2008-11-26 09:33:57 ----D---- C:\WINDOWS\system32\oobe 2008-11-26 09:33:56 ----D---- C:\WINDOWS\system 2008-11-26 09:28:43 ----D---- C:\WINDOWS\ehome 2008-11-26 08:38:25 ----D---- C:\WINDOWS\system32\appmgmt 2008-11-26 08:23:18 ----D---- C:\WINDOWS\SoftwareDistribution 2008-11-26 08:20:52 ----D---- C:\Documents and Settings 2008-11-26 08:11:37 ----RASH---- C:\boot.ini 2008-11-26 08:11:37 ----A---- C:\WINDOWS\win.ini 2008-11-26 08:11:37 ----A---- C:\WINDOWS\system.ini 2008-11-26 08:10:13 ----A---- C:\WINDOWS\cfgall.ini 2008-11-25 16:49:50 ----D---- C:\Program Files\NCH Swift Sound 2008-11-25 16:15:46 ----D---- C:\Program Files\Google 2008-11-25 16:15:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2008-11-25 14:23:36 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-24 22:48:21 ----D---- C:\Program Files\Windows NT 2008-11-22 21:40:52 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-21 08:54:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-19 21:03:32 ----D---- C:\Program Files\Cisco Systems 2008-11-14 15:41:28 ----D---- C:\Program Files\Trillian 2008-11-11 22:17:18 ----D---- C:\WINDOWS\Media 2008-11-08 00:57:07 ----D---- C:\Documents and Settings\shaevans\Application Data\LimeWire 2008-11-07 08:16:45 ----SHD---- C:\WINDOWS\CSC 2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-11-02 06:54:14 ----D---- C:\Program Files\Microsoft Silverlight 2008-10-30 20:21:19 ----SD---- C:\Documents and Settings\shaevans\Application Data\Microsoft 2008-10-30 14:59:10 ----D---- C:\Documents and Settings\shaevans\Application Data\Adobe 2008-10-30 14:59:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-10-24 14:20:44 ----D---- C:\Program Files\ADTRAN DSL Assistant 2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll 2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll 2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll 2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wups2.dll 2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe 2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll 2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui 2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll 2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui 2008-10-15 21:03:32 ----A---- C:\WINDOWS\system32\msvcp71.dll 2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-13 09:53:15 ----A---- C:\WINDOWS\ODBC.INI 2008-10-01 11:23:47 ----SHD---- C:\System Volume Information 2008-09-09 20:14:56 ----A---- C:\WINDOWS\system32\msxml6.dll 2008-09-04 12:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-01-23 39080] R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2008-01-02 143834] R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-10-09 72072] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2008-01-02 206464] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-19 21361] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [] R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [] R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [] R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560] R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861] R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459] R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298] R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123] R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960] R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-19 255896] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-10-16 989312] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-10-16 211200] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-16 5707744] R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608] R3 kbstuff;SMS Virtual Input Device; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2003-02-23 7744] R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-10-16 731136] S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-09-15 9336] S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-09-15 9464] S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128] S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2008-01-02 25898] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2008-01-02 30630] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [] S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-05-16 27136] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 RICOH SmartCard Reader;RICOH SmartCard Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2003-02-23 2704] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-03 182576] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 atchksrv;Intel® Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 183064] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512] R2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE [2004-01-07 249856] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-17 168432] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688] R2 IFXSpMgtSrv;Security Platform Management Service; c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408] R2 IFXTCS;Trusted Platform Core Service; c:\WINDOWS\system32\ifxtcs.exe [2007-01-23 849440] R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984] R2 LMS;Intel® Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 121624] R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-10-09 906536] R2 PersonalSecureDriveService;Personal Secure Drive service; c:\WINDOWS\system32\IfxPsdSv.exe [2007-02-15 140832] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744] R2 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2008-10-09 984360] R2 UNS;Intel® Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 1489688] R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 CCAAgentStub;CCA Agent Stub; C:\WINDOWS\system32\CCAAgentStub.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-05-13 77944] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2002-02-04 53296] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-04-30 172131] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-10-09 652552] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF----------------- info.txt logfile of random's system information tool 1.04 2008-11-26 15:33:14 ======Uninstall list====== -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 -->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL1.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL12.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL13.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL14.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL2.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL3.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL4.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL5.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL6.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL7.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL8.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL9.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL1.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL2.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL4.isu" -->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1} -->MsiExec.exe /X{87079BC7-1A1E-4520-B5C3-9AF582FA26FD} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697} Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD} Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD} Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log ADTRAN DSL Assistant-->"C:\Program Files\ADTRAN DSL Assistant\UninstallerData\Uninstall DSLAsstistant3.exe" Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu" Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D} AutoCAD LT 2006 - English-->MsiExec.exe /I{5783F2D7-4009-0409-0002-0060B0CE6BBA} Autodesk Design Review 2009 - SP1-->C:\Program Files\Autodesk\Autodesk Design Review\Setup\Setup.exe /P {450063AA-643B-417C-8CF5-405BA3F4EF40} /M ADR Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~2\Setup.exe /remove BIOS Configuration for HP ProtectTools-->MsiExec.exe /X{C74D0FA0-1D49-464F-A707-B427EE3385C1} Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver" CA eTrust GINA Option for Password Reset/Unlock-->MsiExec.exe /I{E90140E7-3D75-478E-AB57-78F21B9DA200} Cisco Clean Access Agent-->MsiExec.exe /X{04010300-6D72-4D54-8686-91D884A27B5C} Cisco Systems VPN Client 5.0.01.0600-->MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E} Credential Manager for HP ProtectTools-->MsiExec.exe /X{C15F7F16-941E-414B-A676-40190CD621D5} Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B} Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0} Embedded Security for HP ProtectTools-->MsiExec.exe /I{20A1D306-CE83-492A-8525-D6DF50B5944A} FLEXR 7.81-->C:\WINDOWS\IsUninst.exe -fC:\FLEXR781\Uninst.isu Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB953761)-->"C:\WINDOWS\$NtUninstallKB953761$\spuninst\spuninst.exe" HP 3D DriveGuard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{429E92A4-159F-4AEC-85A1-D693E1E4274D}\Setup.exe" -l0x9 UNINSTALL HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6} HP ProtectTools Security Manager-->MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357} HP Quick Launch Buttons 6.40 B2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8} IBM iSeries Access for Windows-->"C:\Program Files\IBM\Client Access\cwbinarp.exe" Intel® Active Management Technology Device Software-->C:\WINDOWS\system32\mesoludlg.exe -uninstall Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall Intel® PRO Network Connections Drivers-->Prounstl.exe Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL Java Card Security for HP ProtectTools-->MsiExec.exe /I{77130095-2039-424F-A633-4FAF0261258A} Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Macromedia Authorware Web Player-->C:\WINDOWS\system32\Macromed\AUTHORWA\UNWISE.EXE C:\WINDOWS\system32\Macromed\AUTHORWA\Install.log Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} MetaASSIST View-->"C:\Program Files\Actelis Networks\MetaASSIST View\Uninstall_MetaASSIST View\Uninstall MetaASSIST View.exe" MetaFrame Presentation Server Client-->MsiExec.exe /I{E92B7A19-5FD5-4AEE-9FEF-7AD5DD3A675E} mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Access 2000 SR-1-->MsiExec.exe /I{00100409-78E1-11D2-B60F-006097C998E7} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2000 SR-1 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7} Microsoft Office Standard Edition 2003-->MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9} Microsoft Office Visio Standard 2003-->MsiExec.exe /I{91530409-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Streets and Trips 2005-->MsiExec.exe /I{67E4EE98-59F4-4210-89A6-A20AF5BEC689} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03} Mozilla Firefox (2.0)-->C:\Program Files\Mozilla Firefox\uninstall\uninst.exe Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} NGS Qport Access - 5.10.19-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{29EA1C3E-2D8F-42FF-A5A9-CD3D45C2315E} NGS Qport Access - 5.10.37-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{DF45EF6C-9E13-4CBD-B393-9FDC306F8E18} PrintKey2000-->C:\PROGRA~1\PRINTK~1\UNWISE.EXE C:\PROGRA~1\PRINTK~1\INSTALL.LOG RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 RICOH R5C853 Driver Ver.1.00.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything ScrewDrivers Client v4-->MsiExec.exe /I{E8DDBFBC-6C65-4CEE-A4D7-CD6781E94BCC} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Serif PhotoPlus 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9 Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795\UIU32m.exe -U -IhpqZ3795.INF SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Trend Micro OfficeScan Client-->msiexec /x {ECEA7878-2100-4525-915D-B09174E36971} Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Verizon High Speed Internet-->"C:\WINDOWS\DSL\unins000.exe" Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u Volo View Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu" WebEx-->C:\WINDOWS\Downlo~1\atcliun.exe Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Trend Micro OfficeScan Antivirus AV: Trend Micro OfficeScan Antivirus ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Hewlett-Packard\IAM\bin;c:\Program Files\ActivIdentity\ActivClient\;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Autodesk Shared\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel "PROCESSOR_REVISION"=0f0b "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, November 26, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, November 26, 2008 16:29:29 Records in database: 1419058 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ N:\ T:\ Scan statistics Files scanned 65633 Threat name 3 Infected objects 4 Suspicious objects 0 Duration of the scan 01:18:00 File name Threat name Threats count C:\Program Files\Trend Micro\OfficeScan Client\Suspect\Roger Clyne and the Peacemakers - Winter in your Heart.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1 C:\Program Files\Trend Micro\OfficeScan Client\Suspect\wpv341227228046.cpx Infected: Trojan-Downloader.Win32.Agent.akwa 1 C:\Program Files\Trend Micro\OfficeScan Client\Suspect\wpv581227228222.cpx Infected: Trojan-Downloader.Win32.Agent.akwa 1 C:\WINDOWS\system32\installq.exe Infected: Trojan-Downloader.Win32.Obfuscated.blz 1 The selected area was scanned. -------------------------------- PLEASE PLEASE... Its been over 5 days... This post has been edited by Shawn_Evans: Nov 26 2008, 07:21 PM
Attached File(s)
|
|
|
|
|
Nov 26 2008, 10:28 PM
Post
#3
|
|
 Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,509 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Hello, Shawn_Evans
 to BleepingComputer.comMy name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.) Please give me some time to look over your computer's log(s). Please take note of the following:
We need to run a Scan with DDS
We need to scan for rootkits with GMER
Important! Please do not select the "Show all" checkbox during the scan.
In your next reply, please include the following:
Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
button in the lower left hand corner of your screen.
on your desktop.
|
Nov 27 2008, 01:00 AM
Post
#4
|
|
|
Member Group: Members Posts: 24 Joined: 11-July 08 Member No.: 221,858 |
DDS.txt
DDS (Version 1.0) - NTFSx86 Run by ShaEvans at 0:42:11.43 on Thu 11/27/2008 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1375 [GMT -5:00] ============== Running Processes =============== C:\WINDOWS\System32\svchost.exe -k Cognizance C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\ifxspmgt.exe c:\WINDOWS\system32\ifxtcs.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe c:\WINDOWS\system32\IfxPsdSv.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Intel\AMT\UNS.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\TEMP\JRE1D8.EXE C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\igfxsrvc.exe c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\shaevans\Desktop\dds.scr ============== Psuedo HJT Report =============== uStart Page = hxxp://home.fcinternal.net/fc/default.asp?ID=2 uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://nfuse.czncorp.com/Citrix/MetaFrame/auth/login.aspx uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe mRun: [atchk] "c:\program files\intel\amt\atchk.exe" mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule mRun: [IFXSPMGT] c:\windows\system32\ifxspmgt.exe /NotifyLogon mRun: [<NO NAME>] mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe" mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe" mRun: [Client Access Help Update] "c:\program files\ibm\client access\cwbinhlp.exe" mRun: [Client Access Check Version] "c:\program files\ibm\client access\cwbckver.exe" LOGIN mRun: [Client Access Express Welcome] "c:\program files\ibm\client access\cwbwlwiz.exe" mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe" mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\Pccntmon.exe" -HideWindow mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgentLauncher.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe uPolicies-system: Wallpaper = mPolicies-explorer: NoWelcomeScreen = 1 (0x1) IE: E&xport to Microsoft Excel - /3000 IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Notify: ackpbsc - c:\windows\system32\ackpbsc.dll Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll Notify: DeviceNP - DeviceNP.dll Notify: igfxcui - igfxdev.dll Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll AppInit_DLLs: APSHook.dll lmhfhs.dll hubsls.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , ============= SERVICES / DRIVERS =============== R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [2007-1-23 39080] R2 accoca;ActivClient Middleware Service;"c:\program files\actividentity\activclient\accoca.exe" [2007-5-3 182576] R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2004-8-4 14336] R2 atchksrv;Intel® Active Management Technology System Status Service;c:\program files\intel\amt\atchksrv.exe [2007-12-19 183064] R2 LMS;Intel® Active Management Technology Local Management Service;c:\program files\intel\amt\LMS.exe [2007-12-19 121624] R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2007-12-19 1489688] R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2008-11-2 24652] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\IFXTPM.SYS [2007-1-23 36608] R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2006-8-16 47616] S2 CCAAgentStub;CCA Agent Stub;"c:\windows\system32\CCAAgentStub.exe" [] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2007-4-23 30008] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [2007-4-30 172131] S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2006-8-16 47616] ============== File Associations =============== regfile=regedit.exe "%1" %* scrfile="%1" %* =============== Created Last 30 ================ 2008-11-26 21:13 <DIR> --d----- C:\VundoFix Backups 2008-11-26 11:56 5,174 a------- C:\Internetshortcut.reg 2008-11-26 10:55 410,976 a------- c:\windows\system32\deploytk.dll 2008-11-26 10:34 138,752 ac------ c:\windows\system32\dllcache\sndvol32.exe 2008-11-26 10:34 138,752 a------- c:\windows\system32\sndvol32.exe 2008-11-26 10:14 <DIR> --d----- c:\program files\Microsoft CAPICOM 2.1.0.2 2008-11-26 10:14 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys 2008-11-26 09:50 126,976 -c------ c:\windows\system32\dllcache\dhcpcsvc.dll 2008-11-26 09:46 <DIR> --d----- c:\program files\msn gaming zone 2008-11-26 09:37 <DIR> --d----- c:\windows\system32\scripting 2008-11-26 09:37 <DIR> --d----- c:\windows\system32\en 2008-11-26 09:37 <DIR> --d----- c:\windows\l2schemas 2008-11-26 09:37 <DIR> --d----- c:\windows\system32\bits 2008-11-26 09:34 <DIR> --d----- c:\windows\ServicePackFiles 2008-11-26 09:31 19,569 a------- c:\windows\003302_.tmp 2008-11-26 09:12 331,805,736 a------- C:\WindowsXP-KB936929-SP3-x86-ENU.exe 2008-11-26 09:00 <DIR> --d----- C:\hotfix 2008-11-26 08:14 65,584 a------- c:\windows\system32\SMSCfg.cpl 2008-11-25 15:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SecTaskMan 2008-11-25 10:01 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll 2008-11-25 09:57 23,576 a------- c:\windows\system32\wuapi.dll.mui 2008-11-22 15:47 885,141 a--sh--- c:\windows\system32\mSuuxyay.ini2 2008-11-22 15:47 885,141 a--sh--- c:\windows\system32\mSuuxyay.ini 2008-11-21 08:57 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2008-11-21 08:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2008-11-21 08:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-20 23:07 72,704 -------- c:\windows\system32\ltgnycfw.dll 2008-11-13 20:06 5,504 a------- c:\windows\system32\drivers\mstee.sys 2008-11-13 20:06 10,880 a------- c:\windows\system32\drivers\ndisip.sys 2008-11-13 20:06 16,384 a------- c:\windows\system32\ipsink.ax 2008-11-13 20:06 15,232 a------- c:\windows\system32\drivers\streamip.sys 2008-11-13 20:06 11,136 a------- c:\windows\system32\drivers\slip.sys 2008-11-13 20:06 19,200 a------- c:\windows\system32\drivers\wstcodec.sys 2008-11-13 20:06 85,248 a------- c:\windows\system32\drivers\nabtsfec.sys 2008-11-13 20:06 17,024 a------- c:\windows\system32\drivers\ccdecode.sys 2008-11-13 20:05 91,136 a------- c:\windows\system32\kswdmcap.ax 2008-11-13 20:05 61,952 a------- c:\windows\system32\kstvtune.ax 2008-11-13 20:05 53,760 a------- c:\windows\system32\vfwwdm32.dll 2008-11-13 20:05 51,200 a------- c:\windows\system32\drivers\msdv.sys 2008-11-13 20:05 43,008 a------- c:\windows\system32\ksxbar.ax 2008-11-13 20:05 28,672 a------- c:\windows\system32\vidcap.ax 2008-11-13 20:05 38,912 a------- c:\windows\system32\drivers\avc.sys 2008-11-13 20:05 48,128 a------- c:\windows\system32\drivers\61883.sys 2008-11-12 23:22 142,096 a------- c:\windows\system32\drivers\tmcomm.sys 2008-11-12 11:53 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll 2008-11-12 11:53 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll 2008-11-12 11:53 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll 2008-11-12 11:53 63,488 -c------ c:\windows\system32\dllcache\icardie.dll 2008-11-12 11:53 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll 2008-11-12 11:53 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe 2008-11-12 11:53 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat 2008-11-12 11:53 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui 2008-11-12 11:53 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll 2008-11-12 08:45 420 a------- c:\windows\cdplayer.ini 2008-11-11 22:36 <DIR> --d----- c:\windows\pss 2008-11-11 21:59 856 a------- c:\windows\Active Setup Log.BAK 2008-11-09 21:12 <DIR> --d----- c:\windows\RegisteredPackages 2008-11-08 10:57 1,172 a------- c:\windows\mozver.dat 2008-11-02 18:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint 2008-11-02 18:44 <DIR> --d----- c:\program files\Viewpoint 2008-11-02 18:44 <DIR> --d----- c:\program files\common files\AOL 2008-11-02 18:43 465 a---h--- C:\IPH.PH 2008-10-30 20:32 <DIR> --d----- c:\program files\Yahoo! 2008-10-30 20:32 <DIR> --d----- c:\program files\common files\Motive 2008-10-30 20:24 <DIR> --d----- c:\windows\DSL 2008-10-30 20:24 <DIR> --d----- c:\program files\common files\SupportSoft 2008-10-30 14:59 <DIR> --d----- c:\program files\Adobe Media Player 2008-10-28 10:57 <DIR> --d----- c:\program files\Bonjour ==================== Find3M ==================== 2008-11-26 15:33 <DIR> --d----- c:\program files\Trend Micro 2008-11-26 10:49 <DIR> --d----- c:\program files\DivX 2008-11-26 09:41 <DIR> --d----- c:\program files\Messenger 2008-11-26 09:39 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat 2008-11-25 16:49 <DIR> --d----- c:\program files\NCH Swift Sound 2008-11-25 16:49 <DIR> --d----- c:\docume~1\shaevans\applic~1\NCH Swift Sound 2008-11-24 22:48 <DIR> --d----- c:\program files\Windows NT 2008-11-21 08:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware 2008-11-19 21:03 <DIR> --d----- c:\program files\Cisco Systems 2008-11-08 00:57 <DIR> --d----- c:\docume~1\shaevans\applic~1\LimeWire 2008-10-24 14:20 <DIR> --d----- c:\program files\ADTRAN DSL Assistant 2008-10-24 08:27 <DIR> --d----- c:\docume~1\shaevans\applic~1\webex 2008-10-15 21:03 <DIR> --d----- c:\program files\common files\xing shared 2008-10-15 21:03 <DIR> --d----- c:\program files\common files\Real 2008-10-15 21:03 499,712 a------- c:\windows\system32\msvcp71.dll 2008-10-15 21:03 <DIR> --d----- c:\program files\Real 2008-09-15 19:11 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe 2008-09-15 07:12 1,846,400 a------- c:\windows\system32\win32k.sys 2008-09-09 20:14 1,307,648 a------- c:\windows\system32\msxml6.dll 2008-09-04 12:15 1,106,944 a------- c:\windows\system32\msxml3.dll 2008-08-29 09:18 87,336 a------- c:\windows\system32\dns-sd.exe 2008-08-29 08:53 61,440 a------- c:\windows\system32\dnssd.dll 2008-07-25 09:06 <DIR> --d----- c:\docume~1\shaevans\applic~1\Desktopicon 2008-07-11 12:16 <DIR> --d----- c:\docume~1\shaevans\applic~1\Malwarebytes 2008-07-11 12:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes 2008-06-13 09:47 <DIR> --d----- c:\docume~1\shaevans\applic~1\Amazon 2008-06-12 14:47 <DIR> --d----- c:\docume~1\shaevans\applic~1\Snapfish 2008-05-16 10:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Swift Sound 2008-05-16 10:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Software 2008-05-13 14:02 <DIR> --d----- c:\docume~1\shaevans\applic~1\Autodesk 2008-05-13 14:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Autodesk 2008-05-06 15:12 <DIR> --d----- c:\docume~1\shaevans\applic~1\MAPILab Ltd 2008-04-30 09:37 <DIR> --d----- c:\docume~1\shaevans\applic~1\ICAClient 2008-04-29 10:24 <DIR> --d----- c:\docume~1\shaevans\applic~1\Downloaded Installations 2008-01-02 11:29 <DIR> --d----- c:\docume~1\shaevans\applic~1\CiscoCAA 2007-12-19 11:04 <DIR> --d----- c:\docume~1\shaevans\applic~1\Infineon 2007-12-19 11:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Infineon 2007-12-19 11:03 <DIR> --d----- c:\docume~1\shaevans\applic~1\hpqLog 2007-12-19 09:30 <DIR> --d----- c:\docume~1\shaevans\applic~1\Intel 2007-12-19 09:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intel 2007-12-18 16:54 <DIR> --d----- c:\docume~1\shaevans\applic~1\OfficeUpdate12 ============= FINISH: 0:42:19.43 =============== attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Version 1.0) Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/21/2008 9:39:09 AM System Uptime: 11/26/2008 8:56:01 PM (4 hours ago) Motherboard: Hewlett-Packard | | 30BE Processor: Intel® Core™2 Duo CPU T7700 @ 2.40GHz | U10 | 2393/200mhz BIOS: KBC Version 68.35 | HP - 20020820 | 68MCU Ver. F.13 | 2/19/2008 7:00:00 PM ==== Disk Partitions ========================= C: is FIXED (NTFS) - 75 GiB total, 45.327 GiB free. D: is Removable ==== Disabled Device Manager Items ============= Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318} Description: CD-ROM Drive Device ID: IDE\CDROMMATbleepA_UJDA775_DVD/CDRW_______________1.00____\5&280A00E3&0&0.0.0 Manufacturer: (Standard CD-ROM drives) Name: MATbleepA UJDA775 DVD/CDRW PNP Device ID: IDE\CDROMMATbleepA_UJDA775_DVD/CDRW_______________1.00____\5&280A00E3&0&0.0.0 Service: cdrom Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Cisco Systems VPN Adapter Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco Systems VPN Adapter PNP Device ID: ROOT\NET\0000 Service: CVirtA ==== System Restore Points =================== No restore point in system. ==== Installed Programs ====================== ActivClient 6.1 x86 Adobe AIR Adobe Flash Player ActiveX Adobe Media Player Adobe Reader 7.0.9 Adobe Shockwave Player ADTRAN DSL Assistant Amazon MP3 Downloader 1.0.3 AnswerWorks Runtime Apple Mobile Device Support Apple Software Update AuthenTec Fingerprint Sensor Minimum Install AutoCAD LT 2006 - English Autodesk Design Review 2009 Autodesk Design Review 2009 - SP1 Autodesk DWF Viewer BIOS Configuration for HP ProtectTools Bonjour Broadcom 802.11 Wireless LAN Adapter CA eTrust GINA Option for Password Reset/Unlock Cisco Clean Access Agent Cisco Systems VPN Client 5.0.01.0600 Credential Manager for HP ProtectTools Device Access Manager for HP ProtectTools Easy CD Creator 5 Basic Embedded Security for HP ProtectTools FLEXR 7.81 Google Earth Google Updater HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB953761) HP 3D DriveGuard HP Integrated Module with Bluetooth wireless technology HP ProtectTools Security Manager HP Quick Launch Buttons 6.40 B2 HP Wireless Assistant IBM iSeries Access for Windows Intel® Active Management Technology Device Software Intel® Graphics Media Accelerator Driver Intel® PRO Network Connections Drivers Intel® PROSet/Wireless Software InterVideo Register Manager InterVideo WinDVD Java Card Security for HP ProtectTools Java™ 6 Update 10 Java™ 6 Update 5 Java™ 6 Update 7 Macromedia Authorware Web Player Macromedia Flash Player 8 Malwarebytes' Anti-Malware mCore mDrWiFi MetaASSIST View MetaFrame Presentation Server Client mHelp Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Access 2000 SR-1 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 SR-1 Standard Microsoft Office Standard Edition 2003 Microsoft Office Visio Standard 2003 Microsoft Silverlight Microsoft Streets and Trips 2005 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable mIWA mLogView mMHouse MobileMe Control Panel Mozilla Firefox (2.0) Mozilla Thunderbird (2.0.0.18) mPfMgr mPfWiz mProSafe mSCfg MSXML 6.0 Parser (KB933579) mWlsSafe mZConfig NGS Qport Access NGS Qport Access - 5.10.19 NGS Qport Access - 5.10.37 PrintKey2000 RealPlayer RICOH R5C853 Driver Ver.1.00.02 ScrewDrivers Client v4 Security Update for CAPICOM (KB931906) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Serif PhotoPlus 6.0 Soft Data Fax Modem with SmartCP SoundMAX Synaptics Pointing Device Driver Trend Micro OfficeScan Client Trillian Update for Windows XP (KB943729) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951618-v2) Update for Windows XP (KB951978) Verizon High Speed Internet Viewpoint Media Player Volo View Express WebEx WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Media Format 11 runtime Windows Media Player 11 Windows Movie Maker 2.0 Windows XP Service Pack 3 WinRAR archiver Yahoo! Install Manager ==== Event Viewer Messages =================== 11/20/2008 12:42:02 PM, error: Kerberos [4] - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/nyjthaswnfs01.corp.pvt. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (CORP.PVT), and the client realm. Please contact your system administrator. 11/20/2008 9:13:22 AM, error: Service Control Manager [7000] - The CCA Agent Stub service failed to start due to the following error: The system cannot find the file specified. 11/20/2008 6:42:30 PM, error: NETLOGON [5719] - No Domain Controller is available for domain CORP due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. 11/20/2008 6:45:20 PM, error: Dhcp [1002] - The IP address lease 192.168.1.42 for the Network Card with network address 0013E8F33FDD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 11/21/2008 8:07:28 AM, error: Dhcp [1002] - The IP address lease 10.32.26.130 for the Network Card with network address 001B389389E4 has been denied by the DHCP server 10.27.84.72 (The DHCP Server sent a DHCPNACK message). 11/22/2008 4:41:25 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/22/2008 4:42:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdudf_xp Fips intelppm tmtdi 11/24/2008 8:37:11 AM, error: Dhcp [1002] - The IP address lease 10.34.37.80 for the Network Card with network address 001B389389E4 has been denied by the DHCP server 10.32.1.49 (The DHCP Server sent a DHCPNACK message). 11/24/2008 10:04:45 AM, error: Kerberos [4] - The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/nyrofcs03fs03.corp.pvt. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (CORP.PVT), and the client realm. Please contact your system administrator. 11/24/2008 10:44:48 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 11/25/2008 4:32:28 PM, error: NETLOGON [5783] - The session setup to the Windows NT or Windows 2000 Domain Controller \\nyjthrs2kdc01.corp.pvt for the domain CORP is not responsive. The current RPC call from Netlogon on \\NYMTJSLXP041364 to \\nyjthrs2kdc01.corp.pvt has been cancelled. 11/25/2008 4:46:24 PM, error: Service Control Manager [7031] - The Google Updater Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service. 11/26/2008 10:59:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook 11/26/2008 11:03:12 AM, error: Print [22] - Failed to ugrade printer settings for printer \\nymt00s2kfp01\NYMTJSP24607,LocalOnly driver C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PS5UI.DLL error 5. 11/24/2008 9:16:13 AM, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\cacls.exe. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2195.2104, the version of the system file is 5.1.2600.0. ==== End Of File =========================== GMER GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-27 00:54:56 Windows 5.1.2600 Service Pack 3 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.) ---- EOF - GMER 1.0.14 ---- Thanks for all the help, regardless of outcome. A Donation is coming BC's way. Shawn |
|
|
|
|
Nov 27 2008, 12:33 PM
Post
#5
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,509 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Hello, Shawn_Evans
I don't see malware in there. Are you still having problems? Viewpoint is considered foistware instead of malware because it is installed without users approval, but doesn't spy or do anything "bad". You may like to read this article about the potential of this Viewpoint software here: http://www.clickz.com/news/article.php/3561546 I suggest you remove the program now. Click on Start > Run... > and then paste the following into the "Open" field: "appwiz.cpl" and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, and/or Viewpoint Media Player. We need to uninstall one or more programs Please click on Start > Control Panel > Add/Remove Programs and uninstall the following programs(if present): Java™ 6 Update 5 Java™ 6 Update 7 Download FileFind.zip and unzip to your desktop.
I would like us to use ESET (NOD32)'s Online Scanner
In your next reply, please include the following:
Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
|
Nov 28 2008, 12:10 AM
Post
#6
|
|
|
Member Group: Members Posts: 24 Joined: 11-July 08 Member No.: 221,858 |
Alright, I am not sure if my browser is hijacked or just plain eff'd up then. I was browsing espn, clicked on a link and 65 browsers popped up. Blank, nothing on them. After I rcvd a msg something like, "windows does not have the appropriate permissions to view this link". Here are my two scans. And then I just got another, an attempt was made to retrieve a token that does not exist. ????? I am posting my scans tomorrow as I need to get some sleep. To effing tired right now.
|
|
|
|
|
Nov 28 2008, 01:13 AM
Post
#7
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,509 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Alright... Please run the ESET scan after removing those outdated javas and we'll go from there
 Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
|
Nov 28 2008, 10:42 AM
Post
#8
|
|
|
Member Group: Members Posts: 24 Joined: 11-July 08 Member No.: 221,858 |
Here we go.. ESET picked up nothing..
# version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3647 (20081127) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.066 (20070917) # EOSSerial=91d53b63e878a649a6ca71177a342735 # end=finished # remove_checked=true # unwanted_checked=true # utc_time=2008-11-28 05:33:24 # local_time=2008-11-28 12:33:24 (-0500, Eastern Standard Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=455792 # found=0 # scan_time=2867 ------------------------------------------------------------------------------------- Filefind found no instances of that .dll file. ------------------------------------------------------------------------------------- Now, just some more background. 1. Couple of day ago, I did have a Antivirus 2009 pop up. Only 2 pop ups. That was it. 2. My browser is completely F**KED. Not completly, that is being a little melodramatic. But it is off. I need to have an open window in order to open a favorite of folder/desktop shortcut. I HAVE to open up all URL's in a seperate window. If I don't have that setting checked, it locks explorer. I updated my service pack to 3 and I recently removed IE7 or tried to. I am going to run another Kaspersky scan and post results. This has me miffed. And thanks for your help, especially around the holidays. Shawn ****UPDATE**** Ran Kaspersky online scanner.. Found multiple threats... Posting logs from past 3 scans. This post has been edited by Shawn_Evans: Nov 28 2008, 11:33 AM
Attached File(s)
kapersky_11_21_2008.html ( 3.47k )
Number of downloads: 8
kapersky_11_26_2008.html ( 3.55k )
Number of downloads: 11
kapersky_11_29_2008.html ( 3.7k )
Number of downloads: 12 |
|
|
|
|
Nov 28 2008, 12:08 PM
Post
#9
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,509 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Hello, Shawn_Evans
The files detected by kaspersky were already taken care of by TrendMicro on your machine. Except this one: C:\WINDOWS\system32\installq.exe Please do this to get rid of that I'm not sure what's causing your other problems with Internet Exploder. Please let me know if DialAFix helps. If you saw an A-V 2009 popup it may have simply been generated by the website you are on. Popups aren't usually an indicator of malware unless they are generated when you aren't even browsing the internet. We need to execute an OTMoveIt3 script
We need to repair some of windows' internal registration settings
In your next reply, please include the following:
Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
icon on your desktop.
area. Do not include the word "Code".
button.
line here in your next reply.
)
|
Nov 28 2008, 12:55 PM
Post
#10
|
|
|
Member Group: Members Posts: 24 Joined: 11-July 08 Member No.: 221,858 |
Ok, here we go....
OTM results... ========== FILES ========== C:\WINDOWS\system32\installq.exe moved successfully. OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11282008_124217 ------------------------------------ New RTIS Log. Logfile of random's system information tool 1.04 (written by random/random) Run by shaevans at 2008-11-28 12:48:14 Microsoft Windows XP Professional Service Pack 3 System drive C: has 46 GB (61%) free of 76 GB Total RAM: 2039 MB (58% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:48:21 PM, on 11/28/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe c:\Program Files\ActivIdentity\ActivClient\accoca.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Intel\AMT\atchksrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\WINDOWS\SYSTEM32\DWRCS.EXE C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe c:\WINDOWS\system32\ifxspmgt.exe c:\WINDOWS\system32\ifxtcs.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Intel\AMT\LMS.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe c:\WINDOWS\system32\IfxPsdSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\AMT\UNS.exe C:\WINDOWS\TEMP\SCAFC.EXE C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe C:\Program Files\Intel\AMT\atchk.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe c:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\WINDOWS\system32\hkcmd.exe C:\kix\UTLite33.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\PrintKey2000\Printkey2000.exe C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe C:\WINDOWS\MS\SMS\CORE\BIN\Launch32.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\WINDOWS\explorer.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\shaevans\My Documents\RSIT.exe C:\Program Files\trend micro\shaevans.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.fcinternal.net/fc/default.asp?ID=2 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://nfuse.czncorp.com/Citrix/MetaFrame/auth/login.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon O4 - HKLM\..\Run: [accrdsub] "c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe" O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) O4 - Global Startup: AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res:///3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...20Installer.cab O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://www.pandasecurity.com/activescan/cabs/as2stubie.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1198010915734 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227705794549 O16 - DPF: {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab O16 - DPF: {DC11F230-5717-4C25-BAD7-37B879C19655} (MyPhotoAlbum Easy Upload Tool Combo Control) - http://schleppy1975.myphotoalbum.com/ImageUploader4.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sapience360.webex.com/client/T26L/webex/ieatgpc.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.pvt O17 - HKLM\Software\..\Telephony: DomainName = corp.pvt O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.pvt O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = corp.pvt O20 - AppInit_DLLs: APSHook.dll lmhfhs.dll hubsls.dll O20 - Winlogon Notify: ackpbsc - c:\WINDOWS\system32\ackpbsc.dll O20 - Winlogon Notify: acunlock - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll O20 - Winlogon Notify: yayyVopP - C:\WINDOWS\ O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - c:\Program Files\ActivIdentity\ActivClient\accoca.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: CCA Agent Stub (CCAAgentStub) - Unknown owner - C:\WINDOWS\system32\CCAAgentStub.exe (file missing) O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\WINDOWS\system32\ifxtcs.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe -- End of file - 14792 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-17 652784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400] "atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-05-01 404248] "hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-10-08 995328] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824] "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088] "PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184] "CognizanceTS"=C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920] "IFXSPMGT"=c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408] ""= [] "accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-03 293168] "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448] "Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-01-02 40960] "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-18 138008] "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-18 162584] "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-18 138008] "QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456] "Client Access Service"=C:\Program Files\IBM\Client Access\cwbsvstr.exe [2002-05-07 20530] "Client Access Help Update"=C:\Program Files\IBM\Client Access\cwbinhlp.exe [2002-05-07 24626] "Client Access Check Version"=C:\Program Files\IBM\Client Access\cwbckver.exe [2002-05-07 45056] "Client Access Express Welcome"=C:\Program Files\IBM\Client Access\cwbwlwiz.exe [2002-05-07 20530] "AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032] "OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe [2008-10-09 709928] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-15 185872] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936] "Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-03-19 439736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-30 68856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] C:\Documents and Settings\All Users\Start Menu\Programs\Startup AutoCAD LT Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Clean Access Agent.lnk - C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="APSHook.dll lmhfhs.dll hubsls.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc] c:\WINDOWS\system32\ackpbsc.dll [2007-05-03 112640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock] c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-03 281088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP] C:\WINDOWS\system32\DeviceNP.dll [2007-04-30 49152] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2007-05-16 204800] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard] C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2008-05-13 85504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyVopP] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "Wallpaper"= [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"=Legal Notice "legalnoticetext"=This computer system and the data contained herein are property of Frontier Communications. Any unauthorized access and/or use of the data will be investigated and prosecuted to the full extent of the law. This system is to be used for business purposes. All information stored or processed is property of Frontier Communications and is subject to inspection. "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoWelcomeScreen"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\SmartFTP\SmartFTP.exe"="C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe" "C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe"="C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe:*:Enabled:Citrix Secure Access Agent" "C:\Program Files\NET6\net6vpn.exe"="C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent" "C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Citrix\ICA Client\wfica32.exe"="C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\SMSADMIN\bin\i386\statview.exe"="C:\SMSADMIN\bin\i386\statview.exe:*:Enabled:SMS 2.0 Utility - Status Message Viewer" "C:\SMSADMIN\bin\i386\SETUP.EXE"="C:\SMSADMIN\bin\i386\SETUP.EXE:*:Enabled:SMS Setup" "C:\WINDOWS\system32\wbem\unsecapp.exe"="C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp.exe" "C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger" "C:\WINDOWS\system32\VoissAssistant.exe"="C:\WINDOWS\system32\VoissAssistant.exe:*:Enabled:VoissAssistant" "C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE" "C:\Program Files\NET6\net6vpn.exe"="C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent" "C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe"="C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw" "C:\Program Files\Viryanet\MicroServer\VCM.exe"="C:\Program Files\Viryanet\MicroServer\VCM.exe:*:Enabled:VCM" "C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer" "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Citrix\ICA Client\wfica32.exe"="C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32)" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57bd5546-adaa-11dc-bbbe-b02c9a8bec2e}] shell\AutoRun\command - E:\setup.exe ======File associations====== .reg - open - regedit.exe "%1" %* .scr - open - "%1" %* ======List of files/folders created in the last 1 months====== 2008-11-28 12:42:17 ----D---- C:\_OTMoveIt 2008-11-28 10:37:33 ----A---- C:\Export.txt 2008-11-27 23:41:45 ----D---- C:\Program Files\EsetOnlineScanner 2008-11-27 00:43:10 ----A---- C:\WINDOWS\gmer.ini 2008-11-27 00:43:08 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2008-11-27 00:43:08 ----A---- C:\WINDOWS\gmer.exe 2008-11-27 00:43:08 ----A---- C:\WINDOWS\gmer.dll 2008-11-26 21:13:01 ----D---- C:\VundoFix Backups 2008-11-26 21:13:01 ----A---- C:\VundoFix.txt 2008-11-26 15:32:55 ----D---- C:\rsit 2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\javaws.exe 2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\javaw.exe 2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\java.exe 2008-11-26 10:55:49 ----A---- C:\WINDOWS\system32\deploytk.dll 2008-11-26 10:48:51 ----SHD---- C:\Config.Msi 2008-11-26 10:34:26 ----A---- C:\WINDOWS\system32\sndvol32.exe 2008-11-26 10:15:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-11-26 10:15:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2008-11-26 10:15:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-11-26 10:14:42 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-11-26 09:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB953761$ 2008-11-26 09:46:36 ----D---- C:\Program Files\msn gaming zone 2008-11-26 09:46:27 ----D---- C:\WINDOWS\Prefetch 2008-11-26 09:43:10 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-11-26 09:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-11-26 09:42:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-11-26 09:42:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-11-26 09:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$ 2008-11-26 09:42:40 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-11-26 09:42:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-11-26 09:42:27 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$ 2008-11-26 09:42:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-11-26 09:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-11-26 09:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-11-26 09:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-11-26 09:42:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951618-v2$ 2008-11-26 09:41:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-11-26 09:41:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-11-26 09:41:45 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-11-26 09:41:40 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-11-26 09:41:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$ 2008-11-26 09:41:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-11-26 09:41:25 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-11-26 09:38:22 ----A---- C:\WINDOWS\system32\msxml6r.dll 2008-11-26 09:38:15 ----N---- C:\WINDOWS\system32\comsdupd.exe 2008-11-26 09:38:11 ----N---- C:\WINDOWS\system32\ati2dvaa.dll 2008-11-26 09:38:11 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\azroles.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-11-26 09:38:10 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-11-26 09:38:09 ----N---- C:\WINDOWS\system32\credssp.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\hsfcisp2.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-11-26 09:38:08 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-11-26 09:38:07 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mssha.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-11-26 09:38:06 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-11-26 09:38:05 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-11-26 09:38:04 ----N---- C:\WINDOWS\system32\napstat.exe 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qutil.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\qagent.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\onex.dll 2008-11-26 09:38:03 ----N---- C:\WINDOWS\system32\nv4_disp.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slserv.exe 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slgen.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-11-26 09:38:02 ----N---- C:\WINDOWS\system32\setupn.exe 2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-11-26 09:38:01 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-11-26 09:38:00 ----N---- C:\WINDOWS\slrundll.exe 2008-11-26 09:37:59 ----D---- C:\WINDOWS\system32\scripting 2008-11-26 09:37:57 ----D---- C:\WINDOWS\system32\en 2008-11-26 09:37:57 ----D---- C:\WINDOWS\l2schemas 2008-11-26 09:37:56 ----D---- C:\WINDOWS\system32\bits 2008-11-26 09:34:44 ----D---- C:\WINDOWS\ServicePackFiles 2008-11-26 09:32:13 ----D---- C:\WINDOWS\network diagnostic 2008-11-26 09:31:23 ----A---- C:\WINDOWS\003302_.tmp 2008-11-26 09:28:45 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-11-26 09:12:01 ----A---- C:\WindowsXP-KB936929-SP3-x86-ENU.exe 2008-11-26 09:00:49 ----D---- C:\hotfix 2008-11-25 15:45:08 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan 2008-11-25 10:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$ 2008-11-25 10:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$ 2008-11-25 09:57:18 ----A---- C:\WINDOWS\system32\wuapi.dll.mui 2008-11-22 15:47:28 ----ASH---- C:\WINDOWS\system32\mSuuxyay.ini2 2008-11-22 15:47:27 ----ASH---- C:\WINDOWS\system32\mSuuxyay.ini 2008-11-21 08:57:38 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-21 08:57:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-11-20 23:07:52 ----N---- C:\WINDOWS\system32\ltgnycfw.dll 2008-11-20 23:07:12 ----A---- C:\WINDOWS\system32\f30f2094-.txt 2008-11-13 20:05:58 ----A---- C:\WINDOWS\system32\vfwwdm32.dll 2008-11-12 13:22:03 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$ 2008-11-12 13:21:26 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$ 2008-11-12 11:53:30 ----D---- C:\WINDOWS\ie7updates 2008-11-12 08:45:28 ----A---- C:\WINDOWS\cdplayer.ini 2008-11-11 22:36:50 ----D---- C:\WINDOWS\pss 2008-11-11 22:17:27 ----D---- C:\WINDOWS\WBEM 2008-11-11 22:15:49 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 2008-11-11 22:15:34 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 2008-11-11 22:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$ 2008-11-11 22:14:58 ----N---- C:\WINDOWS\system32\xmllite.dll 2008-11-11 21:59:14 ----A---- C:\WINDOWS\Active Setup Log.txt 2008-11-11 21:59:14 ----A---- C:\WINDOWS\Active Setup Log.BAK 2008-11-09 21:12:47 ----D---- C:\WINDOWS\RegisteredPackages 2008-11-05 12:17:52 ----D---- C:\Documents and Settings\shaevans\Application Data\Thunderbird 2008-11-05 12:17:46 ----D---- C:\Program Files\Mozilla Thunderbird 2008-11-02 18:44:26 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint 2008-11-02 18:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP 2008-11-02 18:44:18 ----D---- C:\Documents and Settings\All Users\Application Data\AOL 2008-11-02 18:44:01 ----D---- C:\Program Files\Common Files\AOL 2008-10-30 20:52:30 ----D---- C:\Documents and Settings\shaevans\Application Data\Motive 2008-10-30 20:32:40 ----D---- C:\Program Files\Yahoo! 2008-10-30 20:32:18 ----D---- C:\Documents and Settings\All Users\Application Data\Motive 2008-10-30 20:32:08 ----D---- C:\Program Files\Common Files\Motive 2008-10-30 20:24:28 ----D---- C:\WINDOWS\DSL 2008-10-30 20:24:28 ----D---- C:\Program Files\Common Files\SupportSoft 2008-10-30 14:59:07 ----D---- C:\Program Files\Adobe Media Player 2008-10-30 14:59:03 ----D---- C:\Program Files\Common Files\Adobe AIR ======List of files/folders modified in the last 1 months====== 2008-11-28 12:48:15 ----D---- C:\Program Files\Trend Micro 2008-11-28 12:47:52 ----D---- C:\WINDOWS\system32 2008-11-28 12:47:52 ----D---- C:\Program Files\DivX 2008-11-28 10:53:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-11-28 10:51:47 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-28 10:31:06 ----D---- C:\WINDOWS\security 2008-11-28 10:26:19 ----A---- C:\WINDOWS\cfgall.ini 2008-11-28 10:25:57 ----D---- C:\WINDOWS\Temp 2008-11-28 10:25:57 ----A---- C:\WINDOWS\SMSCFG.ini 2008-11-28 10:24:08 ----A---- C:\WINDOWS\system32\log.txt 2008-11-28 10:24:03 ----A---- C:\gina_pre.txt 2008-11-28 00:35:57 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-11-27 23:41:45 ----RD---- C:\Program Files 2008-11-27 23:41:23 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-27 20:53:19 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-11-27 00:43:10 ----D---- C:\WINDOWS 2008-11-27 00:43:08 ----D---- C:\WINDOWS\system32\drivers 2008-11-26 19:38:01 ----A---- C:\WINDOWS\ntbtlog.txt 2008-11-26 11:26:50 ----HD---- C:\WINDOWS\inf 2008-11-26 11:26:50 ----D---- C:\WINDOWS\system32\CatRoot 2008-11-26 11:09:14 ----A---- C:\WINDOWS\hpbafd.ini 2008-11-26 10:57:42 ----D---- C:\Program Files\Common Files 2008-11-26 10:55:33 ----SHD---- C:\WINDOWS\Installer 2008-11-26 10:55:29 ----D---- C:\Program Files\Java 2008-11-26 10:50:46 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-11-26 10:50:39 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-11-26 10:48:57 ----D---- C:\Program Files\Common Files\Apple 2008-11-26 10:45:29 ----SD---- C:\WINDOWS\Tasks 2008-11-26 10:38:46 ----A---- C:\WINDOWS\OEWABLog.txt 2008-11-26 10:35:33 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-11-26 10:15:35 ----HD---- C:\WINDOWS\$hf_mig$ 2008-11-26 09:46:33 ----A---- C:\WINDOWS\setuplog.txt 2008-11-26 09:45:50 ----RSD---- C:\WINDOWS\Fonts 2008-11-26 09:45:50 ----D---- C:\WINDOWS\system32\wbem 2008-11-26 09:45:50 ----D---- C:\WINDOWS\system32\Setup 2008-11-26 09:45:50 ----D---- C:\WINDOWS\AppPatch 2008-11-26 09:42:03 ----D---- C:\WINDOWS\Help 2008-11-26 09:41:30 ----D---- C:\Program Files\Messenger 2008-11-26 09:40:53 ----D---- C:\WINDOWS\system32\inetsrv 2008-11-26 09:38:28 ----D---- C:\WINDOWS\WinSxS 2008-11-26 09:38:14 ----D---- C:\WINDOWS\ime 2008-11-26 09:38:00 ----D---- C:\WINDOWS\system32\usmt 2008-11-26 09:38:00 ----D---- C:\WINDOWS\system32\en-us 2008-11-26 09:37:57 ----D---- C:\Program Files\Internet Explorer 2008-11-26 09:37:56 ----D---- C:\WINDOWS\PeerNet 2008-11-26 09:37:56 ----D---- C:\Program Files\Movie Maker 2008-11-26 09:34:32 ----D---- C:\WINDOWS\system32\Restore 2008-11-26 09:34:32 ----D---- C:\WINDOWS\system32\npp 2008-11-26 09:34:32 ----D---- C:\WINDOWS\mui 2008-11-26 09:34:30 ----D---- C:\WINDOWS\msagent 2008-11-26 09:34:29 ----D---- C:\WINDOWS\srchasst 2008-11-26 09:34:28 ----D---- C:\Program Files\NetMeeting 2008-11-26 09:34:26 ----D---- C:\WINDOWS\system32\Com 2008-11-26 09:34:23 ----D---- C:\Program Files\Windows Media Player 2008-11-26 09:34:23 ----D---- C:\Program Files\Outlook Express 2008-11-26 09:34:18 ----D---- C:\Program Files\Common Files\System 2008-11-26 09:33:57 ----D---- C:\WINDOWS\system32\oobe 2008-11-26 09:33:56 ----D---- C:\WINDOWS\system 2008-11-26 09:28:43 ----D---- C:\WINDOWS\ehome 2008-11-26 08:38:25 ----D---- C:\WINDOWS\system32\appmgmt 2008-11-26 08:23:18 ----D---- C:\WINDOWS\SoftwareDistribution 2008-11-26 08:20:52 ----D---- C:\Documents and Settings 2008-11-26 08:11:37 ----RASH---- C:\boot.ini 2008-11-26 08:11:37 ----N---- C:\WINDOWS\system.ini 2008-11-26 08:11:37 ----A---- C:\WINDOWS\win.ini 2008-11-25 16:49:50 ----D---- C:\Program Files\NCH Swift Sound 2008-11-25 16:49:50 ----D---- C:\Documents and Settings\shaevans\Application Data\NCH Swift Sound 2008-11-25 16:15:46 ----D---- C:\Program Files\Google 2008-11-25 16:15:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2008-11-24 22:48:21 ----D---- C:\Program Files\Windows NT 2008-11-21 08:54:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-19 21:03:32 ----D---- C:\Program Files\Cisco Systems 2008-11-14 15:41:28 ----D---- C:\Program Files\Trillian 2008-11-13 22:46:25 ----D---- C:\Program Files\Mozilla Firefox 2008-11-11 22:17:18 ----D---- C:\WINDOWS\Media 2008-11-08 00:57:07 ----D---- C:\Documents and Settings\shaevans\Application Data\LimeWire 2008-11-07 08:16:45 ----SHD---- C:\WINDOWS\CSC 2008-11-05 12:17:53 ----D---- C:\Documents and Settings\shaevans\Application Data\Mozilla 2008-11-03 19:10:25 ----A---- C:\WINDOWS\system32\MRT.exe 2008-11-02 06:54:14 ----D---- C:\Program Files\Microsoft Silverlight 2008-10-30 20:21:19 ----SD---- C:\Documents and Settings\shaevans\Application Data\Microsoft 2008-10-30 14:59:10 ----D---- C:\Documents and Settings\shaevans\Application Data\Adobe 2008-10-30 14:59:10 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592] R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-01-23 39080] R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2008-01-02 143834] R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-10-09 72072] R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2008-01-02 206464] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-12-19 21361] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-08-27 12288] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [] R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [] R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [] R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016] R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600] R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560] R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861] R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459] R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298] R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-19 255896] R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368] R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-10-16 989312] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-10-16 211200] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-16 5707744] R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608] R3 kbstuff;SMS Virtual Input Device; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2003-02-23 7744] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584] R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-10-16 731136] S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2008-09-15 9336] S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2008-09-15 9464] S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-14 48128] S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-14 38912] S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123] S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275] S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008] S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2008-01-02 25898] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-11-27 85969] S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2008-01-02 30630] S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [] S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-14 51200] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-05-16 27136] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 RICOH SmartCard Reader;RICOH SmartCard Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2003-02-23 2704] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-03 182576] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040] R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 atchksrv;Intel® Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 183064] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512] R2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE [2004-01-07 249856] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624] R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-17 168432] R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2007-12-05 144688] R2 IFXSpMgtSrv;Security Platform Management Service; c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408] R2 IFXTCS;Trusted Platform Core Service; c:\WINDOWS\system32\ifxtcs.exe [2007-01-23 849440] R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984] R2 LMS;Intel® Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 121624] R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-10-09 906536] R2 PersonalSecureDriveService;Personal Secure Drive service; c:\WINDOWS\system32\IfxPsdSv.exe [2007-02-15 140832] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328] R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744] R2 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2008-10-09 984360] R2 UNS;Intel® Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 1489688] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 CCAAgentStub;CCA Agent Stub; C:\WINDOWS\system32\CCAAgentStub.exe [] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-05-13 77944] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 Cwbrxd;iSeries Access for Windows Remote Command; C:\WINDOWS\CWBRXD.EXE [2002-02-04 53296] S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-04-30 172131] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-10-09 652552] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] -----------------EOF----------------- With regards to the Dial A Fix. I recvd an additional dialog box. Not sure what it meant so I am posting it now before proceeding. I have attached it.
Attached File(s)
|
|
|
|
|
Nov 28 2008, 01:22 PM
Post
#11
|
|
|
Member Group: Members Posts: 24 Joined: 11-July 08 Member No.: 221,858 |
Bill,
Someone has brought to my attention that the following files may be part of my problem as well. QUOTE C:\WINDOWS\system32\mSuuxyay.ini2 C:\WINDOWS\system32\mSuuxyay.ini C:\WINDOWS\system32\ltgnycfw.dll C:\WINDOWS\system32\f30f2094-.txt Any idea's... Shawn |
|
|
|
|
Nov 28 2008, 08:41 PM
Post
#12
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,509 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
I don't think those are good, but they are not starting themselves and are not part of the current problem. However, malware is not causing your current issues.
You should be able to manually delete them without problems. However, that's not causing your issues. If you'd like, we can try resetting your browser to factory defaults. However if I do that, it will possibly lose some amount of personalization of the browser. Would you like me to do that? Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
|
Nov 29 2008, 08:00 AM
Post
#13
|
|
|
Member Group: Members Posts: 24 Joined: 11-July 08 Member No.: 221,858 |
I have not personalized my browser at all so that would not be a problem. And I would love to clean up the system a little . Very slow on start up.
And it would be alright if I removed those files with combo fix or something..?? And what was with that Dial A Fix Dialog box I rcvd regarding those reg keys. -Shawn This post has been edited by Shawn_Evans: Nov 29 2008, 08:03 AM |
|
|
|
|
Nov 29 2008, 07:51 PM
Post
#14
|
|
|
Look buddy -- I'm an Engineer Group: HJT Team Coach Posts: 8,509 Joined: 17-January 08 From: Northfield, Ohio Member No.: 184,215 |
Hello, Shawn_Evans
Sure... this will get rid of those for you. Using CF here would be like killing a mouse with an elephant gun. To reset the browser:
We need to execute an OTMoveIt3 script
We need to scan for Rootkits with GMER
We need to create an OTViewIt Report
In your next reply, please include the following:
Billy3 -------------------- The forum is always a busy place. In the event I fail to reply within twenty-four hours, feel free to send me a PM.
Have I helped you? If so, please consider a donation (by clicking this link). And that means I solve problems. Not problems like "What is beauty?" .. 'cause that would fall under the purview of your conundrums of philosophy.... |
|
|
|
on your desktop.
and wait for the scan to finish.
and save the logfile to your desktop.
icon on your desktop.
button.|
Nov 29 2008, 10:20 PM
Post
#15
|
|
|
Member Group: Members Posts: 24 Joined: 11-July 08 Member No.: 221,858 |
Ok, firstly, The reset button was not located under the advanced button tab. Only restore defaults. I did so.. doubt it worked.
Secondly, the OTmoveit on those 4 files did not work. See log below. The rest of the scans are cut and pasted. OTMOVEIT results Error: Unable to interpret <C:\WINDOWS\system32\mSuuxyay.ini2> in the current context! Error: Unable to interpret <C:\WINDOWS\system32\mSuuxyay.ini> in the current context! Error: Unable to interpret <C:\WINDOWS\system32\ltgnycfw.dll> in the current context! Error: Unable to interpret <C:\WINDOWS\system32\f30f2094-.txt> in the current context! OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11292008_215848 ----------------------------------------------------------------------------------------------------------- GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-11-29 22:08:09 Windows 5.1.2600 Service Pack 3 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) ---- EOF - GMER 1.0.14 ---- OTViewIt logfile created on: 11/29/2008 10:09:22 PM - Run OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\shaevans\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.85% Memory free 3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.43% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 45.09 Gb Free Space | 60.51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NYMTJSLXP041364 Current User Name: ShaEvans NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== Processes ========== [2007/02/06 15:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007/10/08 14:06:44 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007/05/03 18:51:42 | 00,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe [2007/05/03 18:51:44 | 00,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007/05/01 16:52:14 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe [2007/07/16 11:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004/01/07 17:41:22 | 00,249,856 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE [2007/10/08 14:27:02 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2008/10/17 10:29:42 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007/02/15 13:00:04 | 00,677,408 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IFXSPMGT.exe [2007/01/23 19:26:02 | 00,849,440 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IFXTCS.exe [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2008/11/26 10:55:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe [2007/05/01 16:52:06 | 00,121,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\Lms.exe [2008/10/09 15:47:06 | 00,906,536 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe [2007/02/15 12:55:18 | 00,140,832 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IfxPsdSv.exe [2007/10/08 14:01:54 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007/05/01 16:52:18 | 01,489,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\Uns.exe [2007/12/05 16:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008/10/09 15:47:02 | 00,984,360 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe [2007/03/07 05:19:00 | 00,066,048 | R--- | M] (Bioscrypt Inc.) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe [2008/10/09 15:47:22 | 00,296,224 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\Temp\IU7186.EXE [2008/10/09 15:47:20 | 00,435,576 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe [2007/05/01 16:52:10 | 00,404,248 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe [2007/09/15 02:27:20 | 01,015,808 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007/03/01 13:18:36 | 00,472,776 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008/04/14 05:42:42 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe [2007/10/08 14:18:04 | 00,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe [2007/10/08 14:13:36 | 01,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe [2007/05/03 18:51:06 | 00,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007/01/05 17:36:48 | 00,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007/05/18 21:50:08 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe [2007/05/18 21:50:16 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe [2007/05/18 21:50:20 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe [2007/11/06 16:34:02 | 00,177,456 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe [2007/05/03 18:51:42 | 00,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe [2002/12/17 12:28:00 | 00,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [2008/10/09 15:47:02 | 00,709,928 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe [2008/11/26 10:55:34 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe [2007/01/23 20:15:14 | 00,181,792 | ---- | M] (Infineon Technologies AG) -- c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe [2007/05/16 09:43:04 | 00,677,432 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe [2007/02/06 15:14:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1999/09/30 20:31:38 | 00,869,376 | ---- | M] (Fred's Software) -- C:\Program Files\PrintKey2000\Printkey2000.exe [2008/09/26 11:12:16 | 01,897,184 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007/10/08 14:09:26 | 00,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe [2007/02/06 15:11:50 | 01,409,108 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe [2008/04/14 05:42:24 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe [2008/10/15 21:03:31 | 00,185,872 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008/11/28 12:41:13 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTMoveIt3.exe [2008/04/14 05:42:30 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe [2008/11/29 21:59:47 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTViewIt.exe ========== (O23) Win32 Services ========== [2007/05/03 18:51:44 | 00,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca [Auto | Running]) [2008/10/01 12:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running]) [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2007/05/01 16:52:14 | 00,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv [Auto | Running]) [2008/05/13 13:26:00 | 00,077,944 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [On_Demand | Stopped]) [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running]) [2007/02/06 15:02:26 | 00,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running]) File not found -- -- (CCAAgentStub [Auto | Stopped]) [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2007/07/16 11:58:02 | 01,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running]) [2002/02/04 05:20:00 | 00,053,296 | ---- | M] (IBM Corporation) -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd [On_Demand | Stopped]) [2004/01/07 17:41:22 | 00,249,856 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE -- (DWMRCS [Auto | Running]) [2007/10/08 14:27:02 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running]) [2007/04/30 08:28:34 | 00,172,131 | ---- | M] (Hewlett-Packard Ltd) -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK [On_Demand | Stopped]) [2008/10/17 10:29:42 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running]) [2007/12/05 16:30:40 | 00,144,688 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex [Auto | Running]) [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2007/02/15 13:00:04 | 00,677,408 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IFXSPMGT.exe -- (IFXSpMgtSrv [Auto | Running]) [2007/01/23 19:26:02 | 00,849,440 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IFXTCS.exe -- (IFXTCS [Auto | Running]) [2007/12/19 17:01:28 | 00,155,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\imapihp.exe -- (ImapiService [On_Demand | Stopped]) [2007/01/04 19:48:52 | 00,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr [Auto | Running]) [2008/11/26 10:55:34 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running]) [2007/05/01 16:52:06 | 00,121,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\Lms.exe -- (LMS [Auto | Running]) [2008/10/09 15:47:06 | 00,906,536 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe -- (ntrtscan [Auto | Running]) [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2007/02/15 12:55:18 | 00,140,832 | ---- | M] (Infineon Technologies AG) -- c:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService [Auto | Running]) [2007/10/08 14:01:54 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running]) [2007/10/08 14:06:44 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running]) [2008/10/09 15:47:02 | 00,984,360 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten [Auto | Running]) [2008/10/09 15:47:08 | 00,652,552 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy [On_Demand | Stopped]) [2007/05/01 16:52:18 | 01,489,688 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\Uns.exe -- (UNS [Auto | Running]) [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2008/04/14 00:16:22 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\61883.sys -- (61883 [On_Demand | Stopped]) [2006/10/17 10:59:06 | 00,022,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer [On_Demand | Running]) [2007/10/01 13:27:40 | 00,281,600 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running]) [2007/07/13 10:26:12 | 00,094,976 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio [On_Demand | Running]) [2007/12/19 09:30:25 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running]) [2007/08/28 15:47:36 | 00,146,560 | ---- | M] (AuthenTec, Inc.) -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV [On_Demand | Running]) [2008/04/14 00:16:22 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc [On_Demand | Stopped]) [2007/02/14 14:20:56 | 00,530,861 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio [On_Demand | Running]) [2007/02/14 14:20:58 | 00,030,459 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver [On_Demand | Running]) [2007/02/14 14:20:58 | 00,868,298 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running]) [2007/02/14 14:20:58 | 00,149,123 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS [On_Demand | Running]) [2007/02/14 14:21:00 | 00,067,960 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Running]) [2008/09/15 19:14:18 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Stopped]) [2008/09/15 19:14:20 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Stopped]) [2002/12/17 12:27:32 | 00,241,152 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp [System | Running]) [2007/01/18 15:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA [On_Demand | Stopped]) [2007/07/16 11:57:12 | 00,306,299 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running]) [2007/04/23 13:13:44 | 00,030,008 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv [On_Demand | Stopped]) [2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE [On_Demand | Running]) [2008/01/02 11:34:13 | 00,025,898 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K [On_Demand | Stopped]) [2007/06/19 18:47:58 | 00,255,896 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express [On_Demand | Running]) [2008/11/27 00:43:08 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [On_Demand | Running]) [2006/06/28 09:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey [On_Demand | Running]) [2008/04/13 22:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2006/10/17 10:57:58 | 00,017,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt [Boot | Running]) [2007/06/18 16:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running]) [2007/10/16 07:28:20 | 00,211,200 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running]) [2007/10/16 07:29:00 | 00,989,312 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running]) [2007/05/16 11:14:58 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm [On_Demand | Running]) [2003/02/23 02:05:00 | 00,002,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\idisw2km.sys -- (idisw2km [Disabled | Stopped]) [2007/01/23 19:13:26 | 00,036,608 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM [On_Demand | Running]) [2008/04/14 00:09:50 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running]) [2003/02/23 02:05:00 | 00,007,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbstuff5.sys -- (kbstuff [On_Demand | Running]) [2006/06/19 06:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running]) [2008/01/02 11:34:13 | 00,030,630 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K [On_Demand | Stopped]) [2007/09/28 13:30:57 | 00,019,345 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5 [On_Demand | Stopped]) [2007/09/28 13:30:49 | 00,018,003 | ---- | M] (Motive, Inc.) -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5 [On_Demand | Stopped]) [2008/04/14 00:16:10 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV [On_Demand | Stopped]) [2008/05/16 10:20:10 | 00,027,136 | ---- | M] (NCH Swift Sound) -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD [On_Demand | Stopped]) [2007/09/26 06:01:32 | 02,236,032 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand | Running]) [2007/01/23 20:07:30 | 00,039,080 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\drivers\psd.sys -- (PersonalSecureDrive [System | Running]) [2001/08/23 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2008/01/02 11:34:13 | 00,143,834 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k [System | Running]) [2008/09/15 19:14:18 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running]) [2006/12/20 01:08:00 | 00,047,616 | ---- | M] (RICOH Company, Ltd.) -- C:\WINDOWS\system32\drivers\rismc32.sys -- (RICOH SmartCard Reader [On_Demand | Stopped]) [2007/02/24 14:42:22 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running]) [2006/12/20 01:08:00 | 00,047,616 | ---- | M] (RICOH Company, Ltd.) -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32 [On_Demand | Running]) [2007/08/27 11:10:36 | 00,012,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running]) [2008/04/14 00:06:46 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running]) [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2004/06/16 11:19:58 | 00,046,080 | ---- | M] (SMSC) -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA [On_Demand | Running]) [2007/09/15 02:09:44 | 00,213,696 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running]) [2008/10/09 15:47:28 | 00,142,096 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running]) [2008/10/09 15:47:10 | 00,205,328 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmXpflt.sys -- (TmFilter [Auto | Running]) [2008/10/09 15:47:08 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPreflt.sys -- (TmPreFilter [Auto | Running]) [2008/10/09 15:47:28 | 00,072,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi [System | Running]) [2008/01/02 11:34:13 | 00,206,464 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp [System | Running]) [2008/10/09 15:47:10 | 01,195,448 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt [Auto | Running]) [2005/01/26 09:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped]) [2006/11/02 07:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running]) [2007/10/16 07:28:16 | 00,731,136 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running]) [ 2008/04/14 00:06:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome "Default_Search_URL"=http://www.google.com/ie "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "Default_Search_URL"=http://www.google.com/ie "SearchAssistant"=http://www.google.com/ie [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Search Page"=http://www.google.com "SearchMigratedDefaultName"=Google "SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 "Start Page"=http://home.fcinternal.net/fc/default.asp?ID=2 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search] "SearchAssistant"=http://www.google.com/ie [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""=http://www.google.com/search?q=%s "provider"=gogl [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Internet Explorer\Main] "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Search Page"=http://www.google.com "SearchMigratedDefaultName"=Google "SearchMigratedDefaultURL"=http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 "Start Page"=http://home.fcinternal.net/fc/default.asp?ID=2 [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Internet Explorer\Search] "SearchAssistant"=http://www.google.com/ie [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Internet Explorer\SearchURL] ""=http://www.google.com/search?q=%s "provider"=gogl [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 "ProxyOverride" = *.local ========== (O1) Hosts File ========== HOSTS File = (288033 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 9926 more lines... ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (HKLM) -- C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll (Google Inc.) {DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (HKLM) -- C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) ========== (O3) Toolbars ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ""= File not found "accrdsub"="c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" (ActivIdentity) "AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" (Roxio) "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) "atchk"="C:\Program Files\Intel\AMT\atchk.exe" (Intel Corporation) "Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN (IBM Corporation) "Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" (IBM Corporation) "Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" (IBM Corporation) "Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" (IBM Corporation) "CognizanceTS"=rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule (Cognizance Corporation) "Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe () "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) "hpWirelessAssistant"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) "IFXSPMGT"=c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon (Infineon Technologies AG) "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation) "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation) "OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\Pccntmon.exe" -HideWindow (Trend Micro Inc.) "Persistence"=C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) "PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start (Hewlett-Packard Development Company, L.P.) "QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.) "SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.) "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.) "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) "Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe File not found ========== (O4) Startup Folders ========== [2005/03/05 08:18:22 | 00,010,872 | ---- | M] (Autodesk, Inc) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2007/02/06 15:14:00 | 00,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007/12/07 18:18:00 | 00,028,672 | ---- | M] (Cisco Systems, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgentLauncher.exe [2000/01/21 03:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999/09/30 20:31:38 | 00,869,376 | ---- | M] (Fred's Software) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions] "NoExternalBranding"=1 [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\policies\microsoft\internet explorer\Restrictions] "NoExternalBranding"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoWelcomeScreen"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"=Legal Notice "legalnoticetext"=This computer system and the data contained herein are property of Frontier Communications. Any unauthorized access and/or use of the data will be investigated and prosecuted to the full extent of the law. This system is to be used for business purposes. All information stored or processed is property of Frontier Communications and is subject to inspection. "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "ClassicShell"=2 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "Wallpaper"= [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "CDRAutoRun"=0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "CDRAutoRun"=0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 "ClassicShell"=2 [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "Wallpaper"= ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: File not found Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/16 07:16:32 | 00,002,773 | ---- | M] () [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\Software\Microsoft\Internet Explorer\MenuExt\] E&xport to Microsoft Excel: File not found Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2006/08/16 07:16:32 | 00,002,773 | ---- | M] () ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) {CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/08/16 07:16:32 | 00,005,589 | ---- | M] () {CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2006/08/16 07:16:32 | 00,005,589 | ---- | M] () {e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 21:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 1 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] ADTRAN.COM\WWW: https in My Computer czn.com: http in Local intranet czncorp.com: http in Local intranet fcinternal.net: http in Local intranet frontiercorp.com: http in Local intranet 54 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 49 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 49 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-329068152-838170752-682003330-13558\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] ADTRAN.COM\WWW: https in My Computer czn.com: http in Local intranet czncorp.com: http in Local intranet fcinternal.net: http in Local intranet frontiercorp.com: http in Local intranet 54 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {01113300-3E00-11D2-8470-0060089874ED}: https://activatemydsl.verizon.net/sdcCommon...20Installer.cab -- Support.com Configuration Class {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://go.microsoft.com/fwlink/?linkid=58813 -- Office Genuine Advantage Validation Tool {233C1507-6A77-46A4-9443-F871F945D258}: http://fpdownload.macromedia.com/pub/shock...director/sw.cab -- Shockwave ActiveX Control {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}: http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab -- Symantec AntiVirus scanner {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://www.pandasecurity.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support {406B5949-7190-4245-91A9-30A17DE16AD0}: http://photo.walgreens.com/WalgreensActivia.cab -- Snapfish Activia {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}: http://www.eset.eu/buxus/docs/OnlineScanner.cab -- OnlineScanner Control {6414512B-B978-451D-A0D8-FCFDF33E833C}: http://www.update.microsoft.com/windowsupd...b?1198010915734 -- WUWebControl Class {644E432F-49D3-41A1-8DD5-E099162EEEC5}: http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab -- Symantec RuFSI Utility Class {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1227705794549 -- MUWebControl Class {82B56B47-90DC-4F58-9A7D-D27BA46D3C0F}: http://schleppy1975.myphotoalbum.com/ImageUploader4.cab -- MyPhotoAlbum Easy Upload Tool Combo Control {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10 {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdate/content/opuc4.cab -- Office Update Installation Engine {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.6.0_05 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_10 {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object {DC11F230-5717-4C25-BAD7-37B879C19655}: http://schleppy1975.myphotoalbum.com/ImageUploader4.cab -- MyPhotoAlbum Easy Upload Tool Combo Control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}: https://sapience360.webex.com/client/T26L/webex/ieatgpc.cab -- GpcContainer Class {F281A59C-7B65-11D3-8617-0010830243BD}: file://C:\Program Files\AutoCAD LT 2002\AcPreview.ocx -- AcPreview Control Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened. ========== (O17) DNS Name Servers ========== {41972733-2A33-40AC-A2BA-3AD2BD78437E} (Servers: | Description: ) {67A49BF5-5987-41F5-A8E8-FBA029658758} (Servers: | Description: ) {7C5D1D32-CCFD-42AA-98CE-0B13C125E8E9} (Servers: | Description: Intel® 82566MM Gigabit Network Connection) {BACE2D51-2962-466D-BAD9-3004EF25CC6B} (Servers: | Description: Intel® Wireless WiFi Link 4965AG) {C77CD8BD-14AB-48B3-AE2E-8541B9457289} (Servers: | Description: ) {E38DD2C0-2C57-44D6-941B-7C22FD297756} (Servers: | Description: 1394 Net Adapter) ========== (O20) AppInit_DLLs ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=APSHook.dll lmhfhs.dll hubsls.dll >[2007/02/26 03:49:00 | 00,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll >File not found -- >File not found -- ========== (O20) HKLM Winlogon Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "GinaDLL"=ginaunlock.dll >[2006/07/21 11:06:04 | 00,122,880 | ---- | M] () -- C:\WINDOWS\system32\ginaunlock.dll ========== (O20) Winlogon Notify Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\] ackpbsc: "DllName" = c:\WINDOWS\system32\ackpbsc.dll -- c:\WINDOWS\system32\ackpbsc.dll (ActivIdentity) acunlock: "DllName" = c:\Program Files\ActivIdentity\ActivClient\acunlock.dll -- c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity) DeviceNP: "DllName" = DeviceNP.dll -- C:\WINDOWS\system32\DeviceNP.dll (Hewlett-Packard Limited) igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) OneCard: "DllName" = C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) yayyVopP: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found ========== HKLM *SecurityProviders* ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , >File not found -- ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2007/12/18 14:59:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{57bd5546-adaa-11dc-bbbe-b02c9a8bec2e}\Shell\AutoRun\command] ""=E:\setup.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2008/11/29 21:59:42 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTViewIt.exe [2008/11/29 08:34:27 | 01,364,995 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\CamStudio20.exe [2008/11/28 12:51:11 | 00,015,174 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\restrictions.gif [2008/11/28 12:49:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Desktop\Dial-a-fix-v0.60.0.24 [2008/11/28 12:42:17 | 00,000,000 | ---D | C] -- C:\_OTMoveIt [2008/11/28 12:41:29 | 00,335,992 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\Dial-a-fix-v0.60.0.24.zip [2008/11/28 12:41:09 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTMoveIt3.exe [2008/11/28 11:30:56 | 00,003,785 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-29-2008.html [2008/11/27 23:41:45 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner [2008/11/27 23:40:47 | 00,019,663 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\FileFind.zip [2008/11/27 00:47:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Desktop\gmer [2008/11/27 00:43:10 | 00,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini [2008/11/27 00:43:08 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll [2008/11/27 00:43:08 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe [2008/11/27 00:43:08 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/11/27 00:43:08 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/11/27 00:40:19 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\gmer.zip [2008/11/27 00:39:46 | 00,356,792 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\dds.scr [2008/11/26 21:13:01 | 00,000,000 | ---D | C] -- C:\VundoFix Backups [2008/11/26 19:39:56 | 21,383,61856 | -HS- | C] () -- C:\hiberfil.sys [2008/11/26 17:54:48 | 00,003,636 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-26-2008.html [2008/11/26 15:32:55 | 00,000,000 | ---D | C] -- C:\rsit [2008/11/26 15:32:42 | 00,305,705 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\RSIT.exe [2008/11/26 13:23:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\My Documents\IBM [2008/11/26 11:56:52 | 00,005,174 | ---- | C] () -- C:\Internetshortcut.reg [2008/11/26 10:48:51 | 00,000,000 | -HSD | C] -- C:\Config.Msi [2008/11/26 10:34:26 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe [2008/11/26 10:34:26 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe [2008/11/26 10:14:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2 [2008/11/26 10:14:37 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2008/11/26 09:50:09 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhcpcsvc.dll [2008/11/26 09:46:36 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone [2008/11/26 09:46:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2008/11/26 09:38:23 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2008/11/26 09:38:22 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2008/11/26 09:38:22 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll [2008/11/26 09:38:21 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpcdll.dll [2008/11/26 09:38:15 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys [2008/11/26 09:38:15 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe [2008/11/26 09:38:10 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2008/11/26 09:38:10 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2008/11/26 09:38:09 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2008/11/26 09:38:09 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll [2008/11/26 09:38:09 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2008/11/26 09:38:09 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2008/11/26 09:38:09 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2008/11/26 09:38:09 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2008/11/26 09:38:09 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2008/11/26 09:38:09 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2008/11/26 09:38:09 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2008/11/26 09:38:09 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll [2008/11/26 09:38:09 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll [2008/11/26 09:38:09 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2008/11/26 09:38:08 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2008/11/26 09:38:08 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2008/11/26 09:38:08 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2008/11/26 09:38:08 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2008/11/26 09:38:08 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2008/11/26 09:38:08 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2008/11/26 09:38:08 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll [2008/11/26 09:38:07 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll [2008/11/26 09:38:07 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2008/11/26 09:38:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll [2008/11/26 09:38:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll [2008/11/26 09:38:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll [2008/11/26 09:38:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll [2008/11/26 09:38:06 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll [2008/11/26 09:38:06 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll [2008/11/26 09:38:06 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2008/11/26 09:38:06 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll [2008/11/26 09:38:06 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2008/11/26 09:38:06 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe [2008/11/26 09:38:05 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2008/11/26 09:38:05 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2008/11/26 09:38:04 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2008/11/26 09:38:03 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll [2008/11/26 09:38:03 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll [2008/11/26 09:38:03 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2008/11/26 09:38:03 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll [2008/11/26 09:38:03 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll [2008/11/26 09:38:03 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2008/11/26 09:38:03 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll [2008/11/26 09:38:02 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll [2008/11/26 09:38:02 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll [2008/11/26 09:38:02 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2008/11/26 09:38:01 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll [2008/11/26 09:38:01 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll [2008/11/26 09:38:01 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll [2008/11/26 09:37:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting [2008/11/26 09:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en [2008/11/26 09:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2008/11/26 09:37:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2008/11/26 09:34:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2008/11/26 09:32:13 | 00,044,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agpcpq.sys [2008/11/26 09:32:13 | 00,042,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\alim1541.sys [2008/11/26 09:32:13 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\agp440.sys [2008/11/26 09:32:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic [2008/11/26 09:32:11 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2008/11/26 09:32:11 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys [2008/11/26 09:32:11 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys [2008/11/26 09:32:11 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys [2008/11/26 09:32:10 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2008/11/26 09:32:10 | 00,046,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gagp30kx.sys [2008/11/26 09:32:10 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys [2008/11/26 09:32:10 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys [2008/11/26 09:32:09 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2008/11/26 09:32:09 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys [2008/11/26 09:32:09 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys [2008/11/26 09:32:09 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys [2008/11/26 09:32:08 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys [2008/11/26 09:32:08 | 00,044,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uagp35.sys [2008/11/26 09:32:08 | 00,042,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\viaagp.sys [2008/11/26 09:32:08 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys [2008/11/26 09:32:08 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys [2008/11/26 09:32:08 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys [2008/11/26 09:28:45 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2008/11/26 09:12:01 | 33,180,5736 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe [2008/11/26 09:00:49 | 00,000,000 | ---D | C] -- C:\hotfix [2008/11/26 08:14:41 | 00,065,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SMSCfg.cpl [2008/11/25 16:30:33 | 00,000,190 | ---- | C] () -- C:\Documents and Settings\shaevans\Desktop\MetaFrame Presentation Server Log In.url [2008/11/25 15:45:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2008/11/25 10:01:45 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2008/11/25 09:57:18 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2008/11/22 15:47:28 | 00,885,141 | -HS- | C] () -- C:\WINDOWS\System32\mSuuxyay.ini2 [2008/11/22 15:47:27 | 00,885,141 | -HS- | C] () -- C:\WINDOWS\System32\mSuuxyay.ini [2008/11/21 16:16:11 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\dosen rd count.xls [2008/11/21 12:14:08 | 00,022,651 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\spybotmsg.gif [2008/11/21 11:35:55 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\shaevans\My Documents\HJTInstall.exe [2008/11/21 09:00:14 | 00,003,549 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-21-2008.html [2008/11/21 08:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy [2008/11/21 08:57:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy [2008/11/21 08:54:47 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/11/21 08:54:01 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\shaevans\My Documents\spybotsd160.exe [2008/11/20 23:07:52 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\ltgnycfw.dll [2008/11/20 14:06:26 | 00,045,097 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\TimesHeraldRecord Fiber Makeup.jpg [2008/11/19 21:03:35 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk [2008/11/19 16:20:47 | 00,039,936 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\TimesHeraldRecord Fiber Makeup.vsd [2008/11/15 18:45:59 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\Doc1.doc [2008/11/14 08:25:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Local Settings\Application Data\Identities [2008/11/13 21:46:01 | 01,760,245 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\rcr815-manual.zip [2008/11/13 20:06:20 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mstee.sys [2008/11/13 20:06:15 | 00,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndisip.sys [2008/11/13 20:06:14 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax [2008/11/13 20:06:14 | 00,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\streamip.sys [2008/11/13 20:06:12 | 00,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\slip.sys [2008/11/13 20:06:09 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wstcodec.sys [2008/11/13 20:06:07 | 00,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nabtsfec.sys [2008/11/13 20:06:05 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ccdecode.sys [2008/11/13 20:05:58 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax [2008/11/13 20:05:58 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax [2008/11/13 20:05:58 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll [2008/11/13 20:05:58 | 00,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys [2008/11/13 20:05:58 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax [2008/11/13 20:05:58 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax [2008/11/13 20:05:53 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\avc.sys [2008/11/13 20:05:50 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\61883.sys [2008/11/13 13:21:40 | 00,131,803 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\HA HA.gif [2008/11/12 23:22:46 | 00,142,096 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys [2008/11/12 11:53:45 | 00,459,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll [2008/11/12 11:53:45 | 00,383,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll [2008/11/12 11:53:45 | 00,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll [2008/11/12 11:53:45 | 00,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll [2008/11/12 11:53:45 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll [2008/11/12 11:53:45 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe [2008/11/12 11:53:44 | 02,455,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dat [2008/11/12 11:53:44 | 00,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll.mui [2008/11/12 11:53:43 | 06,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll [2008/11/12 11:53:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates [2008/11/12 08:45:28 | 00,000,420 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2008/11/11 22:36:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss [2008/11/11 22:17:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM [2008/11/11 22:15:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ [2008/11/11 22:15:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ [2008/11/11 22:14:58 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll [2008/11/11 21:59:14 | 00,000,856 | ---- | C] () -- C:\WINDOWS\Active Setup Log.BAK [2008/11/11 21:59:09 | 00,508,240 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\shaevans\My Documents\ie6setupOe.exe [2008/11/09 21:16:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Local Settings\Application Data\WMTools Downloaded Files [2008/11/09 21:12:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages [2008/11/09 21:11:22 | 12,580,696 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\shaevans\My Documents\mm20enu.exe [2008/11/08 10:57:01 | 00,001,172 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008/11/07 09:52:48 | 00,251,904 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\1069193.XLS [2008/11/05 12:17:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Local Settings\Application Data\Thunderbird [2008/11/05 12:17:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Application Data\Thunderbird [2008/11/05 12:17:46 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird [2008/11/04 16:25:24 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\Suicide Pool.xls [2008/11/03 09:50:08 | 00,614,296 | ---- | C] () -- C:\Documents and Settings\shaevans\My Documents\1070318 CABLE RUNNING.PDF [2008/11/02 18:44:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shaevans\Local Settings\Application Data\AOL [2008/11/02 18:44:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/11/02 18:44:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP [2008/11/02 18:44:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL [2008/11/02 18:44:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL [2008/11/02 18:43:41 | 00,000,465 | -H-- | C] () -- C:\IPH.PH ========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files] [4 C:\WINDOWS\*.tmp files] [2008/11/29 22:00:37 | 00,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini [2008/11/29 21:59:47 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTViewIt.exe [2008/11/29 08:34:36 | 01,364,995 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\CamStudio20.exe [2008/11/28 15:16:06 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/28 15:15:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/28 15:15:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/11/28 15:15:31 | 21,383,61856 | -HS- | M] () -- C:\hiberfil.sys [2008/11/28 12:51:11 | 00,015,174 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\restrictions.gif [2008/11/28 12:41:29 | 00,335,992 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\Dial-a-fix-v0.60.0.24.zip [2008/11/28 12:41:13 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shaevans\Desktop\OTMoveIt3.exe [2008/11/28 11:30:56 | 00,003,785 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-29-2008.html [2008/11/28 10:53:15 | 00,468,688 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/11/28 10:53:15 | 00,401,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/11/28 10:53:15 | 00,061,026 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/11/28 10:48:10 | 00,126,976 | ---- | M] () -- C:\Documents and Settings\shaevans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/11/28 10:26:19 | 00,013,828 | ---- | M] () -- C:\WINDOWS\cfgall.ini [2008/11/28 10:25:57 | 00,000,199 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini [2008/11/27 23:40:48 | 00,019,663 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\FileFind.zip [2008/11/27 00:43:08 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll [2008/11/27 00:43:08 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys [2008/11/27 00:43:08 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd [2008/11/27 00:40:21 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\gmer.zip [2008/11/27 00:39:48 | 00,356,792 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\dds.scr [2008/11/26 17:54:48 | 00,003,636 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-26-2008.html [2008/11/26 15:32:47 | 00,305,705 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\RSIT.exe [2008/11/26 11:56:52 | 00,005,174 | ---- | M] () -- C:\Internetshortcut.reg [2008/11/26 10:38:50 | 00,000,079 | -HS- | M] () -- C:\Documents and Settings\shaevans\My Documents\desktop.ini [2008/11/26 10:34:26 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe [2008/11/26 10:34:26 | 00,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe [2008/11/26 10:32:16 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Outlook 2003.lnk [2008/11/26 09:45:54 | 00,202,528 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/11/26 09:31:51 | 00,250,048 | RHS- | M] () -- C:\ntldr [2008/11/26 08:35:41 | 00,000,856 | ---- | M] () -- C:\WINDOWS\Active Setup Log.BAK [2008/11/26 08:11:37 | 00,000,743 | ---- | M] () -- C:\WINDOWS\win.ini [2008/11/26 08:11:37 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2008/11/26 08:11:37 | 00,000,211 | RHS- | M] () -- C:\boot.ini [2008/11/25 16:30:33 | 00,000,190 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\MetaFrame Presentation Server Log In.url [2008/11/25 13:42:17 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\Suicide Pool.xls [2008/11/24 22:59:57 | 04,321,198 | -H-- | M] () -- C:\Documents and Settings\shaevans\Local Settings\Application Data\IconCache.db [2008/11/22 16:09:49 | 00,885,141 | -HS- | M] () -- C:\WINDOWS\System32\mSuuxyay.ini [2008/11/22 16:09:13 | 00,885,141 | -HS- | M] () -- C:\WINDOWS\System32\mSuuxyay.ini2 [2008/11/21 16:16:11 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\dosen rd count.xls [2008/11/21 15:03:49 | 00,001,120 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\S2K400.WS [2008/11/21 12:14:08 | 00,022,651 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\spybotmsg.gif [2008/11/21 11:35:59 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\shaevans\My Documents\HJTInstall.exe [2008/11/21 09:02:25 | 00,288,033 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/11/21 09:00:15 | 00,003,549 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\kapersky 11-21-2008.html [2008/11/21 08:54:20 | 15,083,520 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\shaevans\My Documents\spybotsd160.exe [2008/11/20 23:39:18 | 00,072,704 | ---- | M] () -- C:\WINDOWS\System32\ltgnycfw.dll [2008/11/20 14:06:32 | 00,045,097 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\TimesHeraldRecord Fiber Makeup.jpg [2008/11/20 14:05:48 | 00,039,936 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\TimesHeraldRecord Fiber Makeup.vsd [2008/11/19 21:03:35 | 00,001,958 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Clean Access Agent.lnk [2008/11/19 21:03:35 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Clean Access Agent.lnk [2008/11/19 21:01:18 | 00,002,433 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\VPN Client.lnk [2008/11/19 09:05:26 | 00,001,622 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\Trillian.lnk [2008/11/18 11:28:42 | 00,000,420 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2008/11/15 18:46:00 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\Doc1.doc [2008/11/13 21:46:07 | 01,760,245 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\rcr815-manual.zip [2008/11/13 13:21:40 | 00,131,803 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\HA HA.gif [2008/11/11 21:59:14 | 00,508,240 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\shaevans\My Documents\ie6setupOe.exe [2008/11/11 13:08:28 | 00,065,118 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\2008nfl.pdf [2008/11/09 21:12:35 | 12,580,696 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\shaevans\My Documents\mm20enu.exe [2008/11/08 10:57:02 | 00,001,172 | ---- | M] () -- C:\WINDOWS\mozver.dat [2008/11/07 09:52:48 | 00,251,904 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\1069193.XLS [2008/11/06 09:05:29 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\shaevans\Desktop\Thingstodo.xls [2008/11/03 19:10:25 | 17,318,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/11/03 09:50:08 | 00,614,296 | ---- | M] () -- C:\Documents and Settings\shaevans\My Documents\1070318 CABLE RUNNING.PDF [2008/11/02 18:44:42 | 00,000,465 | -H-- | M] () -- C:\IPH.PH < End of report > ------------------------------------------------------------------------------------------- OTViewIt Extras logfile created on: 11/29/2008 10:09:32 PM - Run OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\shaevans\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.85% Memory free 3.84 Gb Paging File | 3.36 Gb Available in Paging File | 87.43% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.53 Gb Total Space | 45.09 Gb Free Space | 60.51% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NYMTJSLXP041364 Current User Name: ShaEvans NOT logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On File Age = 30 Days ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=0 "DisableNotifications"=0 ""= [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE [2008/04/14 05:42:16 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger File not found -- C:\SMSADMIN\bin\i386\statview.exe:*:Enabled:SMS 2.0 Utility - Status Message Viewer File not found -- C:\SMSADMIN\bin\i386\SETUP.EXE:*:Enabled:SMS Setup [2001/08/23 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:unsecapp.exe [2008/04/14 05:42:24 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer [2008/04/14 05:42:26 | 01,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console File not found -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found -- C:\WINDOWS\system32\VoissAssistant.exe:*:Enabled:VoissAssistant [2008/01/30 13:48:38 | 00,199,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE File not found -- C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent File not found -- C:\Program Files\Java\j2re1.4.2_03\bin\javaw.exe:*:Enabled:javaw File not found -- C:\Program Files\Viryanet\MicroServer\VCM.exe:*:Enabled:VCM [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire [2005/09/08 18:07:52 | 00,819,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32) [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2008/11/26 10:55:34 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2008/04/14 05:42:36 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found -- C:\Program Files\SmartFTP\SmartFTP.exe:*:Enabled:SmartFTP [2008/04/14 05:42:16 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe:*:Enabled:conf.exe File not found -- C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE [2008/04/14 05:42:30 | 01,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger File not found -- C:\Documents and Settings\mwj974\Local Settings\Temporary Internet Files\Content.IE5\0L6VGXAV\CitrixSAClient[1].exe:*:Enabled:Citrix Secure Access Agent File not found -- C:\Program Files\NET6\net6vpn.exe:*:Enabled:Citrix Secure Access Agent [2001/08/23 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI File not found -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire [2005/09/08 18:07:52 | 00,819,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfica32.exe:*:Enabled:Citrix ICA Client Engine (Win32) File not found -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader File not found -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM [2008/04/14 00:23:34 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2000/12/23 05:45:14 | 00,217,088 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00020409-78E1-11D2-B60F-006097C998E7}"=Microsoft Office 2000 SR-1 Standard "{00100409-78E1-11D2-B60F-006097C998E7}"=Microsoft Access 2000 SR-1 "{04010300-6D72-4D54-8686-91D884A27B5C}"=Cisco Clean Access Agent "{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}"=Serif PhotoPlus 6.0 "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}"=mLogView "{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}"=Cisco Systems VPN Client 5.0.01.0600 "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR "{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth "{20A1D306-CE83-492A-8525-D6DF50B5944A}"=Embedded Security for HP ProtectTools "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}"=mProSafe "{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}"=MobileMe Control Panel "{26A24AE4-039D-4CA4-87B4-2F83216010FF}"=Java™ 6 Update 10 "{29EA1C3E-2D8F-42FF-A5A9-CD3D45C2315E}"=NGS Qport Access "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}"=HP ProtectTools Security Manager "{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7 "{34D2AB40-150D-475D-AE32-BD23FB5EE355}"=HP Quick Launch Buttons 6.40 B2 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{3912A629-0020-0005-3131-2FBA74D4DF0A}"=InterVideo WinDVD "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}"=mIWA "{429E92A4-159F-4AEC-85A1-D693E1E4274D}"=HP 3D DriveGuard "{450063AA-643B-417C-8CF5-405BA3F4EF40}"=Autodesk Design Review 2009 "{49FC50FC-F965-40D9-89B4-CBFF80941033}"=Windows Movie Maker 2.0 "{55B52830-024A-443E-AF61-61E1E71AFA1B}"=Device Access Manager for HP ProtectTools "{5783F2D7-4009-0409-0002-0060B0CE6BBA}"=AutoCAD LT 2006 - English "{59F6A514-9813-47A3-948C-8A155460CC2A}"=RICOH R5C853 Driver Ver.1.00.02 "{5C74694C-A687-E3EB-FF18-B018D4A76ECD}"=Adobe Media Player "{609F7AC8-C510-11D4-A788-009027ABA5D0}"=Easy CD Creator 5 Basic "{67E4EE98-59F4-4210-89A6-A20AF5BEC689}"=Microsoft Streets and Trips 2005 "{69333A04-5134-40A5-A055-9166A7AA1EC8}"= "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{77130095-2039-424F-A633-4FAF0261258A}"=Java Card Security for HP ProtectTools "{829CD169-E692-48E8-9BDE-A3E8D8B65538}"=mSCfg "{84814E6B-2581-46EC-926A-823BD1C670F6}"=HP Integrated Module with Bluetooth wireless technology "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight "{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}"=mPfMgr "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}"=mHelp "{90120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003 "{90B0D222-8C21-4B35-9262-53B042F18AF9}"=mPfWiz "{91530409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Standard 2003 "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}"=InterVideo WinDVD "{94658027-9F16-4509-BBD7-A59FE57C3023}"=mZConfig "{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support "{AC194855-F7AC-4D04-B4C9-07BA46FCB697}"=ActivClient 6.1 x86 "{AC76BA86-7AD7-1033-7B44-A70900000002}"=Adobe Reader 7.0.9 "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{C15F7F16-941E-414B-A676-40190CD621D5}"=Credential Manager for HP ProtectTools "{C74D0FA0-1D49-464F-A707-B427EE3385C1}"=BIOS Configuration for HP ProtectTools "{D32067CD-7409-4792-BFA0-1469BCD8F0C8}"=HP Wireless Assistant "{DF45EF6C-9E13-4CBD-B393-9FDC306F8E18}"=NGS Qport Access "{E81667C6-2856-46D6-ABEA-6A2F42166779}"=mCore "{E8DDBFBC-6C65-4CEE-A4D7-CD6781E94BCC}"=ScrewDrivers Client v4 "{E90140E7-3D75-478E-AB57-78F21B9DA200}"=CA eTrust GINA Option for Password Reset/Unlock "{E92B7A19-5FD5-4AEE-9FEF-7AD5DD3A675E}"=MetaFrame Presentation Server Client "{EB4DF30B-102B-4F0C-927A-D50E037A325D}"=AuthenTec Fingerprint Sensor Minimum Install "{ECEA7878-2100-4525-915D-B09174E36971}"=Trend Micro OfficeScan Client "{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}"=mMHouse "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}"=InterVideo Register Manager "{F6090A17-0967-4A8A-B3C3-422A1B514D49}"=mDrWiFi "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}"=mWlsSafe "ActiveTouchMeetingClient"=WebEx "Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX "Adobe Shockwave Player"=Adobe Shockwave Player "ADTRAN DSL Assistant"=ADTRAN DSL Assistant "Amazon MP3 Downloader"=Amazon MP3 Downloader 1.0.3 "AnswerWorks"=AnswerWorks Runtime "Autodesk Design Review 2009"=Autodesk Design Review 2009 - SP1 "Autodesk DWF Viewer"=Autodesk DWF Viewer "Broadcom 802.11b Network Adapter"=Broadcom 802.11 Wireless LAN Adapter "ClientAccessExpress"=IBM iSeries Access for Windows "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795"=Soft Data Fax Modem with SmartCP "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player "EsetOnlineScanner"=ESET Online Scanner "FLEXR 7.81"=FLEXR 7.81 "Google Updater"=Google Updater "HDMI"=Intel® Graphics Media Accelerator Driver "HijackThis"=HijackThis 2.0.2 "IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{29EA1C3E-2D8F-42FF-A5A9-CD3D45C2315E}"=NGS Qport Access - 5.10.19 "InstallShield_{DF45EF6C-9E13-4CBD-B393-9FDC306F8E18}"=NGS Qport Access - 5.10.37 "Macromedia Authorware Web Player"=Macromedia Authorware Web Player "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "MESOL"=Intel® Active Management Technology Device Software "MetaASSIST View"=MetaASSIST View "Mozilla Firefox (2.0)"=Mozilla Firefox (2.0) "Mozilla Thunderbird (2.0.0.18)"=Mozilla Thunderbird (2.0.0.18) "MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs "PrintKey2000"=PrintKey2000 "ProInst"=Intel® PROSet/Wireless Software "PROSet"=Intel® PRO Network Connections Drivers "RealPlayer 6.0"=RealPlayer "ShockwaveFlash"=Macromedia Flash Player 8 "SynTPDeinstKey"=Synaptics Pointing Device Driver "Trillian"=Trillian "Verizon High Speed Internet_is1"=Verizon High Speed Internet "Volo View Express"=Volo View Express "Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "Windows XP Service Pack"=Windows XP Service Pack 3 "WinRAR archiver"=WinRAR archiver "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0 "YInstHelper"=Yahoo! Install Manager ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/28/2008 4:15:39 PM | Computer Name = NYMTJSLXP041364 | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 11/28/2008 4:15:40 PM | Computer Name = NYMTJSLXP041364 | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error - 11/28/2008 4:15:40 PM | Computer Name = NYMTJSLXP041364 | Source = LMS | ID = 2 Description = LMS Service cannot connect to HECI driver Error - 11/28/2008 4:15:42 PM | Computer Name = NYMTJSLXP041364 | Source = Intel® AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel® AMT. Error - 11/28/2008 4:15:52 PM | Computer Name = NYMTJSLXP041364 | Source = Userenv | ID = 1054 Description = Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted. Error - 11/29/2008 8:57:01 AM | Computer Name = NYMTJSLXP041364 | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. Error - 11/29/2008 9:01:19 AM | Computer Name = NYMTJSLXP041364 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/29/2008 9:39:26 AM | Computer Name = NYMTJSLXP041364 | Source = Application Hang | ID = 1002 Description = Hanging application iexplore.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 11/29/2008 9:40:59 AM | Computer Name = NYMTJSLXP041364 | Source = Application Error | ID = 1000 Description = Faulting application recorder.exe, version 1.0.0.1, faulting module recorder.exe, version 1.0.0.1, fault address 0x000211a7. Error - 11/29/2008 10:54:36 PM | Computer Name = NYMTJSLXP041364 | Source = AutoEnrollment | ID = 15 Description = Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted. Enrollment will not be performed. [ Credential Manager Events ] Error - 5/6/2008 8:17:04 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. User: shaevans@CORP Credentials: Password Error: (0xC516020B) The system could not log you on. Verify your user name and domain are correct and then type your password again. Letters in passwords must be typed using the correct case. Verify that Caps Lock is off. Error - 5/19/2008 8:20:09 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. User: cArson5@CORP Credentials: Password Error: (0xC516020B) The system could not log you on. Verify your user name and domain are correct and then type your password again. Letters in passwords must be typed using the correct case. Verify that Caps Lock is off. Error - 6/3/2008 9:12:04 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. User: shaevans@CORP Credentials: Password Error: (0xC516020B) The system could not log you on. Verify your user name and domain are correct and then type your password again. Letters in passwords must be typed using the correct case. Verify that Caps Lock is off. Error - 6/10/2008 9:27:13 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. User: shaevans@CORP Credentials: Password Error: (0xC516020B) The system could not log you on. Verify your user name and domain are correct and then type your password again. Letters in passwords must be typed using the correct case. Verify that Caps Lock is off. Error - 6/10/2008 9:27:17 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796068 Description = The submitted credentials were rejected. User: shaevans@CORP Credentials: Password Error: (0xC516020B) The system could not log you on. Verify your user name and domain are correct and then type your password again. Letters in passwords must be typed using the correct case. Verify that Caps Lock is off. Error - 9/2/2008 8:38:24 AM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100796070 Description = The submitted user identity was rejected. User: shaevans@CORP Error: (0xC5160102) The system could not perform the requested operation. Verify that Credential Manager for HP ProtectTools is properly installed on your computer. If the problem persists, please contact your system administrator. Error - 10/28/2008 3:31:42 PM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100861620 Description = The submitted credentials were not successfully registered. User: shaevans@CORP Credentials: Password Error: (0x8007052B) Unable to update the password. The value provided as the current password is incorrect. Error - 10/28/2008 3:31:49 PM | Computer Name = NYMTJSLXP041364 | Source = AuthWiz | ID = 100861620 Description = The submitted credentials were not successfully registered. User: shaevans@CORP Credentials: Password Error: (0x8007052B) Unable to update the password. The value provided as the current password is incorrect. [ System Events ] Error - 11/29/2008 9:42:51 AM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 59 minutes. NtpClient has no source of accurate time. Error - 11/29/2008 10:42:53 AM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 119 minutes. NtpClient has no source of accurate time. Error - 11/29/2008 12:42:56 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 239 minutes. NtpClient has no source of accurate time. Error - 11/29/2008 2:23:17 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error - 11/29/2008 2:25:51 PM | Computer Name = NYMTJSLXP041364 | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain CORP due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Error - 11/29/2008 2:38:20 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 29 minutes. NtpClient has no source of accurate time. Error - 11/29/2008 3:08:21 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 59 minutes. NtpClient has no source of accurate time. Error - 11/29/2008 10:54:44 PM | Computer Name = NYMTJSLXP041364 | Source = NETLOGON | ID = 5719 Description = No Domain Controller is available for domain CORP due to the following: %%1311. Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator. Error - 11/29/2008 10:54:48 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 15 minutes. NtpClient has no source of accurate time. Error - 11/29/2008 11:09:48 PM | Computer Name = NYMTJSLXP041364 | Source = W32Time | ID = 39452701 Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 30 minutes. NtpClient has no source of accurate time. < End of report > And thats it.. Something just does not feel right about this PC. I am going to reboot. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 04:29 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.