Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Links Redirected, Computer Slowed Down Drastically Especially In Win Explorer


  • This topic is locked This topic is locked
2 replies to this topic

#1 wangww

wangww

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 10 July 2008 - 07:13 PM

Hi,

Really need some help on this. Noticed the behaviors since late 7/8/2008 or early 7/9/2008. Tried a few spyware removal programs but could not fix. Reported browser helper objects which are hooked into winlogon etc. Below are Deckard scan logs.

Many thanks in advance.

Sincerely,

Wayne

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deckard's System Scanner v20071014.68
Run by wwang on 2008-07-10 16:47:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
23: 2008-07-10 23:48:07 UTC - RP55 - Deckard's System Scanner Restore Point
22: 2008-07-10 22:37:02 UTC - RP54 - Last known good configuration
21: 2008-07-10 22:36:13 UTC - RP53 - ComboFix created restore point
20: 2008-07-10 22:36:11 UTC - RP52 - Removed UltraMon
19: 2008-07-10 22:36:10 UTC - RP51 - Spyware Terminator - restore point


-- First Restore Point --
1: 2008-07-10 22:35:55 UTC - RP33 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as wwang.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:50, on 2008-07-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\CFusionMX7\runtime\bin\jrunsvc.exe
C:\CFusionMX7\db\slserver54\bin\swagent.exe
C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
C:\CFusionMX7\db\slserver54\bin\swsoc.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
C:\CFusionMX7\runtime\bin\jrun.exe
C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2server.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\CFusionMX7\verity\k2\_nti40\bin\k2index.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\JGD7CC.EXE
C:\Program Files\Trend Micro\Client Server Security Agent\PCCNTMON.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\wwang\Desktop\dss.exe
C:\HIJACK~1\wwang.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4ECFB421-4556-4F3B-892D-8EF267E666E8} - C:\WINDOWS\system32\ljJDUKDU.dll
O2 - BHO: (no name) - {69286AE1-7F3C-4EE3-AF48-89572EBF2264} - C:\WINDOWS\system32\card.dll
O2 - BHO: (no name) - {6E99B427-C748-470E-909A-B7F3644635F7} - C:\WINDOWS\system32\card.dll
O2 - BHO: (no name) - {73984FE0-9702-4C55-9C7B-9BA3C5861F25} - C:\WINDOWS\system32\mlJARjkj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: {2cda26e2-8b6a-1cda-0a94-e1d3db40663c} - {c36604bd-3d1e-49a0-adc1-a6b82e62adc2} - C:\WINDOWS\system32\cgzxxa.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: (no name) - {F3FA8675-DE85-4356-8C42-F07547864597} - C:\WINDOWS\system32\hgGAQIBt.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
O4 - HKLM\..\Run: [6c4d8b94] rundll32.exe "C:\WINDOWS\system32\deovrwjq.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with XmlPad - res://C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll/101
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: bp.intermolecular.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} (CHListFactory Object) - http://bp.intermolecular.com/BusinessPorta...ebBehaviors.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1213919613500
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Intermolecular.local
O17 - HKLM\Software\..\Telephony: DomainName = Intermolecular.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Intermolecular.local
O18 - Protocol: wmh - {A1428E78-2D00-4590-A071-0CC9700A7768} - C:\Program Files\WMHelp Software\WMHelp XmlPad\WmhASPP.dll
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O20 - Winlogon Notify: mlJARjkj - C:\WINDOWS\SYSTEM32\mlJARjkj.dll
O23 - Service: ColdFusion MX 7 Application Server - Macromedia Inc. - C:\CFusionMX7\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX 7 ODBC Agent - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion MX 7 ODBC Server - Unknown owner - C:\CFusionMX7\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion MX 7 Search Server - Verity, Inc. - C:\CFusionMX7\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: Symantec Backup Exec Desktop Agent Change Journal Reader (DLOChangeJournalSvc) - Symantec Corporation - C:\Program Files\Symantec\Backup Exec\DLO\DLOChangeLogSvcu.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 14439 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.txt - emeditor.txt - DefaultIcon - %SystemRoot%\system32\shell32.dll,-152
.txt - emeditor.txt - shell\open\command - "C:\Program Files\EmEditor\EMEDITOR.EXE" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 cvintdrv - c:\windows\system32\drivers\cvintdrv.sys
R2 niarbk - c:\windows\system32\drivers\niarbk.dll <Not Verified; National Instruments Corporation; NI-ARB>
R2 nibffrk - c:\windows\system32\drivers\nibffrk.dll <Not Verified; National Instruments Corporation; NI Buffer Services>
R2 Nidaq32k - c:\windows\system32\drivers\nidaq32k.sys <Not Verified; National Instruments Corporation; NI-DAQ>
R2 nidmmk (NI DMM and Data Logger Kernel Driver) - c:\windows\system32\drivers\nidmmk.dll <Not Verified; National Instruments Corporation; NIDMM User and Kernel Mode Component for NIDAQ 7.2.0>
R2 nimdsk - c:\windows\system32\drivers\nimdsk.dll <Not Verified; National Instruments Corporation; NI-MDS>
R2 nistck - c:\windows\system32\drivers\nistck.dll <Not Verified; National Instruments Corporation; NISTC>
R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\client server security agent\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R4 catchme - c:\combofix\catchme.sys (file missing)

S3 nimslk - c:\windows\system32\drivers\nimslk.dll <Not Verified; National Instruments Corporation; NIMSL>
S3 nimsrlk - c:\windows\system32\drivers\nimsrlk.dll <Not Verified; National Instruments Corporation; NIMSRL>
S3 UIUSys (Conexant Setup API) - c:\windows\system32\drivers\uiusys.sys (file missing)
S3 UltraMonMirror - c:\windows\system32\drivers\ultramonmirror.sys (file missing)
S3 usb6xxxk - c:\windows\system32\drivers\usb6xxxkl.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 ColdFusion MX 7 Application Server - "c:\cfusionmx7\runtime\bin\jrunsvc.exe" <Not Verified; Macromedia Inc.; Macromedia JRun Application Server>
R2 ColdFusion MX 7 ODBC Agent - c:\cfusionmx7\db\slserver54\bin\swagent.exe "coldfusion mx 7 odbc agent"
R2 ColdFusion MX 7 ODBC Server - c:\cfusionmx7\db\slserver54\bin\swstrtr.exe "coldfusion mx 7 odbc server"
R2 ColdFusion MX 7 Search Server - "c:\cfusionmx7\verity\k2\_nti40\bin\k2admin.exe" -cfg "c:\cfusionmx7\verity\k2\common\verity.cfg" -ntstart 1 <Not Verified; Verity, Inc.; Verity K2 Toolkit>
R2 ntrtscan (Trend Micro Client/Server Security Agent RealTime Scan) - c:\program files\trend micro\client server security agent\ntrtscan.exe <Not Verified; Trend Micro Inc.; Trend Micro Client/Server/Messaging Security for SMB>
R2 OfcPfwSvc (Trend Micro Client/Server Security Agent Personal Firewall) - c:\program files\trend micro\client server security agent\ofcpfwsvc.exe <Not Verified; Trend Micro Inc.; Trend Micro Client/Server/Messaging Security for SMB>
R2 sp_rssrv (Spyware Terminator Realtime Shield Service) - "c:\program files\spyware terminator\sp_rsser.exe" <Not Verified; Crawler.com; Crawler Spyware Terminator>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 tcsd_win32.exe (NTRU TSS v1.2.1.25 TCS) - "c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
R2 tmlisten (Trend Micro Client/Server Security Agent Listener) - c:\program files\trend micro\client server security agent\tmlisten.exe <Not Verified; Trend Micro Inc.; Trend Micro Client/Server/Messaging Security for SMB>
R3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>

S3 NILM License Manager - "c:\program files\national instruments\shared\license manager\bin\lmgrd.exe" <Not Verified; Macrovision Corporation; >
S3 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>
S3 SecureStorageService - "c:\program files\wave systems corp\secure storage manager\securestorageservice.exe" <Not Verified; Wave Systems Corp.; Secure Storage Manager>
S3 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S3 WaveEnrollmentService - "c:\program files\wave systems corp\authentication manager\waveenrollmentservice.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-10 and 2008-07-10 -----------------------------

2008-07-10 16:47:31 0 d-------- \Deckard
2008-07-10 16:35:47 261363 --ahs---- C:\WINDOWS\system32\UDKUDJjl.ini2
2008-07-10 15:41:45 116352 --a------ C:\WINDOWS\system32\cgzxxa.dll
2008-07-10 15:39:13 88576 --a------ C:\WINDOWS\system32\card.dll
2008-07-10 15:37:47 92672 --a------ C:\WINDOWS\system32\deovrwjq.dll
2008-07-10 15:35:30 322304 --a------ C:\WINDOWS\system32\ljJDUKDU.dll
2008-07-10 15:06:56 0 d-------- \QooBox
2008-07-10 15:06:42 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-10 15:06:41 68096 --a------ C:\WINDOWS\zip.exe
2008-07-10 15:06:41 49152 --a------ C:\WINDOWS\VFind.exe
2008-07-10 15:06:41 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-10 15:06:41 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-10 15:06:41 98816 --a------ C:\WINDOWS\sed.exe
2008-07-10 15:06:41 80412 --a------ C:\WINDOWS\grep.exe
2008-07-10 15:06:41 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-10 00:40:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 19:13:06 0 d-------- C:\Program Files\windiff
2008-07-09 18:24:09 0 d-------- \HiJackFree
2008-07-09 16:10:15 0 d-------- C:\Documents and Settings\wwang\Application Data\Spyware Terminator
2008-07-09 16:03:49 0 d-------- \HijackThis
2008-07-09 15:43:45 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-09 15:43:25 0 d-------- C:\Documents and Settings\wwang\Application Data\Mozilla
2008-07-09 14:32:43 141312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-07-09 14:32:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-07-09 14:32:39 0 d-------- C:\Documents and Settings\administrator\Application Data\Spyware Terminator
2008-07-09 14:32:33 0 d-------- C:\Program Files\Spyware Terminator
2008-07-09 14:15:12 36 -r-h----- C:\WINDOWS\sued.dat
2008-07-09 14:03:56 0 d-------- C:\Documents and Settings\administrator\Application Data\Macromedia
2008-07-09 13:59:08 0 d-------- C:\Documents and Settings\administrator\Application Data\Adobe
2008-07-09 13:58:49 0 d-------- C:\Documents and Settings\administrator\Application Data\Subversion
2008-07-09 13:58:47 0 d-------- C:\Documents and Settings\administrator\Application Data\Realtime Soft
2008-07-09 13:58:32 0 d-------- C:\Documents and Settings\administrator\Application Data\Wave Systems Corp
2008-07-09 13:58:09 0 d-------- C:\Documents and Settings\administrator\Application Data\Google
2008-07-09 13:56:57 0 d-------- C:\Documents and Settings\administrator\Application Data\Identities
2008-07-09 13:56:23 0 dr-h----- C:\Documents and Settings\administrator\SendTo
2008-07-09 13:56:23 0 dr-h----- C:\Documents and Settings\administrator\Recent
2008-07-09 13:56:23 0 d--h----- C:\Documents and Settings\administrator\PrintHood
2008-07-09 13:56:23 0 d--h----- C:\Documents and Settings\administrator\NetHood
2008-07-09 13:56:23 0 dr------- C:\Documents and Settings\administrator\My Documents
2008-07-09 13:56:23 0 d--h----- C:\Documents and Settings\administrator\Local Settings
2008-07-09 13:56:23 0 dr------- C:\Documents and Settings\administrator\Favorites
2008-07-09 13:56:23 0 d-------- C:\Documents and Settings\administrator\Desktop
2008-07-09 13:56:23 0 d---s---- C:\Documents and Settings\administrator\Cookies
2008-07-09 13:56:23 0 dr-h----- C:\Documents and Settings\administrator\Application Data
2008-07-09 13:56:23 0 d---s---- C:\Documents and Settings\administrator\Application Data\Microsoft
2008-07-09 13:56:22 0 d--h----- C:\Documents and Settings\administrator\Templates
2008-07-09 13:56:22 0 dr------- C:\Documents and Settings\administrator\Start Menu
2008-07-09 13:56:22 1048576 --ah----- C:\Documents and Settings\administrator\NTUSER.DAT
2008-07-09 11:39:22 0 d-------- C:\Program Files\ProcXplorer
2008-07-09 00:58:56 0 d-------- C:\Program Files\Enigma Software Group
2008-07-09 00:40:23 0 d-------- C:\Documents and Settings\wwang\Application Data\Uniblue
2008-07-09 00:33:07 29568 -----n--- C:\WINDOWS\system32\mlJARjkj.dll
2008-07-08 23:16:10 0 d-------- C:\WINDOWS\Sun
2008-07-08 16:41:43 0 d-------- C:\Program Files\WMHelp Software
2008-07-08 16:41:43 0 d-------- C:\Documents and Settings\wwang\Application Data\WMHelp
2008-07-08 15:14:29 0 d-------- \spoolerlogs
2008-07-07 10:03:41 0 d-------- C:\Program Files\Google
2008-07-07 09:11:12 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-07 03:03:51 0 d-------- C:\Documents and Settings\wwang\Application Data\Media Player Classic
2008-07-07 03:03:01 164352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-07 03:02:58 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2008-07-07 03:02:58 159839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-07-07 03:02:58 755027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-07-07 03:02:58 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-07-07 03:02:58 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-07-07 03:02:56 682496 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2008-07-07 03:02:55 7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-07-07 03:02:54 0 d-------- C:\Program Files\K-Lite Codec Pack
2008-07-07 03:02:54 0 d-------- C:\Documents and Settings\wwang\Application Data\Real
2008-07-07 03:02:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2008-07-01 21:45:23 0 --a------ C:\WINDOWS\system32\cid_store.dat
2008-06-28 09:08:15 0 d-------- C:\Program Files\Microsoft Streets & Trips 2008
2008-06-28 09:02:43 5248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2008-06-28 09:02:43 155136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2008-06-28 09:02:42 0 d-------- C:\Program Files\D-Tools
2008-06-28 02:30:49 0 d-------- C:\Documents and Settings\wwang\Application Data\WinRAR
2008-06-28 01:42:33 0 d-------- C:\Program Files\FlashGet
2008-06-26 11:37:09 0 d-------- C:\Documents and Settings\wwang\Application Data\TortoiseSVN
2008-06-26 01:21:00 0 d-------- C:\Documents and Settings\wwang\Application Data\Kingsoft
2008-06-26 01:20:05 1415680 --a------ C:\WINDOWS\system32\WMV9VCM.dll <Not Verified; Microsoft Corporation; Windows Media Video 9 VCM>
2008-06-26 01:20:05 539968 --a------ C:\WINDOWS\system32\Voctool.dll <Not Verified; Kingsoft, Co.; VocTool>
2008-06-26 01:20:05 525824 --a------ C:\WINDOWS\system32\VOCTL32.DLL <Not Verified; Voxware, Inc.; ToolVox>
2008-06-26 01:20:05 0 d-------- C:\WINDOWS\system32\Redist
2008-06-26 01:20:05 19760 --a------ C:\WINDOWS\system32\Ractdnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-06-26 01:20:05 53568 --a------ C:\WINDOWS\system32\Ract14_4.dll <Not Verified; Progressive Networks, Inc.; 14.4 Audio Codec for RealAudio™ (16-bit) Version 3.0>
2008-06-26 01:20:05 14848 --a------ C:\WINDOWS\system32\Ra32dnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-06-26 01:20:05 72704 --a------ C:\WINDOWS\system32\Ra3228_8.dll <Not Verified; Progressive Networks, Inc.; 28.8 Audio Codec for RealAudio™ (32-bit) Version 3.0>
2008-06-26 01:20:05 81920 --a------ C:\WINDOWS\system32\Ra3214_4.dll <Not Verified; Progressive Networks, Inc.; 14.4 Audio Codec for RealAudio™ (32-bit) Version 3.0>
2008-06-26 01:20:05 189952 --a------ C:\WINDOWS\system32\Pnui3230.dll <Not Verified; Progressive Networks, Inc.; High-level Support Library for RealAudio® (32-bit) Version 3.0>
2008-06-26 01:20:05 27024 --a------ C:\WINDOWS\system32\Pnloader.dll <Not Verified; Progressive Networks, Inc.; Dynamic Load and Bind Support for RealAudio® (16-bit) Version 3.0>
2008-06-26 01:20:05 163328 --a------ C:\WINDOWS\system32\Pnen3230.dll <Not Verified; Progressive Networks, Inc.; Core Support Library for RealAudio® (32-bit) Version 3.0>
2008-06-26 01:20:04 61440 --a------ C:\WINDOWS\system32\Decdnet.dll <Not Verified; Progressive Networks, Inc.; RealAudio™ Shared Component (32-bit)>
2008-06-26 01:19:29 0 d-------- C:\Program Files\Kingsoft
2008-06-26 01:19:29 0 d-------- C:\Program Files\Common Files\Kingsoft
2008-06-25 14:08:57 0 d-------- C:\Documents and Settings\wwang\Application Data\Realtime Soft
2008-06-25 10:59:29 0 d-------- \Data
2008-06-25 10:04:09 0 d-------- C:\Program Files\Microsoft SQL Server 2005 JDBC Driver
2008-06-24 18:49:34 0 d-------- C:\Program Files\WinMerge
2008-06-24 00:59:07 0 d-------- C:\WINDOWS\system32\zh-TW
2008-06-24 00:59:07 0 d-------- C:\WINDOWS\system32\zh-CN
2008-06-24 00:59:06 0 d-------- C:\WINDOWS\system32\uk-UA
2008-06-24 00:59:06 0 d-------- C:\WINDOWS\system32\tr-TR
2008-06-24 00:59:06 0 d-------- C:\WINDOWS\system32\th-TH
2008-06-24 00:59:06 0 d-------- C:\WINDOWS\system32\sv-SE
2008-06-24 00:59:06 0 d-------- C:\WINDOWS\system32\sr-Latn-CS
2008-06-24 00:59:06 0 d-------- C:\WINDOWS\system32\sl-SI
2008-06-24 00:59:06 0 d-------- C:\WINDOWS\system32\sk-SK
2008-06-24 00:59:05 0 d-------- C:\WINDOWS\system32\ru-RU
2008-06-24 00:59:05 0 d-------- C:\WINDOWS\system32\ro-RO
2008-06-24 00:59:05 0 d-------- C:\WINDOWS\system32\pt-PT
2008-06-24 00:59:05 0 d-------- C:\WINDOWS\system32\pt-BR
2008-06-24 00:59:05 0 d-------- C:\WINDOWS\system32\pl-PL
2008-06-24 00:59:05 0 d-------- C:\WINDOWS\system32\nl-NL
2008-06-24 00:59:04 0 d-------- C:\WINDOWS\system32\nb-NO
2008-06-24 00:59:04 0 d-------- C:\WINDOWS\system32\lv-LV
2008-06-24 00:59:04 0 d-------- C:\WINDOWS\system32\lt-LT
2008-06-24 00:59:04 0 d-------- C:\WINDOWS\system32\ko-KR
2008-06-24 00:59:04 0 d-------- C:\WINDOWS\system32\ja-JP
2008-06-24 00:59:04 0 d-------- C:\WINDOWS\system32\it-IT
2008-06-24 00:59:03 0 d-------- C:\WINDOWS\system32\hu-HU
2008-06-24 00:59:03 0 d-------- C:\WINDOWS\system32\hr-HR
2008-06-24 00:59:03 0 d-------- C:\WINDOWS\system32\he-IL
2008-06-24 00:59:03 0 d-------- C:\WINDOWS\system32\fr-Fr
2008-06-24 00:59:03 0 d-------- C:\WINDOWS\system32\fi-FI
2008-06-24 00:59:03 0 d-------- C:\WINDOWS\system32\et-EE
2008-06-24 00:59:02 0 d-------- C:\WINDOWS\system32\es-ES
2008-06-24 00:59:02 0 d-------- C:\WINDOWS\system32\el-GR
2008-06-24 00:59:02 0 d-------- C:\WINDOWS\system32\de-DE
2008-06-24 00:59:02 0 d-------- C:\WINDOWS\system32\da-DK
2008-06-24 00:59:02 0 d-------- C:\WINDOWS\system32\cs-CZ
2008-06-24 00:59:01 0 d-------- C:\WINDOWS\system32\bg-BG
2008-06-24 00:59:01 0 d-------- C:\WINDOWS\system32\ar-SA
2008-06-23 18:35:32 0 d-------- C:\Documents and Settings\wwang\workspace
2008-06-23 17:24:45 0 d-------- C:\Documents and Settings\wwang\Application Data\IDMComp
2008-06-23 17:21:18 0 d-------- C:\Program Files\IDM Computer Solutions
2008-06-23 14:12:57 0 d-------- C:\WINDOWS\LastGood
2008-06-23 13:15:36 0 d-------- C:\Program Files\EmEditor
2008-06-23 01:23:02 0 d-------- C:\Program Files\Avanquest update
2008-06-23 01:23:01 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-06-23 01:22:25 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-06-23 01:22:02 0 d-------- C:\Program Files\Sony Ericsson
2008-06-23 01:22:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-06-22 23:59:25 0 d-------- C:\WINDOWS\system32\NtmsData
2008-06-22 15:09:52 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Wave Systems Corp
2008-06-22 08:59:39 0 d-------- C:\Program Files\JKI
2008-06-21 23:54:36 0 d-------- C:\Documents and Settings\wwang\Application Data\Wave Systems Corp
2008-06-21 23:54:30 1769472 --a------ C:\WINDOWS\system32\Tsp1.dll <Not Verified; NTRU Cryptosystems, Inc.; NTRU Core TSS>
2008-06-21 23:52:16 0 d-------- C:\Program Files\Fingerprint Sensor
2008-06-21 23:52:02 0 d-------- C:\WINDOWS\system32\GPinPad
2008-06-21 23:52:02 0 d-------- C:\WINDOWS\system32\GemPCKey
2008-06-21 23:52:02 0 d-------- C:\WINDOWS\system32\GemPCCard
2008-06-21 23:52:01 0 d-------- C:\WINDOWS\system32\GTwinUSB
2008-06-21 23:52:01 0 d-------- C:\WINDOWS\system32\GemPCExp
2008-06-21 23:52:01 0 d-------- C:\Program Files\Gemplus
2008-06-21 23:48:17 1258496 --a------ C:\WINDOWS\tfmessbsp.dll <Not Verified; UPEK, Inc.; TouchChip TFM/ESS Fingerprint BSP>
2008-06-21 23:48:17 1258496 --a------ C:\WINDOWS\system\tfmessbsp.dll <Not Verified; UPEK, Inc.; TouchChip TFM/ESS Fingerprint BSP>
2008-06-21 23:48:16 0 d-------- C:\WINDOWS\system32\BioAPIFFDB
2008-06-21 23:48:16 106496 --a------ C:\WINDOWS\system32\bioapi100.dll
2008-06-21 23:48:16 143360 --a------ C:\WINDOWS\system32\bioapi_mds300.dll
2008-06-21 23:47:32 0 d-------- C:\Program Files\Wave Systems Corp
2008-06-21 23:47:28 0 d-------- C:\WINDOWS\system32\Test
2008-06-21 23:44:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
2008-06-21 23:44:19 0 d-------- C:\Program Files\NTRU Cryptosystems
2008-06-21 23:44:19 0 d-------- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
2008-06-21 23:42:51 0 d-------- C:\Documents and Settings\wwang\Application Data\InstallShield
2008-06-21 22:10:40 0 d-------- C:\Program Files\MSDN
2008-06-21 22:07:02 0 d-------- C:\Program Files\Microsoft Device Emulator
2008-06-21 22:06:49 0 d-------- C:\Program Files\Microsoft SQL Server 2005 Mobile Edition
2008-06-21 21:53:40 0 d-------- C:\WINDOWS\Symbols
2008-06-21 21:53:39 0 d-------- C:\Program Files\HTML Help Workshop
2008-06-21 21:53:39 0 d-------- C:\Program Files\Common Files\Business Objects
2008-06-21 21:53:39 0 d-------- C:\Program Files\CE Remote Tools
2008-06-21 20:14:14 0 d-------- C:\WINDOWS\Downloaded Installations
2008-06-21 20:09:06 0 d-------- C:\Program Files\Autoruns
2008-06-21 07:54:11 0 d-------- C:\WINDOWS\SQLTools9_KB934458_ENU
2008-06-21 07:52:40 0 d-------- C:\WINDOWS\DTS9_KB934458_ENU
2008-06-21 07:51:29 0 d-------- C:\WINDOWS\OLAP9_KB934458_ENU
2008-06-21 07:47:08 0 d-------- C:\WINDOWS\SQL9_KB934458_ENU
2008-06-21 07:20:00 0 d-------- C:\Documents and Settings\wwang\Application Data\Roxio
2008-06-20 23:58:09 0 d-------- C:\Program Files\Microsoft Streets & Trips
2008-06-20 23:58:09 0 d-------- C:\Program Files\Microsoft Location Finder
2008-06-20 23:26:33 0 d-------- C:\Program Files\IrfanView
2008-06-20 22:56:45 0 d--h----- \BJPrinter
2008-06-20 22:54:32 34 --a------ C:\WINDOWS\system32\BD2040.DAT
2008-06-20 17:13:35 0 d-------- \Projects
2008-06-20 16:54:16 0 d-------- C:\Documents and Settings\wwang\Application Data\Subversion
2008-06-20 16:53:13 0 d-------- C:\Program Files\TortoiseSVN
2008-06-20 16:12:46 0 d-------- C:\WINDOWS\nidaq
2008-06-20 16:04:53 0 d-------- C:\Program Files\IVI Foundation
2008-06-20 16:03:46 121274 --a------ C:\WINDOWS\system32\niorbmap
2008-06-20 15:34:56 0 d-------- C:\Documents and Settings\All Users\Application Data\National Instruments
2008-06-20 15:31:02 0 d-------- C:\WINDOWS\system32\cvirte
2008-06-20 15:31:01 0 d-------- C:\Program Files\Common Files\Merge Modules
2008-06-20 15:28:12 0 d-------- C:\Program Files\National Instruments
2008-06-20 15:07:26 0 d-------- C:\Program Files\ServiceCapture
2008-06-20 14:52:07 0 d-------- \j2sdk1.4.2_17
2008-06-20 14:42:17 0 d-------- C:\Documents and Settings\wwang\Application Data\Sun
2008-06-20 14:34:18 21 --ah----- \qpmd8378.bin
2008-06-20 14:34:06 49152 --a------ C:\WINDOWS\system32\cfperfmon_mx.dll <Not Verified; Macromedia Inc.; ColdFusion>
2008-06-20 14:32:20 0 d-------- \CFusionMX7
2008-06-20 14:32:15 0 d--h----- C:\Program Files\Zero G Registry
2008-06-20 14:30:15 0 d--h----- C:\Documents and Settings\wwang\InstallAnywhere
2008-06-20 14:21:38 0 d--h----- C:\WINDOWS\PIF
2008-06-20 11:40:20 0 d-------- C:\Program Files\SQLXML 4.0
2008-06-20 11:33:10 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2008-06-20 11:33:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-20 11:30:53 0 d-------- C:\Program Files\Microsoft Analysis Services
2008-06-20 11:17:52 0 d-------- C:\Program Files\Microsoft SQL Server
2008-06-20 00:39:03 0 d-------- C:\Documents and Settings\wwang\Application Data\MxBoost
2008-06-20 00:38:38 0 d-------- C:\Program Files\Maxthon2
2008-06-20 00:13:28 0 d-------- \download
2008-06-19 19:38:07 2145353728 --ahs---- \hiberfil.sys
2008-06-19 17:15:33 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-19 17:14:14 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-19 17:12:40 0 d-------- C:\WINDOWS\system32\drivers\UMDF
2008-06-19 17:09:18 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-06-19 16:52:34 0 d---s---- C:\Documents and Settings\wwang\UserData
2008-06-19 16:38:52 0 d-------- C:\Documents and Settings\All Users\Application Data\WinZip
2008-06-19 16:36:16 0 d-------- C:\Documents and Settings\wwang\Application Data\Macromedia
2008-06-19 16:26:56 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-19 15:54:23 0 dr-h----- C:\Documents and Settings\wwang\Recent
2008-06-19 15:36:54 0 d-------- C:\WINDOWS\IIS Temporary Compressed Files
2008-06-19 15:30:35 0 d-------- C:\WINDOWS\system32\Logfiles
2008-06-19 15:30:35 0 d-------- \Inetpub
2008-06-19 11:12:28 0 d-------- C:\Documents and Settings\wwang\Application Data\Google
2008-06-19 10:56:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-19 10:56:22 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-19 10:56:12 0 d-------- C:\Program Files\Symantec
2008-06-19 10:22:40 0 d-------- C:\Documents and Settings\wwang\Application Data\Adobe
2008-06-19 10:22:04 0 d-------- C:\Documents and Settings\wwang\Application Data\Identities
2008-06-19 10:21:46 0 d--h----- C:\Documents and Settings\wwang\Templates
2008-06-19 10:21:46 0 dr------- C:\Documents and Settings\wwang\Start Menu
2008-06-19 10:21:46 0 dr-h----- C:\Documents and Settings\wwang\SendTo
2008-06-19 10:21:46 0 d--h----- C:\Documents and Settings\wwang\PrintHood
2008-06-19 10:21:46 0 d--h----- C:\Documents and Settings\wwang\NetHood
2008-06-19 10:21:46 0 dr------- C:\Documents and Settings\wwang\My Documents
2008-06-19 10:21:46 0 d--h----- C:\Documents and Settings\wwang\Local Settings
2008-06-19 10:21:46 0 dr------- C:\Documents and Settings\wwang\Favorites
2008-06-19 10:21:46 0 d-------- C:\Documents and Settings\wwang\Desktop
2008-06-19 10:21:46 0 d---s---- C:\Documents and Settings\wwang\Cookies
2008-06-19 10:21:46 0 dr-h----- C:\Documents and Settings\wwang\Application Data
2008-06-19 10:21:46 0 d---s---- C:\Documents and Settings\wwang\Application Data\Microsoft
2008-06-19 10:21:45 4194304 --ah----- C:\Documents and Settings\wwang\NTUSER.DAT
2008-06-18 13:55:49 0 d-------- C:\Program Files\Trend Micro
2008-06-18 13:53:56 1159539 --a------ C:\WINDOWS\system32\RC96E140.DLL <Not Verified; RICOH CO., LTD.; RICOH RPCS Printer Driver>
2008-06-18 13:53:56 32768 --a------ C:\WINDOWS\system32\RC00C140.dll <Not Verified; RICOH CO., LTD.; RC00C140>
2008-06-18 13:53:51 61440 --a------ C:\WINDOWS\system32\TrackID.dll <Not Verified; RICOH COMPANY,LTD.; Track ID>
2008-06-18 13:53:51 69632 --a------ C:\WINDOWS\system32\TIFmtA.dll <Not Verified; RICOH COMPANY,LTD.; Track ID>
2008-06-18 13:53:51 49152 --a------ C:\WINDOWS\system32\TIBase64.dll <Not Verified; RICOH COMPANY,LTD.; Track ID>
2008-06-18 13:53:51 262364 --a------ C:\WINDOWS\system32\rpcsecl.dll <Not Verified; RICOH; RICOH RPCS Printer Driver Module rpcsecl>
2008-06-18 13:53:51 221184 --a------ C:\WINDOWS\system32\RICJC32.dll <Not Verified; RICOH CO.,Ltd.; RICJC32>
2008-06-18 13:53:51 53248 --a------ C:\WINDOWS\system32\RICDB32.dll <Not Verified; RICOH CO.,Ltd.; RICDB>
2008-06-18 13:53:51 61440 --a------ C:\WINDOWS\system32\rdrvlog.dll <Not Verified; RICOH; RICOH rdrvlog>
2008-06-18 13:53:51 57344 --a------ C:\WINDOWS\system32\rdrvinf.dll <Not Verified; RICOH Co.,Ltd.; RICOH RPDL Driver>
2008-06-18 13:53:51 77824 --a------ C:\WINDOWS\system32\RCPRINT.dll <Not Verified; RICOH CO., LTD.; RICOH RPCS Printer Driver>
2008-06-18 13:53:51 27136 --a------ C:\WINDOWS\system32\RCINST.DLL <Not Verified; RICOH CO., LTD.; RICOH RPCS Printer Driver>
2008-06-18 13:53:51 1844 --a------ C:\WINDOWS\system32\RC96E1A0.dat
2008-06-18 13:53:51 32768 --a------ C:\WINDOWS\system32\rc4mon.dll <Not Verified; RICOH CO.,Ltd.; RC4MON>
2008-06-18 13:53:51 94208 --a------ C:\WINDOWS\system32\Rc4manNT.dll <Not Verified; RICOH CO., LTD.; RC4MAN>
2008-06-18 13:53:51 1183744 --a------ C:\WINDOWS\system32\Ne45Cdat.dll <Not Verified; RICOH CO., LTD.; Ne45Cdat.dll>
2008-06-18 13:53:51 37376 --a------ C:\WINDOWS\system32\MFRICRES.dll <Not Verified; RICOH CO.,Ltd.; MFRICRES>
2008-06-18 13:53:51 167936 --a------ C:\WINDOWS\system32\JCUI.exe <Not Verified; Ricoh Co.,Ltd.; JCUI>
2008-06-18 13:53:50 0 d--h----- \_rpcs
2008-06-18 13:53:36 0 d-------- C:\WINDOWS\system32\appmgmt
2008-06-18 13:52:38 0 d--hs---- C:\WINDOWS\CSC
2008-06-18 13:51:41 0 d-------- C:\WINDOWS\SchCache
2008-06-17 17:19:27 0 d-------- C:\WINDOWS\Prefetch
2008-06-17 17:19:03 2145280000 --ahs---- \pagefile.sys
2008-06-17 17:10:34 0 d-------- C:\WINDOWS\system32\scripting
2008-06-17 17:10:34 0 d-------- C:\WINDOWS\l2schemas
2008-06-17 17:10:33 0 d-------- C:\WINDOWS\system32\en
2008-06-17 17:10:33 0 d-------- C:\WINDOWS\system32\bits
2008-06-17 17:08:47 0 d-------- C:\WINDOWS\ServicePackFiles
2008-06-17 17:06:47 0 d-------- C:\WINDOWS\network diagnostic
2008-06-17 16:53:21 262144 --a------ C:\Documents and Settings\All Users\NTUSER.DAT


-- Find3M Report ---------------------------------------------------------------

2008-07-09 18:46:35 0 d-------- C:\Program Files\Common Files
2008-07-08 10:25:14 0 d-------- C:\Program Files\eclipse3.3.2
2008-06-27 01:21:36 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 23:47:39 0 d-------- C:\Program Files\Common Files\InstallShield
2008-06-21 23:43:17 0 d-------- C:\Program Files\Dell
2008-06-21 19:55:58 0 d-------- C:\Program Files\Windows Desktop Search
2008-06-20 15:01:01 0 d-------- C:\Program Files\Java
2008-06-20 11:36:09 0 d-------- C:\Program Files\Microsoft.NET
2008-06-17 17:10:57 0 d-------- C:\Program Files\Messenger
2008-06-17 17:10:33 0 d-------- C:\Program Files\Movie Maker
2008-06-17 17:08:33 0 d-------- C:\Program Files\Windows NT
2008-04-11 17:23:54 38400 --a------ C:\WINDOWS\system32\SoundSchemes.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4ECFB421-4556-4F3B-892D-8EF267E666E8}]
2008-07-10 15:35 322304 --a------ C:\WINDOWS\system32\ljJDUKDU.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69286AE1-7F3C-4EE3-AF48-89572EBF2264}]
2006-02-28 05:00 88576 --a------ C:\WINDOWS\system32\card.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6E99B427-C748-470E-909A-B7F3644635F7}]
2006-02-28 05:00 88576 --a------ C:\WINDOWS\system32\card.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73984FE0-9702-4C55-9C7B-9BA3C5861F25}]
2008-07-09 00:33 29568 --------- C:\WINDOWS\system32\mlJARjkj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c36604bd-3d1e-49a0-adc1-a6b82e62adc2}]
2008-07-10 15:41 116352 --a------ C:\WINDOWS\system32\cgzxxa.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3FA8675-DE85-4356-8C42-F07547864597}]
C:\WINDOWS\system32\hgGAQIBt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 15:26 C:\WINDOWS\stsystra.exe]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2007-01-25 18:34]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-19 21:05]
"nwiz"="nwiz.exe" [2007-09-19 21:05 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-09-19 21:05 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-09-19 21:05]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" [2006-11-10 00:17]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2006-02-28 05:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2006-02-28 05:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 05:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 05:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2006-02-28 05:00]
"niDevMon"="C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2007-07-14 16:39]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 17:30]
"EmbassySecurityCheck"="C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2007-09-14 10:53]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-05-26 05:33]
"6c4d8b94"="C:\WINDOWS\system32\deovrwjq.dll" [2008-07-10 15:37]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsMenu"=01000000
"NoSMHelp"=01000000
"NoRecentDocsHistory"=01000000
"NoSMMyDocs"=01000000
"NoSMMyPictures"=01000000
"NoNetworkConnections"=01000000
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{73984FE0-9702-4C55-9C7B-9BA3C5861F25}"= C:\WINDOWS\system32\mlJARjkj.dll [2008-07-09 00:33 29568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AutorunsDisabled]
mlJARjkj.dll 2008-07-09 00:33 29568 C:\WINDOWS\system32\mlJARjkj.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 2006-11-16 15:20 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJARjkj]
mlJARjkj.dll 2008-07-09 00:33 29568 C:\WINDOWS\system32\mlJARjkj.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\WINDOWS\system32\ljJDUKDU

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-779125105-2147533107-4227323178-2217\Scripts\Logon\0\0]
"Script"=\\intermolecular.local\NETLOGON\Logon.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-779125105-2147533107-4227323178-2609\Scripts\Logon\0\0]
"Script"=\\intermolecular.local\NETLOGON\Logon.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##imi-data-01#d$#download#SQLServer2005#SQL Server x86#Servers]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL splash.hta


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- End of Deckard's System Scanner: finished at 2008-07-10 16:55:10 ------------


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 45%
Physical Memory (total/avail): 2045.9 MiB / 1121.12 MiB
Pagefile Memory (total/avail): 3937.71 MiB / 3002.61 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1872.67 MiB

C: is Fixed (NTFS) - 74.53 GiB total, 12.64 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
J: is Network (NTFS)
U: is Network (NTFS)

\\.\PHYSICALDRIVE0 - Hitachi HTS721010G9SA00 - 93.16 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.53 GiB - C:

\\.\PHYSICALDRIVE1 - Generic Flash HS-CF USB Device

\\.\PHYSICALDRIVE2 - Generic Flash HS-COMBO USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LT-4PCK8F1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
KMP_DUPLICATE_LIB_OK=TRUE
lib=C:\Program Files\SQLXML 4.0\bin\
MKL_SERIAL=YES
NIDAQmxSwitchDir=C:\Program Files\National Instruments\NI-DAQ\Switch\
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\CFusionMX7\verity\k2\_nti40\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\Microsoft SQL Server\90\DTS\Binn;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE;C:\PROGRA~1\IVIFOU~1\VISA\WinNT\Bin;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5;C:\Program Files\Gemplus\GemSafe Libraries\BIN

PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\WINDOWS\TEMP
TMP=C:\WINDOWS\TEMP
USERPROFILE=C:\Documents and Settings\wwang
VERITY_CFG=C:\CFusionMX7\verity\k2\common\verity.cfg
VS80COMNTOOLS=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\
VXIPNPPATH=C:\PROGRA~1\IVIFOU~1\VISA\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

IM-User (admin)
administrator (new local, admin)
wwang (admin)
gus (new local, admin, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
--> MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
--> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\UltSound.inf,Uninstall
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 8.1.2 Standard --> msiexec /I {AC76BA86-1033-0000-BA7E-000000000003}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x0009 -removeonly
biolsp patch --> MsiExec.exe /I{9593C6E5-205E-45C3-B785-05CF146CA76A}
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Broadcom TPM Driver Installer --> MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
CmdHere Powertoy For Windows XP --> MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
DAEMON Tools --> MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
Dell Drivers MSI --> MsiExec.exe /I{5EC5F187-9D2B-4051-8906-88656819A869}
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Touchpad --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card --> "C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
EMBASSY Security Center --> C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup --> C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup --> MsiExec.exe /I{53333479-6A52-4816-8497-5C52B67ED339}
EMBASSY Trust Suite by Wave Systems --> C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x0009 -removeonly
EmEditor Professional (English) --> MsiExec.exe /I{367C7F66-BFCB-4DDD-B4DD-D76B7F93EC79}
ESC Home Page Plugin --> C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
FlashGet 1.9.6.1073 --> C:\Program Files\FlashGet\uninst.exe
GDR 3054 for SQL Server Analysis Services 2005 ENU (KB934458) --> C:\WINDOWS\OLAP9_KB934458_ENU\Hotfix.exe /Uninstall
GDR 3054 for SQL Server Database Services 2005 ENU (KB934458) --> C:\WINDOWS\SQL9_KB934458_ENU\Hotfix.exe /Uninstall

GDR 3054 for SQL Server Integration Services 2005 ENU (KB934458) --> C:\WINDOWS\DTS9_KB934458_ENU\Hotfix.exe /Uninstall
GDR 3054 for SQL Server Tools and Workstation Components 2005 ENU (KB934458) --> C:\WINDOWS\SQLTools9_KB934458_ENU\Hotfix.exe /Uninstall
Gemalto --> MsiExec.exe /I{EF05BA0F-AC15-4D12-AC5C-276225F5E751}
GemSafe Standard Edition 5.1 --> MsiExec.exe /X{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}
Google Pinyin IME --> "C:\Program Files\Google\Google Pinyin\Uninstall.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\HijackThis\HijackThis.exe" /uninstall
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
Java 2 Runtime Environment, SE v1.4.2_17 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142170}
Java 2 SDK, SE v1.4.2_17 --> MsiExec.exe /I{35A3A4F4-B792-11D6-A78A-00B0D0142170}
Java™ 6 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
K-Lite Mega Codec Pack 3.9.5 --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia ColdFusion MX 7 --> "C:\CFusionMX7\uninstall\Uninstall Macromedia ColdFusion MX 7.exe"
Maxthon2 Browser (remove only) --> C:\Program Files\Maxthon2\MaxthonUINST.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft English TTS Engine --> MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 --> MsiExec.exe /I{2373A92B-1C1C-4E71-B494-5CA97F96AA19}
Microsoft SQL Server 2005 Analysis Services --> MsiExec.exe /I{982DB00A-9C4E-436B-8707-18E113BAA44C}
Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{69880C00-08DD-4385-B752-9C62656F6D1E}
Microsoft SQL Server 2005 Books Online (English) (September 2007) --> MsiExec.exe /I{6FDD4688-E063-401D-B6BE-7234E20B9173}
Microsoft SQL Server 2005 Integration Services --> MsiExec.exe /I{E0A41F96-7231-4AE8-A654-EEB34F935462}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Tools --> MsiExec.exe /I{90032DD0-ABEE-4424-AC1E-B076BDD4E350}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Streets & Trips 2007 --> MsiExec.exe /I{C82185E8-C27B-4EF4-2007-4444BC2C2B6D}
Microsoft Streets & Trips 2008 --> MsiExec.exe /I{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 2005 Professional Edition - ENU Service Pack 1 (KB926601) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {D93F9C7C-AB57-44C8-BAD6-1494674BCAF7} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library for Visual Studio 2005 --> msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005 --> MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
National Instruments Software --> "C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
NTRU TCG Software Stack --> MsiExec.exe /I{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OZ776 SCR Driver V1.1.3.9 --> C:\Program Files\InstallShield Installation Information\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\setup.exe -runfromtemp -l0x0409
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\setup.exe" -l0x9 -cluninstall
Powerword 2007 --> "C:\Program Files\Kingsoft\Powerword 2007\unins000.exe"
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Visual Studio 2005 Professional Edition - ENU (KB937061) --> C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {94E2AAC1-CAE5-4F73-B0D1-C471BA1F8E2A} /package {437AB8E0-FB69-4222-B280-A64F3DE22591}
Service Pack 2 for SQL Server Analysis Services 2005 ENU (KB921896) --> C:\WINDOWS\OLAP9_KB921896_ENU\Hotfix.exe /Uninstall
Service Pack 2 for SQL Server Database Services 2005 ENU (KB921896) --> C:\WINDOWS\SQL9_KB921896_ENU\Hotfix.exe /Uninstall
Service Pack 2 for SQL Server Integration Services 2005 ENU (KB921896) --> C:\WINDOWS\DTS9_KB921896_ENU\Hotfix.exe /Uninstall
Service Pack 2 for SQL Server Tools and Workstation Components 2005 ENU (KB921896) --> C:\WINDOWS\SQLTools9_KB921896_ENU\Hotfix.exe /Uninstall
ServiceCapture --> MsiExec.exe /I{AB2E4CEB-91DF-4F12-99D5-834F2733C38A}
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sony Ericsson PC Suite 3.209.00 --> C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\Setup.exe -runfromtemp -l0x0009 -removeonly
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
SQLXML4 --> MsiExec.exe /I{36DD7006-7BFE-4E3D-AF6E-FA734BC879B7}
Symantec Backup Exec Desktop Agent --> MsiExec.exe /I{D2BE4C7A-DDB0-4A2F-B3DD-534A891E6255}
TortoiseSVN 1.4.8.12137 (32 bit) --> MsiExec.exe /X{1E010E57-0453-4A84-A899-47EEA104661C}
Trend Micro Client/Server Security Agent --> "C:\Program Files\Trend Micro\Client Server Security Agent\ntrmv.exe"
TTS Wrapper --> MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UEStudio v6.50a --> MsiExec.exe /I{3F061678-B91E-4CC4-97E6-9BC1797C18AB}
UltraCompare Professional --> "C:\Program Files\IDM Computer Solutions\UltraCompare\Uninstall.exe" "C:\Program Files\IDM Computer Solutions\UltraCompare\install.log" -u
upekmsi --> MsiExec.exe /I{EA536059-6D12-4E0E-9FB2-DA912AFAB3F1}
Wave Infrastructure Installer --> MsiExec.exe /I{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}
Wave Support Software --> C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Desktop Search 3.01 --> MsiExec.exe /X{E72019B8-1287-4093-BE9B-1CFA7BA1A8D2}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMerge 2.6.14.0 --> "C:\Program Files\WinMerge\unins000.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.2 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
WMHelp XmlPad --> MsiExec.exe /I{718CCDCB-A709-4781-8D64-27ADFB25827A}
XML Paper Specification Shared Components Pack 1.0 -->


-- Application Event Log -------------------------------------------------------

Event Record #/Type7307 / Error
Event Submitted/Written: 07/10/2008 03:32:59 PM
Event ID/Source: 3006 / LoadPerf
Event Description:
Unable to read the performance counter strings of the 009 language ID.
The Win32 status returned by the call is the first DWORD in Data section.

Event Record #/Type7306 / Error
Event Submitted/Written: 07/10/2008 03:32:55 PM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type7303 / Error
Event Submitted/Written: 07/10/2008 03:25:08 PM
Event ID/Source: 1085 / Userenv
Event Description:
The Group Policy client-side extension Software Installation failed to execute. Please look for any errors reported earlier by that extension.

Event Record #/Type7302 / Error
Event Submitted/Written: 07/10/2008 03:25:08 PM
Event ID/Source: 108 / Application Management
Event Description:
Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was : %%1612

Event Record #/Type7300 / Error
Event Submitted/Written: 07/10/2008 03:25:07 PM
Event ID/Source: 102 / Application Management
Event Description:
The install of application Microsoft Office Outlook 2003 from policy Outlook Msi failed. The error was : %%1612



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type5917 / Error
Event Submitted/Written: 07/10/2008 04:49:22 PM / 07/10/2008 04:49:45 PM
Event ID/Source: 5783 / NETLOGON
Event Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\imi-srv-01.Intermolecular.local for the domain INTERMOLECULAR
is not responsive. The current RPC call from Netlogon on \\LT-4PCK8F1 to \\imi-srv-01.Intermolecular.local has been cancelled.

Event Record #/Type5885 / Error
Event Submitted/Written: 07/10/2008 03:26:06 PM
Event ID/Source: 16 / Windows Update Agent
Event Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Event Record #/Type5857 / Warning
Event Submitted/Written: 07/10/2008 03:22:37 PM
Event ID/Source: 11050 / dnscache
Event Description:
The DNS Client service could not contact any DNS servers for
a repeated number of attempts. For the next 30 seconds the
DNS Client service will not use the network to avoid further
network performance problems. It will resume its normal behavior
after that. If this problem persists, verify your TCP/IP
configuration, specifically check that you have a preferred
(and possibly an alternate) DNS server configured. If the problem
continues, verify network conditions to these DNS servers or contact
your network administrator.

Event Record #/Type5849 / Error
Event Submitted/Written: 07/10/2008 03:08:51 PM / 07/10/2008 03:08:52 PM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain INTERMOLECULAR due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Event Record #/Type5816 / Error
Event Submitted/Written: 07/10/2008 09:51:48 AM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.2.6 for the Network Card with network address 001DD968F795 has been
denied by the DHCP server 10.2.4.10 (The DHCP Server sent a DHCPNACK message).



-- End of Deckard's System Scanner: finished at 2008-07-10 16:55:10 ------------

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:48 PM

Posted 11 July 2008 - 03:55 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:



Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\WINDOWS\system32\UDKUDJjl.ini2
    C:\WINDOWS\system32\cgzxxa.dll
    C:\WINDOWS\system32\card.dll
    C:\WINDOWS\system32\deovrwjq.dll
    C:\WINDOWS\system32\ljJDUKDU.dll
    C:\WINDOWS\system32\mlJARjkj.dll
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please post a new log from DSS.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:48 PM

Posted 24 July 2008 - 10:25 AM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users