Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Crashes Several Times A Day


  • This topic is locked This topic is locked
22 replies to this topic

#1 okuuni

okuuni

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 27 July 2008 - 11:37 AM

My computer has been crashing, it doesn't say anything before shutting off, it just shuts off, typically a few times a day. I've run Clean Up!, ad-Aware, spybot S&D, but it's still happening. I've attached a HJthis logfile below...Thank you so much for the help!




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:09 AM, on 7/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\RAE10B.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packtrack.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\savannae\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.wsc-plus.westmarine.net (HKLM)
O15 - ESC Trusted Zone: *.wsc-plus.westmarine.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188201923896
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188201872015
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://4thgenerationsystems.webex.com/clie...ing/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\Software\..\Telephony: DomainName = westmarine.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{73648FD4-812F-48AA-BB4F-C4C023BE847E}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = westmarine.net
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe (file missing)

--
End of file - 8800 bytes

BC AdBot (Login to Remove)

 


m

#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:17 PM

Posted 03 August 2008 - 01:42 PM

Hello okuuni,

Is this a work or business computer?
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 okuuni

okuuni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 03 August 2008 - 10:31 PM

I use it for work from home, as well as personal use.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:17 PM

Posted 03 August 2008 - 10:36 PM

Hi

You said this is a work and personal computer.....does your company have an IT department?

If so, this would be a job for them as that is what they are paid to do.

We're volunteers that work for free here, on a donation only basis.

Your company may also have policies in place for this kind of thing, and I won't be responsible for possibly going against policy.

Please let me know what you're going to do.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 okuuni

okuuni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 04 August 2008 - 12:26 AM

This is my personal computer, I have a normal 'work computer' at the office, which the IT dept would be responsible for. If say I call in sick, I can access my work stuff from home using my personal computer. I hope that makes sense. If not, thanks for trying. :thumbsup:

#6 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:17 PM

Posted 04 August 2008 - 01:44 PM

Hi okuuni,

Usually system crashes are not caused by malware, but we will see if there is any (malware) on your computer.


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll


*********************

Please perform this online scan: Kaspersky Webscan

Note that you need to run this scan with Internet Explorer for it to work correctly.

If you have any problem running the scan to completion, disable your Antivirus and/or firewall temporarily, just refrain from surfing around while the scan is running and be sure to re-enable when done.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license is accepted, reset to 100%.

1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appear asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows Kaspersky to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. Wait for the scanner to initialize and update its databases. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE,
Scan Options:
Scan Archives
Scan Mail Bases


then click "OK"
7. Select a target to scan: Click on "My Computer" and the scan will begin.
8. Once the scan is complete it will display if your system has been infected.
Now click on the Save Report As... button:

Posted Image

Under Save as type select Text file write name for the file and save it to your Desktop.
Locate the file at the Desktop, open it, then copy and paste that information in your next post.
9. Post the Kaspersky scan results in your next reply.


*********************


We need to create a Deckard's System Scanner (DSS) Log.
Please download Deckard's System Scanner (DSS) from one of the links below and save to your Desktop.
Primary Mirror
Secondary Mirror

DSS will do the following:
1. Create a new System Restore point in Windows XP and Vista.
2. Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
3. Check some important areas of your system and produce a report for an analyst to review.
4. Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.

Note: You must be logged onto an account with administrator privileges when using Deckard's System Scanner.

1. Close all applications and windows.
2. Double-click on dss.exe to run it and follow the prompts.

3. If your anti-virus or firewall complains, please allow this script to run as it is not malicious.
4. When the scan is complete, two text files will open in Notepad:
main.txt <-- Will be maximized
extra.txt <-- Will be minimized
5. If not, they both can be found in the C:\Deckard\System Scanner folder.
6. Please copy (<Control>+C) and paste (<Control>+V) the contents of main.txt and extra.txt in your next reply.

Note: When running DSS, some firewalls may warn that DSS is trying to access the Internet; especially if you are asked to download the most current version of HijackThis. Please ensure that DSS is given permission to access the internet.
Note: If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.

In your next reply, I need to see the following reports:
Malwarebytes' Anti-Malware report
Kaspersky scan log
DSS Main.txt
DSS Extra.txt

Edited by SifuMike, 04 August 2008 - 01:52 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 okuuni

okuuni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 05 August 2008 - 11:04 PM

Thank you so much for the help, here are the logs:


Malwarebytes' Anti-Malware 1.24
Database version: 1028
Windows 5.1.2600 Service Pack 2

8:33:59 PM 8/5/2008
mbam-log-8-5-2008 (20-33-59).txt

Scan type: Quick Scan
Objects scanned: 47186
Time elapsed: 21 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 305

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{70004d5d-3bf6-4d51-43b2-02fc0002cdb5} (Rogue.Errorsafe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\error nuker (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Error Nuker (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Error Nuker (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\backup (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\bin (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\config (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\startup_log (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Error Nuker (Rogue.ErrorNuker) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Error Nuker\uninstall.exe (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\bin\ErrorNuker.exe (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\bin\StartupManager.exe (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\config\drr_conf.ini (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\config\drr_english.ini (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\config\drr_support.ini (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc\errornuker.chm (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc\license.rtf (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc\readme.txt (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\doc\vssver.scc (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\drr_hist_date.dat (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\drr_hist_desc.dat (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\drr_hist_entries.dat (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\drr_hist_files.dat (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\Error Nuker Log File.txt (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000007 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000008 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000009 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000010 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000011 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000012 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000013 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000014 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000015 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203556_000000016 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000017 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000018 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000019 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000020 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000021 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000022 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000023 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000024 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000025 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000026 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000027 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000028 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080114_203557_000000029 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080122_162206_000000001 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080122_162206_000000002 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080122_162206_000000003 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080122_162206_000000004 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080122_162206_000000005 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080122_162206_000000006 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080122_162206_000000007 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080122_162206_000000008 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080122_162206_000000009 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080217_194349_000000003 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080217_194349_000000004 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080229_091939_000000007 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080229_091939_000000008 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080229_091940_000000009 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080229_091940_000000010 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080229_091940_000000011 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080229_091940_000000012 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134408_000000026 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134408_000000027 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134408_000000028 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134408_000000029 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000030 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000031 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000032 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000033 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000034 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000035 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000036 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000037 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000038 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000039 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000040 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000041 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000042 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000043 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000044 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000045 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000046 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000047 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080404_134409_000000048 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080511_102236_000000015 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080511_102236_000000016 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080511_102236_000000017 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080511_102236_000000018 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080511_102236_000000019 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080511_102236_000000020 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080511_102236_000000021 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\shortcut20080511_102236_000000022 (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203556_000000000.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203556_000000001.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203556_000000002.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203556_000000003.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203556_000000004.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203556_000000005.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203556_000000006.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000030.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000031.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000032.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000033.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000034.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000035.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000036.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000037.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000038.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000039.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000040.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000041.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000042.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000043.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000044.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000045.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000046.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000047.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000048.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000049.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000050.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000051.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000052.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000053.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000054.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000055.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000056.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000057.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000058.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000059.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000060.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000061.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000062.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000063.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000064.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000065.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000066.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000067.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000068.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000069.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000070.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000071.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000072.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000073.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000074.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000075.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000076.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000077.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000078.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000079.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203826_000000080.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000081.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000082.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000083.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000084.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000085.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000086.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000087.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000088.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000089.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000090.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000091.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000092.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000093.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000094.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000095.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000096.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000097.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000098.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000099.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000100.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000101.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000102.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000103.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000104.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000105.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000106.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000107.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000108.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000109.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000110.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000111.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000112.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000113.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000114.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000115.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000116.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000117.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000118.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000119.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000120.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000121.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000122.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000123.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000124.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000125.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000126.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000127.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000128.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000129.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000130.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000131.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000132.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000133.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000134.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000135.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000136.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000137.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000138.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000139.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000140.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000141.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000142.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000143.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000144.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000145.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000146.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000147.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000148.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000149.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000150.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000151.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000152.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000153.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000154.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000155.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000156.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000157.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000158.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000159.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000160.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000161.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000162.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000163.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000164.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000165.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000166.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000167.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000168.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000169.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000170.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000171.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000172.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000173.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000174.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000175.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000176.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000177.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000178.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080114_203827_000000179.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080122_162206_000000000.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080217_194349_000000000.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080217_194349_000000001.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080217_194349_000000002.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080229_091939_000000000.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080229_091939_000000001.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080229_091939_000000002.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080229_091939_000000003.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080229_091939_000000004.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080229_091939_000000005.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080229_091939_000000006.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000000.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000001.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000002.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000003.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000004.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000005.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000006.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000007.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000008.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000009.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000010.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000011.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000012.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000013.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000014.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000015.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000016.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000017.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000018.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000019.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000020.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000021.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000022.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000023.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000024.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080404_134408_000000025.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000000.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000001.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000002.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000003.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000004.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000005.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000006.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000007.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000008.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000009.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000010.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000011.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000012.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000013.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\log\undo20080511_102236_000000014.reg (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\error_nuker.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\startup.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\uninst.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\vssver.scc (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\~trash.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Program Files\Error Nuker\res\~xpinstall.ico (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Error Nuker\Error Nuker.lnk (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Error Nuker\Startup Manager.lnk (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Error Nuker\Uninstall Error Nuker.lnk (Rogue.ErrorNuker) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Error Nuker\Web Home.lnk (Rogue.ErrorNuker) -> Quarantined and deleted successfully.



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 5, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 06, 2008 03:54:45
Records in database: 1059184
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
G:\
S:\

Scan statistics:
Files scanned: 89621
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:38:26

No malware has been detected. The scan area is clean.

The selected area was scanned.




Deckard's System Scanner v20071014.68
Run by SavannaE on 2008-08-05 20:36:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
55: 2008-08-06 03:36:44 UTC - RP579 - Deckard's System Scanner Restore Point
54: 2008-08-05 22:00:35 UTC - RP578 - System Checkpoint
53: 2008-08-04 18:54:15 UTC - RP577 - Installed Adobe Audition 3.0
52: 2008-08-04 15:29:12 UTC - RP576 - System Checkpoint
51: 2008-08-02 07:25:06 UTC - RP575 - System Checkpoint


-- First Restore Point --
1: 2008-06-05 03:53:37 UTC - RP525 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as SavannaE.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:31 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\VLFDF8.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\savannae\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SavannaE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packtrack.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\savannae\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.wsc-plus.westmarine.net (HKLM)
O15 - ESC Trusted Zone: *.wsc-plus.westmarine.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188201923896
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188201872015
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://4thgenerationsystems.webex.com/clie...ing/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\Software\..\Telephony: DomainName = westmarine.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{73648FD4-812F-48AA-BB4F-C4C023BE847E}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = westmarine.net
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe (file missing)

--
End of file - 8781 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080404-145108-139 O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
backup-20080404-145108-282 O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
backup-20080404-145108-744 O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
backup-20080404-145108-901 O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
backup-20080404-145108-964 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
backup-20080405-192321-522 O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
backup-20080727-094046-846 O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
backup-20080731-143136-412 O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows ® 2000 DDK provider; Windows ® 2000 DDK driver>
R2 CP_OMDRV (Check Point Office Mode Module) - c:\windows\system32\drivers\omdrv.sys <Not Verified; Check Point Software Technologies; vna>
R2 PMEM - c:\windows\system32\drivers\pmemnt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows NT™ Operating System>
R2 TM_CFW (Common Firewall Driver) - c:\program files\trend micro\officescan client\tm_cfw.sys <Not Verified; Trend Micro Inc.; Trend Micro Common Firewall Module 1.2>
R2 VPN-1 (VPN-1 Module) - c:\windows\system32\drivers\vpn.sys <Not Verified; Check Point Software Technologies; vpn1>

S3 vmfilter303 - c:\windows\system32\drivers\vmfilter303.sys <Not Verified; Vimicro Corporation; Filter for VM303 with Face Tracking>
S3 ZSMC303 (USB PC Camera (Vimicro301 Neptune)) - c:\windows\system32\drivers\usbvm303.sys <Not Verified; Vimicro Corporation; >


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 ntrtscan (OfficeScanNT RealTime Scan) - "c:\program files\trend micro\officescan client\ntrtscan.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 OfcPfwSvc (OfficeScanNT Personal Firewall) - "c:\program files\trend micro\officescan client\ofcpfwsvc.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>
R2 PatchLink Update - c:\program files\patchlink\update agent\gravitixservice.exe <Not Verified; Patchlink Corporation; Patchlink Update>
R2 ProtexisLicensing - c:\windows\system32\psiservice.exe <Not Verified; ; PSIService>
R2 SR_Service (Check Point SecuRemote Service) - "c:\program files\checkpoint\securemote\bin\sr_service.exe" <Not Verified; Check Point Software Technologies; VPN-1 SecuRemote/SecureClient>
R2 SR_WatchDog (Check Point SecuRemote WatchDog) - "c:\program files\checkpoint\securemote\bin\sr_watchdog.exe" <Not Verified; Check Point Software Technologies; desktop>
R2 tmlisten (OfficeScanNT Listener) - "c:\program files\trend micro\officescan client\tmlisten.exe" <Not Verified; Trend Micro Inc.; Trend Micro OfficeScan>

S2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service (file missing)
S3 Cwbrxd (iSeries Access for Windows Remote Command) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM® iSeries ™ Access for Windows>
S3 OnePointDomainAdminService (Active Directory Migration Agent) - c:\windows\onepointdomainagent\dctagentservice.exe <Not Verified; Microsoft Corporation; Active Directory Migration Tool>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: U.S. Robotics 56K Faxmodem Win 1807
Device ID: PCI\VEN_12B9&DEV_1007&SUBSYS_00C712B9&REV_00\4&3A321F38&0&50F0
Manufacturer: U.S. Robotics Corporation
Name: U.S. Robotics 56K Faxmodem Win 1807
PNP Device ID: PCI\VEN_12B9&DEV_1007&SUBSYS_00C712B9&REV_00\4&3A321F38&0&50F0
Service: Modem


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-05 20:01:46 0 d-------- C:\Documents and Settings\savannae\Application Data\Malwarebytes
2008-08-05 20:01:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 20:01:40 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 13:43:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-04 11:57:03 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-30 21:05:58 0 d-------- C:\Program Files\SpeedFan
2008-07-23 13:52:47 0 d-------- C:\Documents and Settings\savannae\Tracing
2008-07-23 13:51:08 0 d-------- C:\Program Files\DIFX
2008-07-23 13:50:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Applications


-- Find3M Report ---------------------------------------------------------------

2008-08-05 13:18:58 0 d-------- C:\Documents and Settings\savannae\Application Data\Corel
2008-08-05 13:17:28 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-04 13:48:40 0 d-------- C:\Documents and Settings\savannae\Application Data\LimeWire
2008-08-04 13:43:52 0 d-------- C:\Documents and Settings\savannae\Application Data\Adobe
2008-08-04 11:57:03 0 d-------- C:\Program Files\Common Files
2008-08-04 11:56:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-31 14:17:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-31 14:17:05 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-07-27 09:55:57 0 d-------- C:\Documents and Settings\savannae\Application Data\Image Zone Express
2008-06-13 14:08:43 0 d-------- C:\Documents and Settings\savannae\Application Data\IMVU
2008-06-13 13:58:49 0 d-------- C:\Program Files\IMVU
2008-06-12 08:07:59 0 d-------- C:\Program Files\SecondLife
2008-06-09 14:28:06 0 d-------- C:\Program Files\MSECache


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
12/15/2006 06:34 PM 599472 --a------ C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [06/05/2005 05:30 AM]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [06/05/2005 05:30 AM]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [06/05/2005 05:30 AM]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [06/05/2005 05:30 AM]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [06/05/2005 05:30 AM]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [01/07/2008 03:15 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/18/2001 02:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 10:31 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [10/02/2007 12:34 PM]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 04/09/2006 08:59 PM 24674 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=PST_disable.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\1]
"Script"=addlocaladmins.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4069712820-383745501-364879-10025\Scripts\Logon\0\0]
"Script"=WSC_LogIn.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4069712820-383745501-364879-10025\Scripts\Logon\1\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker]
C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer (demo) Agent]
"C:\Program Files\Smart PDF Creator\sspdfagentd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer (demo) virtual printer agent]
"C:\Program Files\Smart PDF Creator\sspdfagentd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - WINVNC



-- End of Deckard's System Scanner: finished at 2008-08-05 20:41:42 ------------




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 3.00GHz
CPU 1: Intel® Pentium® 4 CPU 3.00GHz
Percentage of Memory in Use: 66%
Physical Memory (total/avail): 758.98 MiB / 251.81 MiB
Pagefile Memory (total/avail): 1857.46 MiB / 1189.74 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.22 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 34.96 GiB total, 16.9 GiB free.
D: is CDROM (No Media)
G: is Network (Unformatted)
S: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - WDC WD400BB-23JHA1 - 37.27 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 34.96 GiB - C:
\PARTITION1 - Unknown - 2.3 GiB



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.

FW: Trend Micro OfficeScan Enterprise Client Firewall v7.3 (TrendFirewall)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Enabled:VPN-1 SecuRemote/SecureClient application"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awhost32.exe:*:Disabled:pcAnywhere Host Service"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe:*:Disabled:VPN-1 SecuRemote/SecureClient application"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe:*:Disabled:VPN-1 SecuRemote/SecureClient command line"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe:*:Disabled:VPN-1 SecuRemote/SecureClient diagnostics"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe:*:Disabled:VPN-1 SecuRemote/SecureClient SDS agent"
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"="C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe:*:Disabled:VPN-1 SecuRemote/SecureClient service"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\savannae\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAVANNAHE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\savannae
LOGONSERVER=\\CAMARO
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\PROGRA~1\Java\JRE16~3.0_0\bin;C:\PROGRA~1\Java\JRE16~3.0_0\bin;C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\QuickTime\QTSystem\;.
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\savannae\LOCALS~1\Temp
TMP=C:\DOCUME~1\savannae\LOCALS~1\Temp
USERDNSDOMAIN=westmarine.net
USERDOMAIN=WESTMARINE
USERNAME=SavannaE
USERPROFILE=C:\Documents and Settings\savannae
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

davidg (admin)
admin (admin)
Administrator (admin)
savannae (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe" REMOVEALL --u:{F37167DD-4436-4641-90B6-329D60632DDA}
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL4.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL101.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL15.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL42.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL43.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL46.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL47.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL48.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL49.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL50.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL51.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL52.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL53.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL54.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL55.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL56.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL7.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL8.isu"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer --> MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Access IBM --> MsiExec.exe /X{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}
Access IBM Cleanup Utility --> MsiExec.exe /I{CF44C7A5-5705-41E4-BE84-A9A42977AB05}
Access IBM Message Center --> MsiExec.exe /X{710C0BB2-FE39-484E-BB23-C9B96835A14A}
Access IBM Tools --> C:\Program Files\IBM\Access IBM\IBMUINST.EXE
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Audition 3.0 --> msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
Check Point VPN-1 SecureClient NGX R60 HFA1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FCF2FC0-8268-11D4-A313-0006290D766E}\setup.exe" ADD_REMOVE
Chinese (Simplified) Language Support --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\cn.inf, Uninstall
CleanUp! --> C:\Program Files\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Paint Shop Pro Photo XI --> MsiExec.exe /X{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Easy GIF Animator 4.1 --> "C:\Program Files\Easy GIF Animator\unins000.exe"
FAXCOM Suite for Windows Client --> MsiExec.exe /I{D220020F-7647-4831-AA43-E6E44B323CF1}
FTPEdit 3.10 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A360A441-D521-4BB3-878F-47DB79412919}\Setup.exe" -l0x9
Google Pinyin IME --> "C:\Program Files\Google\Google Pinyin\Uninstall.exe"
GoToMeeting/GoToWebinar 3.0.0.190 --> C:\Program Files\Citrix\GoToMeeting\190\G2MUninstall.exe /uninstall
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Homestead SiteBuilder --> C:\Program Files\Homestead\Homestead Professional\Editor\hkuninst.exe -path C:\Program Files\Homestead\Homestead Professional
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe"
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Smart Web Printing 1.0 --> MsiExec.exe /X{E3030F57-9E6B-4E36-95B6-F7B4DBDEB8FB}
HP Update --> MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HPSSupply --> MsiExec.exe /X{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}
IBM iSeries Access for Windows --> "C:\Program Files\IBM\Client Access\cwbinarp.exe"
IBM iSeries Access for Windows SI18651 --> "C:\Program Files\IBM\Client Access\cwbunsp.exe"
IBM Update Connector --> MsiExec.exe /X{31C2FBAC-67CF-4093-8F36-15A146613747}
ijji --> C:\ijji\ENGLISH\ijjiUninstall.exe
ijji Auto Installer --> "C:\Program Files\InstallShield Installation Information\{1DCC7418-2089-4BDD-B321-3771956160FC}\setup.exe" -runfromtemp -l0x0009 -removeonly
ijji FireFox Launcher 1.0 --> C:\Documents and Settings\All Users\Application Data\IJJIGame\uninst.exe
IMVU Avatar Chat Software --> C:\Program Files\IMVU\Uninstall.exe
Intel® Extreme Graphics 2 Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet --> MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterVideo WinDVD 8 --> C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
iTunes --> MsiExec.exe /I{02DFB3FD-CF52-4183-8BCA-2A127D4888F4}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Last.fm 1.4.2.58376 --> "C:\Program Files\Last.fm\unins000.exe"
LimeWire 4.16.7 --> "C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Live Meeting 2007 --> MsiExec.exe /I{E3CD4EA8-68BB-46E8-9E79-20A417A82C53}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft XML 4.0 SP 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6E92BCC-717B-4B2A-A82E-8368D4B5F45F}\setup.exe" -l0x9
Morpheus Photo Compressor v2.00 --> "C:\Program Files\Morpheus Photo Compressor\unins000.exe"
Mouse Suite --> PMUninst.exe MouseSuite98
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
PatchLink Update Agent --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F060A75A-9D6E-46F5-A9E6-7B513F4F44FB}\setup.exe" -l0x9
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
Rapid PHP 2007 v8.31 --> "C:\Program Files\Rapid PHP 2007\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Smart PDF Creator 3.1.5 --> "C:\Program Files\Smart PDF Creator\unins000.exe"
SoundMAX --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.EXE"
SpeedFan (remove only) --> "C:\Program Files\SpeedFan\uninstall.exe"
ThinkCentre Wallpaper --> MsiExec.exe /I{80380166-A872-4B78-B98A-33447A032BDF}
Trend Micro OfficeScan Client --> "C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
USB PC Camera (Vimicro301 Neptune) --> C:\Program Files\InstallShield Installation Information\{CE3B8E96-B0AF-4871-9178-1519B58E3A93}\setup.exe -runfromtemp -l0x0009 -removeonly
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
WebEx --> C:\PROGRA~1\MOZILL~1\plugins\atcliun.exe
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> "C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$hf_mig$\KB900485\spuninst.exe"
Windows NT Messaging --> RunDll32 setupapi.dll,InstallHinfSection Uninstall 4 MSMail.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type15555 / Error
Event Submitted/Written: 08/05/2008 07:26:11 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Event Record #/Type15554 / Error
Event Submitted/Written: 08/05/2008 07:23:39 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Event Record #/Type15553 / Error
Event Submitted/Written: 08/05/2008 05:53:36 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Event Record #/Type15552 / Error
Event Submitted/Written: 08/05/2008 05:37:05 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.

Event Record #/Type15551 / Error
Event Submitted/Written: 08/05/2008 04:20:04 PM
Event ID/Source: 1054 / Userenv
Event Description:
Windows cannot obtain the domain controller name for your computer network. (An unexpected network error occurred. ). Group Policy processing aborted.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type8941 / Warning
Event Submitted/Written: 08/05/2008 08:14:58 PM
Event ID/Source: 10 / Kerberos
Event Description:
The kerberos subsystem is having problems fetching tickets from
your domain controller using the UDP network protocol. This is
typically due to network problems. Please contact your system
administrator.

Event Record #/Type8939 / Warning
Event Submitted/Written: 08/05/2008 07:58:21 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type8938 / Warning
Event Submitted/Written: 08/05/2008 07:13:46 PM
Event ID/Source: 10 / Kerberos
Event Description:
The kerberos subsystem is having problems fetching tickets from
your domain controller using the UDP network protocol. This is
typically due to network problems. Please contact your system
administrator.

Event Record #/Type8937 / Warning
Event Submitted/Written: 08/05/2008 06:13:05 PM
Event ID/Source: 10 / Kerberos
Event Description:
The kerberos subsystem is having problems fetching tickets from
your domain controller using the UDP network protocol. This is
typically due to network problems. Please contact your system
administrator.

Event Record #/Type8936 / Warning
Event Submitted/Written: 08/05/2008 04:43:34 PM
Event ID/Source: 10 / Kerberos
Event Description:
The kerberos subsystem is having problems fetching tickets from
your domain controller using the UDP network protocol. This is
typically due to network problems. Please contact your system
administrator.



-- End of Deckard's System Scanner: finished at 2008-08-05 20:41:42 ------------

#8 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:17 PM

Posted 06 August 2008 - 12:44 AM

Hi okuuni,

Your Ad-Aware SE Personal is out of date, so uninstall it.
Please download the Ad-Aware 2008 Free


Just a note:
Please refrain from using any Peer 2 Peer (Limewire) until your system is clean.

At one time P2P file sharing was fairly safe. That is no longer true. This practice may be the source of your current malware infestation.

I strongly recommend removing Limewire, particualy on a business computer. :thumbsup:

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection.
That is because the files you are downloading may actually contain a disguised threat.
Many very malicious worms and trojans, spread across P2P files sharing networks because of their known vulnerabilities.



Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of  Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 7".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language  jre-6u7-windows-i586.exe and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    Examples of older versions in Add or Remove Programs:

    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 6
    Java 6 Update 3
    Java 6 Update 5
    Java SE Runtime Environment 6 Update 1

  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.

You have a suspicous file we need to check.

Go to next site: http://www.virustotal.com/en/indexf.html
On top you'll find 'Browse'
Click the browse button and browse to next file:

C:\WINDOWS\TEMP\VLFDF8.EXE

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Save the results in notepad.
Once scanned, copy and paste the results in your next reply, along with a fresh DSS Main.txt log.

NOTE: I usually enter my email address at virus total so they can send me the scan results. They usually only take a couple minutes to reply.
You can copy/paste the results of scan results here.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 okuuni

okuuni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 06 August 2008 - 02:02 AM

My C:\WINDOWS\temp folder is empty, so I couldn't do the scan with http://www.virustotal.com/en/indexf.html


Here is the new DSS scan:

Deckard's System Scanner v20071014.68
Run by SavannaE on 2008-08-06 00:00:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as SavannaE.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:57 AM, on 8/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\VLFDF8.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\UNWISE.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\UNWISE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Documents and Settings\savannae\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\SavannaE.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packtrack.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\savannae\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.wsc-plus.westmarine.net (HKLM)
O15 - ESC Trusted Zone: *.wsc-plus.westmarine.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188201923896
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188201872015
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://4thgenerationsystems.webex.com/clie...ing/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\Software\..\Telephony: DomainName = westmarine.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{73648FD4-812F-48AA-BB4F-C4C023BE847E}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = westmarine.net
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe (file missing)

--
End of file - 8868 bytes

-- Files created between 2008-07-06 and 2008-08-06 -----------------------------

2008-08-05 23:58:21 0 d-------- C:\Program Files\Lavasoft
2008-08-05 23:58:21 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-05 23:57:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-05 23:40:43 0 d-------- C:\Program Files\Sun
2008-08-05 20:01:46 0 d-------- C:\Documents and Settings\savannae\Application Data\Malwarebytes
2008-08-05 20:01:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 20:01:40 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 13:43:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-04 11:57:03 0 d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-30 21:05:58 0 d-------- C:\Program Files\SpeedFan
2008-07-23 13:52:47 0 d-------- C:\Documents and Settings\savannae\Tracing
2008-07-23 13:51:08 0 d-------- C:\Program Files\DIFX
2008-07-23 13:50:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Applications


-- Find3M Report ---------------------------------------------------------------

2008-08-05 23:57:47 0 d-------- C:\Program Files\Common Files
2008-08-05 23:50:43 0 d-------- C:\Program Files\Java
2008-08-05 23:30:25 0 d-------- C:\Program Files\LimeWire
2008-08-05 23:29:27 0 d-------- C:\Documents and Settings\savannae\Application Data\Lavasoft
2008-08-05 13:18:58 0 d-------- C:\Documents and Settings\savannae\Application Data\Corel
2008-08-05 13:17:28 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-04 13:48:40 0 d-------- C:\Documents and Settings\savannae\Application Data\LimeWire
2008-08-04 13:43:52 0 d-------- C:\Documents and Settings\savannae\Application Data\Adobe
2008-08-04 11:56:42 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-31 14:17:08 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-31 14:17:05 0 d-------- C:\Program Files\PC-Doctor for Windows
2008-07-27 09:55:57 0 d-------- C:\Documents and Settings\savannae\Application Data\Image Zone Express
2008-06-13 14:08:43 0 d-------- C:\Documents and Settings\savannae\Application Data\IMVU
2008-06-13 13:58:49 0 d-------- C:\Program Files\IMVU
2008-06-12 08:07:59 0 d-------- C:\Program Files\SecondLife
2008-06-09 14:28:06 0 d-------- C:\Program Files\MSECache


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AE84A6AA-A333-4B92-B276-C11E2212E4FE}]
12/15/2006 06:34 PM 599472 --a------ C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [06/05/2005 05:30 AM]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [06/05/2005 05:30 AM]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [06/05/2005 05:30 AM]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [06/05/2005 05:30 AM]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [06/05/2005 05:30 AM]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [01/07/2008 03:15 AM]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/03/2004 10:32 PM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/18/2001 02:00 AM]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/03/2004 10:31 PM]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/03/2004 10:32 PM]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [10/02/2007 12:34 PM]
"BigDog303"="C:\WINDOWS\VM303_STI.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 12:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 04/09/2006 08:59 PM 24674 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=PST_disable.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\1]
"Script"=addlocaladmins.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4069712820-383745501-364879-10025\Scripts\Logon\0\0]
"Script"=WSC_LogIn.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4069712820-383745501-364879-10025\Scripts\Logon\1\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Error Nuker]
C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer (demo) Agent]
"C:\Program Files\Smart PDF Creator\sspdfagentd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer (demo) virtual printer agent]
"C:\Program Files\Smart PDF Creator\sspdfagentd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc

*Newly Created Service* - AAWSERVICE
*Newly Created Service* - WINVNC



-- End of Deckard's System Scanner: finished at 2008-08-06 00:01:22 ------------

#10 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:17 PM

Posted 06 August 2008 - 01:15 PM

Hello okuuni,

Did you uninstall Limewire? It should not be on a business computer.

You are still infected so we will run ComboFix.

You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.


You need to disable your Trend Micro Antivirus before running ComboFix, as it will prevent it from running.

You can disable Trend Micro AntiVirus from the system tray menu.


Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

To work properly, you must install ComboFix on the Desktop.

When following the instructions install the Windows XP Recovery Console if you are using XP. <== IMPORTANT
It is a simple procedure that will only take a few moments of your time. It is our safety net.


You DO NOT need to have the Windows CD to install Recovery Console!

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.


We need Recovery Console because malware damages a lot and causes an instable system - and because of that, it may happen that your computer won't be able to boot anymore. With the Recovery Console installed, there are extra options present to repair whatever malware damaged.
Also, even though you're not infected, the presence of the Recovery Console is a useful feature in case a computer won't boot anymore because of several other reasons. Read here what you can do with the Recovery Console.

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.
Don't select to run the Recovery Console as we don't need it.
By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

A caution -
Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

Post the ComboFix log.

Edited by SifuMike, 06 August 2008 - 01:19 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 okuuni

okuuni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 06 August 2008 - 03:14 PM

I did delete the Limewire when you originally mentioned so. :thumbsup:

Here is the combofix log:


ComboFix 08-08-06.01 - SavannaE 2008-08-06 13:00:54.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.435 [GMT -7:00]
Running from: C:\Documents and Settings\savannae\Desktop\ComboFix.exe
* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\savannae\Application Data\macromedia\Flash Player\#SharedObjects\FG57QFVD\interclick.com
C:\Documents and Settings\savannae\Application Data\macromedia\Flash Player\#SharedObjects\FG57QFVD\interclick.com\ud.sol
C:\Documents and Settings\savannae\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\savannae\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\savannae\g2mdlhlpx.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-06 to 2008-08-06 )))))))))))))))))))))))))))))))
.

2008-08-06 12:58 . 2008-08-06 12:58 32,549 --a------ C:\WINDOWS\king-uninstall.exe
2008-08-05 23:58 . 2008-08-05 23:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-05 23:58 . 2008-08-05 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-05 23:57 . 2008-08-05 23:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-05 23:40 . 2008-08-05 23:40 <DIR> d-------- C:\Program Files\Sun
2008-08-05 20:35 . 2008-08-05 20:35 <DIR> d-------- C:\Deckard
2008-08-05 20:01 . 2008-08-05 20:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-05 20:01 . 2008-08-05 20:01 <DIR> d-------- C:\Documents and Settings\savannae\Application Data\Malwarebytes
2008-08-05 20:01 . 2008-08-05 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 20:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-05 20:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 13:43 . 2008-08-04 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-04 11:57 . 2008-08-04 11:57 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-30 21:05 . 2008-08-03 01:51 <DIR> d-------- C:\Program Files\SpeedFan
2008-07-30 21:05 . 2008-07-30 21:05 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-07-23 13:52 . 2008-07-23 13:52 <DIR> d-------- C:\Documents and Settings\savannae\Tracing
2008-07-23 13:51 . 2008-07-23 13:51 <DIR> d-------- C:\Program Files\DIFX
2008-07-23 13:51 . 2008-03-27 00:00 84,992 --a------ C:\WINDOWS\system32\lmdimon8.dll
2008-07-23 13:50 . 2008-07-23 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 06:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 06:50 --------- d-----w C:\Program Files\Java
2008-08-06 06:30 --------- d-----w C:\Program Files\LimeWire
2008-08-06 06:29 --------- d-----w C:\Documents and Settings\savannae\Application Data\Lavasoft
2008-08-05 20:18 --------- d-----w C:\Documents and Settings\savannae\Application Data\Corel
2008-08-05 20:17 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-04 20:48 --------- d-----w C:\Documents and Settings\savannae\Application Data\LimeWire
2008-08-04 18:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-31 21:17 --------- d-----w C:\Program Files\PC-Doctor for Windows
2008-07-27 16:55 --------- d-----w C:\Documents and Settings\savannae\Application Data\Image Zone Express
2008-07-04 11:12 316,672 ----a-w C:\WINDOWS\KingComIE.dll
2008-06-13 21:08 --------- d-----w C:\Documents and Settings\savannae\Application Data\IMVU
2008-06-13 20:58 --------- d-----w C:\Program Files\IMVU
2008-06-12 15:07 --------- d-----w C:\Program Files\SecondLife
2008-06-09 21:28 --------- d-----w C:\Program Files\MSECache
2008-05-16 18:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-08-03 14:31 44,624 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2007-08-03 14:31 108,192 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2007-09-28 02:33 88 --sh--r C:\WINDOWS\system32\25FEC80BA4.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2005-06-05 05:30 20480]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2005-06-05 05:30 24576]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2005-06-05 05:30 45106]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2005-06-05 05:30 20480]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [2005-06-05 05:30 40960]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 03:15 251376]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 22:32 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 02:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-10-02 12:34 356429]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2006-04-09 20:59 24674 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=PST_disable.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\1]
"Script"=addlocaladmins.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4069712820-383745501-364879-10025\Scripts\Logon\0\0]
"Script"=WSC_LogIn.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4069712820-383745501-364879-10025\Scripts\Logon\1\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
--a------ 2007-10-02 12:34 356429 C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer (demo) Agent]
--a------ 2007-10-22 00:45 94208 C:\Program Files\Smart PDF Creator\sspdfagentd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer (demo) virtual printer agent]
--a------ 2007-10-22 00:45 94208 C:\Program Files\Smart PDF Creator\sspdfagentd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"tmlisten"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 20:58]
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2006-04-09 20:59]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 20:59]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2006-04-09 20:58]
R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 13:25]
S3 OnePointDomainAdminService;Active Directory Migration Agent;C:\WINDOWS\OnePointDomainAgent\DCTAgentService.exe [2005-09-20 08:20]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 14:28]
S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
*Newly Created Service* - WINVNC
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BigDog303 - C:\WINDOWS\VM303_STI.EXE
MSConfigStartUp-Error Nuker - C:\Program Files\Error Nuker\bin\ErrorNuker.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\savannae\Application Data\Mozilla\Firefox\Profiles\01hmx7fw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.packtrack.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 13:04:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-06 13:06:54
ComboFix-quarantined-files.txt 2008-08-06 20:06:26

Pre-Run: 17,365,733,376 bytes free
Post-Run: 17,349,500,928 bytes free

177

#12 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:17 PM

Posted 06 August 2008 - 04:19 PM

Hi okuuni,

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


Click Start, then Run and type Notepad and click OK.
Open notepad - don't use any other text editor than notepad or the script will fail.
Copy/paste the text in the code box below into notepad:

Folder:: 
C:\Program Files\Java\jre1.6.0_05

Registry:: 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]


Name the Notepad file CFScript.txt and Save it to your desktop.

IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.



Posted Image

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 okuuni

okuuni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 06 August 2008 - 10:17 PM

ComboFix 08-08-06.01 - SavannaE 2008-08-06 20:10:25.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.461 [GMT -7:00]
Running from: C:\Documents and Settings\savannae\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\Java\jre1.6.0_05
C:\Program Files\Java\jre1.6.0_05\bin\awt.dll
C:\Program Files\Java\jre1.6.0_05\bin\axbridge.dll
C:\Program Files\Java\jre1.6.0_05\bin\client\classes.jsa
C:\Program Files\Java\jre1.6.0_05\bin\client\jvm.dll
C:\Program Files\Java\jre1.6.0_05\bin\client\Xusage.txt
C:\Program Files\Java\jre1.6.0_05\bin\cmm.dll
C:\Program Files\Java\jre1.6.0_05\bin\dcpr.dll
C:\Program Files\Java\jre1.6.0_05\bin\deploy.dll
C:\Program Files\Java\jre1.6.0_05\bin\dt_shmem.dll
C:\Program Files\Java\jre1.6.0_05\bin\dt_socket.dll
C:\Program Files\Java\jre1.6.0_05\bin\fontmanager.dll
C:\Program Files\Java\jre1.6.0_05\bin\hpi.dll
C:\Program Files\Java\jre1.6.0_05\bin\hprof.dll
C:\Program Files\Java\jre1.6.0_05\bin\instrument.dll
C:\Program Files\Java\jre1.6.0_05\bin\ioser12.dll
C:\Program Files\Java\jre1.6.0_05\bin\j2pcsc.dll
C:\Program Files\Java\jre1.6.0_05\bin\j2pkcs11.dll
C:\Program Files\Java\jre1.6.0_05\bin\jaas_nt.dll
C:\Program Files\Java\jre1.6.0_05\bin\java-rmi.exe
C:\Program Files\Java\jre1.6.0_05\bin\java.dll
C:\Program Files\Java\jre1.6.0_05\bin\java.exe
C:\Program Files\Java\jre1.6.0_05\bin\java_crw_demo.dll
C:\Program Files\Java\jre1.6.0_05\bin\javacpl.cpl
C:\Program Files\Java\jre1.6.0_05\bin\javacpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe
C:\Program Files\Java\jre1.6.0_05\bin\javaws.exe
C:\Program Files\Java\jre1.6.0_05\bin\jawt.dll
C:\Program Files\Java\jre1.6.0_05\bin\JdbcOdbc.dll
C:\Program Files\Java\jre1.6.0_05\bin\jdwp.dll
C:\Program Files\Java\jre1.6.0_05\bin\jli.dll
C:\Program Files\Java\jre1.6.0_05\bin\jpeg.dll
C:\Program Files\Java\jre1.6.0_05\bin\jpicom.dll
C:\Program Files\Java\jre1.6.0_05\bin\jpiexp.dll
C:\Program Files\Java\jre1.6.0_05\bin\jpinscp.dll
C:\Program Files\Java\jre1.6.0_05\bin\jpioji.dll
C:\Program Files\Java\jre1.6.0_05\bin\jpishare.dll
C:\Program Files\Java\jre1.6.0_05\bin\jsound.dll
C:\Program Files\Java\jre1.6.0_05\bin\jsoundds.dll
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Java\jre1.6.0_05\bin\jureg.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Java\jre1.6.0_05\bin\keytool.exe
C:\Program Files\Java\jre1.6.0_05\bin\kinit.exe
C:\Program Files\Java\jre1.6.0_05\bin\klist.exe
C:\Program Files\Java\jre1.6.0_05\bin\ktab.exe
C:\Program Files\Java\jre1.6.0_05\bin\management.dll
C:\Program Files\Java\jre1.6.0_05\bin\mlib_image.dll
C:\Program Files\Java\jre1.6.0_05\bin\msvcr71.dll
C:\Program Files\Java\jre1.6.0_05\bin\net.dll
C:\Program Files\Java\jre1.6.0_05\bin\nio.dll
C:\Program Files\Java\jre1.6.0_05\bin\npjava11.dll
C:\Program Files\Java\jre1.6.0_05\bin\npjava12.dll
C:\Program Files\Java\jre1.6.0_05\bin\npjava13.dll
C:\Program Files\Java\jre1.6.0_05\bin\npjava14.dll
C:\Program Files\Java\jre1.6.0_05\bin\npjava32.dll
C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
C:\Program Files\Java\jre1.6.0_05\bin\npoji610.dll
C:\Program Files\Java\jre1.6.0_05\bin\npt.dll
C:\Program Files\Java\jre1.6.0_05\bin\orbd.exe
C:\Program Files\Java\jre1.6.0_05\bin\pack200.exe
C:\Program Files\Java\jre1.6.0_05\bin\policytool.exe
C:\Program Files\Java\jre1.6.0_05\bin\regutils.dll
C:\Program Files\Java\jre1.6.0_05\bin\rmi.dll
C:\Program Files\Java\jre1.6.0_05\bin\rmid.exe
C:\Program Files\Java\jre1.6.0_05\bin\rmiregistry.exe
C:\Program Files\Java\jre1.6.0_05\bin\servertool.exe
C:\Program Files\Java\jre1.6.0_05\bin\splashscreen.dll
C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_05\bin\sunmscapi.dll
C:\Program Files\Java\jre1.6.0_05\bin\tnameserv.exe
C:\Program Files\Java\jre1.6.0_05\bin\unpack.dll
C:\Program Files\Java\jre1.6.0_05\bin\unpack200.exe
C:\Program Files\Java\jre1.6.0_05\bin\verify.dll
C:\Program Files\Java\jre1.6.0_05\bin\w2k_lsa_auth.dll
C:\Program Files\Java\jre1.6.0_05\bin\wsdetect.dll
C:\Program Files\Java\jre1.6.0_05\bin\zip.dll
C:\Program Files\Java\jre1.6.0_05\COPYRIGHT
C:\Program Files\Java\jre1.6.0_05\lib\calendars.properties
C:\Program Files\Java\jre1.6.0_05\lib\charsets.jar
C:\Program Files\Java\jre1.6.0_05\lib\classlist
C:\Program Files\Java\jre1.6.0_05\lib\cmm\CIEXYZ.pf
C:\Program Files\Java\jre1.6.0_05\lib\cmm\GRAY.pf
C:\Program Files\Java\jre1.6.0_05\lib\cmm\LINEAR_RGB.pf
C:\Program Files\Java\jre1.6.0_05\lib\cmm\sRGB.pf
C:\Program Files\Java\jre1.6.0_05\lib\content-types.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy.jar
C:\Program Files\Java\jre1.6.0_05\lib\deploy\ffjcext.zip
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_de.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_es.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_fr.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_it.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_ja.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_ko.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_sv.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_zh_CN.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_zh_HK.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\messages_zh_TW.properties
C:\Program Files\Java\jre1.6.0_05\lib\deploy\splash.jpg
C:\Program Files\Java\jre1.6.0_05\lib\ext\dnsns.jar
C:\Program Files\Java\jre1.6.0_05\lib\ext\localedata.jar
C:\Program Files\Java\jre1.6.0_05\lib\ext\meta-index
C:\Program Files\Java\jre1.6.0_05\lib\ext\sunjce_provider.jar
C:\Program Files\Java\jre1.6.0_05\lib\ext\sunmscapi.jar
C:\Program Files\Java\jre1.6.0_05\lib\ext\sunpkcs11.jar
C:\Program Files\Java\jre1.6.0_05\lib\flavormap.properties
C:\Program Files\Java\jre1.6.0_05\lib\fontconfig.98.bfc
C:\Program Files\Java\jre1.6.0_05\lib\fontconfig.98.properties.src
C:\Program Files\Java\jre1.6.0_05\lib\fontconfig.bfc
C:\Program Files\Java\jre1.6.0_05\lib\fontconfig.properties.src
C:\Program Files\Java\jre1.6.0_05\lib\fonts\LucidaSansRegular.ttf
C:\Program Files\Java\jre1.6.0_05\lib\i386\jvm.cfg
C:\Program Files\Java\jre1.6.0_05\lib\im\indicim.jar
C:\Program Files\Java\jre1.6.0_05\lib\im\thaiim.jar
C:\Program Files\Java\jre1.6.0_05\lib\images\cursors\cursors.properties
C:\Program Files\Java\jre1.6.0_05\lib\images\cursors\invalid32x32.gif
C:\Program Files\Java\jre1.6.0_05\lib\images\cursors\win32_CopyDrop32x32.gif
C:\Program Files\Java\jre1.6.0_05\lib\images\cursors\win32_CopyNoDrop32x32.gif
C:\Program Files\Java\jre1.6.0_05\lib\images\cursors\win32_LinkDrop32x32.gif
C:\Program Files\Java\jre1.6.0_05\lib\images\cursors\win32_LinkNoDrop32x32.gif
C:\Program Files\Java\jre1.6.0_05\lib\images\cursors\win32_MoveDrop32x32.gif
C:\Program Files\Java\jre1.6.0_05\lib\images\cursors\win32_MoveNoDrop32x32.gif
C:\Program Files\Java\jre1.6.0_05\lib\javaws.jar
C:\Program Files\Java\jre1.6.0_05\lib\jce.jar
C:\Program Files\Java\jre1.6.0_05\lib\jsse.jar
C:\Program Files\Java\jre1.6.0_05\lib\jvm.hprof.txt
C:\Program Files\Java\jre1.6.0_05\lib\logging.properties
C:\Program Files\Java\jre1.6.0_05\lib\management-agent.jar
C:\Program Files\Java\jre1.6.0_05\lib\management\jmxremote.access
C:\Program Files\Java\jre1.6.0_05\lib\management\jmxremote.password.template
C:\Program Files\Java\jre1.6.0_05\lib\management\management.properties
C:\Program Files\Java\jre1.6.0_05\lib\management\snmp.acl.template
C:\Program Files\Java\jre1.6.0_05\lib\meta-index
C:\Program Files\Java\jre1.6.0_05\lib\net.properties
C:\Program Files\Java\jre1.6.0_05\lib\plugin.jar
C:\Program Files\Java\jre1.6.0_05\lib\psfont.properties.ja
C:\Program Files\Java\jre1.6.0_05\lib\psfontj2d.properties
C:\Program Files\Java\jre1.6.0_05\lib\resources.jar
C:\Program Files\Java\jre1.6.0_05\lib\rt.jar
C:\Program Files\Java\jre1.6.0_05\lib\security\cacerts
C:\Program Files\Java\jre1.6.0_05\lib\security\java.policy
C:\Program Files\Java\jre1.6.0_05\lib\security\java.security
C:\Program Files\Java\jre1.6.0_05\lib\security\javaws.policy
C:\Program Files\Java\jre1.6.0_05\lib\security\local_policy.jar
C:\Program Files\Java\jre1.6.0_05\lib\security\US_export_policy.jar
C:\Program Files\Java\jre1.6.0_05\lib\servicetag\jdk_header.png
C:\Program Files\Java\jre1.6.0_05\lib\sound.properties
C:\Program Files\Java\jre1.6.0_05\lib\tzmappings
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Abidjan
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Accra
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Addis_Ababa
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Algiers
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Asmara
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Bamako
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Bangui
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Banjul
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Bissau
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Blantyre
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Brazzaville
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Bujumbura
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Cairo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Casablanca
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Ceuta
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Conakry
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Dakar
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Dar_es_Salaam
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Djibouti
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Douala
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\El_Aaiun
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Freetown
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Gaborone
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Harare
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Johannesburg
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Kampala
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Khartoum
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Kigali
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Kinshasa
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Lagos
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Libreville
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Lome
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Luanda
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Lubumbashi
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Lusaka
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Malabo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Maputo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Maseru
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Mbabane
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Mogadishu
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Monrovia
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Nairobi
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Ndjamena
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Niamey
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Nouakchott
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Ouagadougou
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Porto-Novo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Sao_Tome
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Tripoli
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Tunis
C:\Program Files\Java\jre1.6.0_05\lib\zi\Africa\Windhoek
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Adak
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Anchorage
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Anguilla
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Antigua
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Araguaina
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\Buenos_Aires
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\Catamarca
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\Cordoba
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\Jujuy
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\La_Rioja
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\Mendoza
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\Rio_Gallegos
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\San_Juan
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\Tucuman
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Argentina\Ushuaia
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Aruba
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Asuncion
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Atikokan
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Bahia
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Barbados
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Belem
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Belize
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Blanc-Sablon
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Boa_Vista
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Bogota
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Boise
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Cambridge_Bay
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Campo_Grande
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Cancun
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Caracas
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Cayenne
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Cayman
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Chicago
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Chihuahua
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Costa_Rica
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Cuiaba
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Curacao
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Danmarkshavn
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Dawson
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Dawson_Creek
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Denver
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Detroit
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Dominica
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Edmonton
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Eirunepe
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\El_Salvador
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Fortaleza
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Glace_Bay
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Godthab
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Goose_Bay
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Grand_Turk
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Grenada
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Guadeloupe
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Guatemala
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Guayaquil
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Guyana
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Halifax
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Havana
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Hermosillo
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana\Indianapolis
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana\Knox
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana\Marengo
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana\Petersburg
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana\Tell_City
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana\Vevay
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana\Vincennes
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Indiana\Winamac
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Inuvik
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Iqaluit
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Jamaica
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Juneau
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Kentucky\Louisville
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Kentucky\Monticello
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\La_Paz
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Lima
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Los_Angeles
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Maceio
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Managua
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Manaus
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Martinique
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Mazatlan
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Menominee
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Merida
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Mexico_City
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Miquelon
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Moncton
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Monterrey
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Montevideo
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Montreal
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Montserrat
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Nassau
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\New_York
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Nipigon
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Nome
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Noronha
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\North_Dakota\Center
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\North_Dakota\New_Salem
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Panama
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Pangnirtung
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Paramaribo
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Phoenix
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Port-au-Prince
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Port_of_Spain
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Porto_Velho
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Puerto_Rico
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Rainy_River
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Rankin_Inlet
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Recife
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Regina
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Resolute
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Rio_Branco
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Santiago
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Santo_Domingo
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Sao_Paulo
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Scoresbysund
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\St_Johns
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\St_Kitts
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\St_Lucia
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\St_Thomas
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\St_Vincent
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Swift_Current
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Tegucigalpa
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Thule
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Thunder_Bay
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Tijuana
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Toronto
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Tortola
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Vancouver
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Whitehorse
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Winnipeg
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Yakutat
C:\Program Files\Java\jre1.6.0_05\lib\zi\America\Yellowknife
C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica\Casey
C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica\Davis
C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica\DumontDUrville
C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica\Mawson
C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica\McMurdo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica\Palmer
C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica\Rothera
C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica\Syowa
C:\Program Files\Java\jre1.6.0_05\lib\zi\Antarctica\Vostok
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Aden
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Almaty
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Amman
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Anadyr
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Aqtau
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Aqtobe
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Ashgabat
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Baghdad
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Bahrain
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Baku
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Bangkok
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Beirut
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Bishkek
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Brunei
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Calcutta
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Choibalsan
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Chongqing
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Colombo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Damascus
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Dhaka
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Dili
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Dubai
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Dushanbe
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Gaza
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Harbin
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Hong_Kong
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Hovd
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Irkutsk
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Jakarta
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Jayapura
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Jerusalem
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Kabul
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Kamchatka
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Karachi
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Kashgar
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Katmandu
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Krasnoyarsk
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Kuala_Lumpur
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Kuching
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Kuwait
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Macau
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Magadan
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Makassar
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Manila
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Muscat
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Nicosia
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Novosibirsk
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Omsk
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Oral
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Phnom_Penh
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Pontianak
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Pyongyang
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Qatar
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Qyzylorda
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Rangoon
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Riyadh
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Riyadh87
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Riyadh88
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Riyadh89
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Saigon
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Sakhalin
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Samarkand
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Seoul
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Shanghai
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Singapore
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Taipei
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Tashkent
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Tbilisi
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Tehran
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Thimphu
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Tokyo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Ulaanbaatar
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Urumqi
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Vientiane
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Vladivostok
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Yakutsk
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Yekaterinburg
C:\Program Files\Java\jre1.6.0_05\lib\zi\Asia\Yerevan
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\Azores
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\Bermuda
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\Canary
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\Cape_Verde
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\Faroe
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\Madeira
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\Reykjavik
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\South_Georgia
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\St_Helena
C:\Program Files\Java\jre1.6.0_05\lib\zi\Atlantic\Stanley
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Adelaide
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Brisbane
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Broken_Hill
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Currie
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Darwin
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Eucla
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Hobart
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Lindeman
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Lord_Howe
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Melbourne
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Perth
C:\Program Files\Java\jre1.6.0_05\lib\zi\Australia\Sydney
C:\Program Files\Java\jre1.6.0_05\lib\zi\CET
C:\Program Files\Java\jre1.6.0_05\lib\zi\CST6CDT
C:\Program Files\Java\jre1.6.0_05\lib\zi\EET
C:\Program Files\Java\jre1.6.0_05\lib\zi\EST
C:\Program Files\Java\jre1.6.0_05\lib\zi\EST5EDT
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-1
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-10
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-11
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-12
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-13
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-14
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-2
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-3
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-4
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-5
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-6
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-7
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-8
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT-9
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\GMT
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\UCT
C:\Program Files\Java\jre1.6.0_05\lib\zi\Etc\UTC
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Amsterdam
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Andorra
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Athens
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Belgrade
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Berlin
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Brussels
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Bucharest
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Budapest
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Chisinau
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Copenhagen
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Dublin
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Gibraltar
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Helsinki
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Istanbul
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Kaliningrad
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Kiev
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Lisbon
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\London
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Luxembourg
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Madrid
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Malta
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Minsk
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Monaco
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Moscow
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Oslo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Paris
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Prague
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Riga
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Rome
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Samara
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Simferopol
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Sofia
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Stockholm
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Tallinn
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Tirane
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Uzhgorod
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Vaduz
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Vienna
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Vilnius
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Volgograd
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Warsaw
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Zaporozhye
C:\Program Files\Java\jre1.6.0_05\lib\zi\Europe\Zurich
C:\Program Files\Java\jre1.6.0_05\lib\zi\GMT
C:\Program Files\Java\jre1.6.0_05\lib\zi\HST
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Antananarivo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Chagos
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Christmas
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Cocos
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Comoro
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Kerguelen
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Mahe
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Maldives
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Mauritius
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Mayotte
C:\Program Files\Java\jre1.6.0_05\lib\zi\Indian\Reunion
C:\Program Files\Java\jre1.6.0_05\lib\zi\MET
C:\Program Files\Java\jre1.6.0_05\lib\zi\MST
C:\Program Files\Java\jre1.6.0_05\lib\zi\MST7MDT
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Apia
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Auckland
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Chatham
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Easter
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Efate
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Enderbury
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Fakaofo
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Fiji
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Funafuti
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Galapagos
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Gambier
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Guadalcanal
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Guam
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Honolulu
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Johnston
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Kiritimati
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Kosrae
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Kwajalein
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Majuro
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Marquesas
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Midway
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Nauru
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Niue
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Norfolk
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Noumea
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Pago_Pago
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Palau
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Pitcairn
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Ponape
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Port_Moresby
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Rarotonga
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Saipan
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Tahiti
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Tarawa
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Tongatapu
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Truk
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Wake
C:\Program Files\Java\jre1.6.0_05\lib\zi\Pacific\Wallis
C:\Program Files\Java\jre1.6.0_05\lib\zi\PST8PDT
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\AST4
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\AST4ADT
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\CST6
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\CST6CDT
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\EST5
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\EST5EDT
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\HST10
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\MST7
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\MST7MDT
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\PST8
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\PST8PDT
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\YST9
C:\Program Files\Java\jre1.6.0_05\lib\zi\SystemV\YST9YDT
C:\Program Files\Java\jre1.6.0_05\lib\zi\WET
C:\Program Files\Java\jre1.6.0_05\lib\zi\ZoneInfoMappings
C:\Program Files\Java\jre1.6.0_05\LICENSE
C:\Program Files\Java\jre1.6.0_05\PATCH.ERR
C:\Program Files\Java\jre1.6.0_05\README.txt
C:\Program Files\Java\jre1.6.0_05\THIRDPARTYLICENSEREADME.txt
C:\Program Files\Java\jre1.6.0_05\Welcome.html

.
((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-06 14:04 . 2008-08-06 14:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-06 14:04 . 2008-08-06 14:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-06 12:58 . 2008-08-06 12:58 32,549 --a------ C:\WINDOWS\king-uninstall.exe
2008-08-05 23:58 . 2008-08-05 23:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-08-05 23:58 . 2008-08-05 23:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-05 23:57 . 2008-08-05 23:57 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-05 23:40 . 2008-08-05 23:40 <DIR> d-------- C:\Program Files\Sun
2008-08-05 20:35 . 2008-08-05 20:35 <DIR> d-------- C:\Deckard
2008-08-05 20:01 . 2008-08-05 20:01 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-05 20:01 . 2008-08-05 20:01 <DIR> d-------- C:\Documents and Settings\savannae\Application Data\Malwarebytes
2008-08-05 20:01 . 2008-08-05 20:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-05 20:01 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-05 20:01 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 13:43 . 2008-08-04 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-08-04 11:57 . 2008-08-04 11:57 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-30 21:05 . 2008-08-03 01:51 <DIR> d-------- C:\Program Files\SpeedFan
2008-07-30 21:05 . 2008-07-30 21:05 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-07-23 13:52 . 2008-07-23 13:52 <DIR> d-------- C:\Documents and Settings\savannae\Tracing
2008-07-23 13:51 . 2008-07-23 13:51 <DIR> d-------- C:\Program Files\DIFX
2008-07-23 13:51 . 2008-03-27 00:00 84,992 --a------ C:\WINDOWS\system32\lmdimon8.dll
2008-07-23 13:50 . 2008-07-23 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Applications

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 02:52 --------- d-----w C:\Program Files\Java
2008-08-06 21:15 --------- d-----w C:\Documents and Settings\savannae\Application Data\Corel
2008-08-06 21:04 2,828 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-08-06 21:02 --------- d-----w C:\Documents and Settings\savannae\Application Data\Image Zone Express
2008-08-06 06:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 06:30 --------- d-----w C:\Program Files\LimeWire
2008-08-06 06:29 --------- d-----w C:\Documents and Settings\savannae\Application Data\Lavasoft
2008-08-04 20:48 --------- d-----w C:\Documents and Settings\savannae\Application Data\LimeWire
2008-08-04 18:56 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-31 21:17 --------- d-----w C:\Program Files\PC-Doctor for Windows
2008-07-04 11:12 316,672 ----a-w C:\WINDOWS\KingComIE.dll
2008-06-13 21:08 --------- d-----w C:\Documents and Settings\savannae\Application Data\IMVU
2008-06-13 20:58 --------- d-----w C:\Program Files\IMVU
2008-06-12 15:07 --------- d-----w C:\Program Files\SecondLife
2008-06-09 21:28 --------- d-----w C:\Program Files\MSECache
2008-05-16 18:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-08-03 14:31 44,624 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2007-08-03 14:31 108,192 ----a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
2007-09-28 02:33 88 --sh--r C:\WINDOWS\system32\25FEC80BA4.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Client Access Service"="C:\Program Files\IBM\Client Access\cwbsvstr.exe" [2005-06-05 05:30 20480]
"Client Access Help Update"="C:\Program Files\IBM\Client Access\cwbinhlp.exe" [2005-06-05 05:30 24576]
"Client Access Check Version"="C:\Program Files\IBM\Client Access\cwbckver.exe" [2005-06-05 05:30 45106]
"Client Access Express Welcome"="C:\Program Files\IBM\Client Access\cwbwlwiz.exe" [2005-06-05 05:30 20480]
"Client Access PC5250 Sound"="C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe" [2005-06-05 05:30 40960]
"Google IME Autoupdater"="C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe" [2008-01-07 03:15 251376]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 22:32 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-18 02:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 22:32 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2007-10-02 12:34 356429]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2006-04-09 20:59 24674 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=PST_disable.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\1]
"Script"=addlocaladmins.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4069712820-383745501-364879-10025\Scripts\Logon\0\0]
"Script"=WSC_LogIn.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-4069712820-383745501-364879-10025\Scripts\Logon\1\0]
"Script"=pushprinterconnections.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-03-20 17:34 213936 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
--a------ 2007-10-02 12:34 356429 C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer (demo) Agent]
--a------ 2007-10-22 00:45 94208 C:\Program Files\Smart PDF Creator\sspdfagentd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartSoft PDF Printer (demo) virtual printer agent]
--a------ 2007-10-22 00:45 94208 C:\Program Files\Smart PDF Creator\sspdfagentd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
--a------ 2002-03-14 16:46 45056 C:\WINDOWS\system32\ico.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"tmlisten"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R1 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 20:58]
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2006-04-09 20:59]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 20:59]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2006-04-09 20:58]
R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 13:25]
S3 OnePointDomainAdminService;Active Directory Migration Agent;C:\WINDOWS\OnePointDomainAgent\DCTAgentService.exe [2005-09-20 08:20]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 14:28]
S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 10:57]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - WINVNC
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\savannae\Application Data\Mozilla\Firefox\Profiles\01hmx7fw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.packtrack.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 20:11:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-06 20:13:11
ComboFix-quarantined-files.txt 2008-08-07 03:12:54
ComboFix2.txt 2008-08-06 20:06:55

Pre-Run: 17,736,290,304 bytes free
Post-Run: 17,719,033,856 bytes free

748




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:17, on 2008-08-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.packtrack.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Program Files\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [Client Access Express Welcome] "C:\Program Files\IBM\Client Access\cwbwlwiz.exe"
O4 - HKLM\..\Run: [Client Access PC5250 Sound] "C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe"
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\savannae\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.wsc-plus.westmarine.net (HKLM)
O15 - ESC Trusted Zone: *.wsc-plus.westmarine.net (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188201923896
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1188201872015
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://4thgenerationsystems.webex.com/clie...ing/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\Software\..\Telephony: DomainName = westmarine.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{73648FD4-812F-48AA-BB4F-C4C023BE847E}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = westmarine.net
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = westmarine.net
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PatchLink Update - Patchlink Corporation - C:\Program Files\PatchLink\Update Agent\GRAVITIXSERVICE.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe (file missing)

--
End of file - 8346 bytes

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:10:17 PM

Posted 06 August 2008 - 11:55 PM

Let's look in a different place for signs.

Open HijackThis 2.0.2
Press the button 'View Misc Tools Section'
Press the button 'open uninstall manager'
Press the button 'save list'
Save it to your desktop.
Press Save. Save it your desktop.
A notepad file will open.
If no notepad opens then it will be on your desktop (where you saved it)
Post the content here in your reply.
Close HijackThis.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 okuuni

okuuni
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 07 August 2008 - 02:27 AM

Thank you, here is the list:

32 Bit HP CIO Components Installer
Access IBM
Access IBM Cleanup Utility
Access IBM Message Center
Access IBM Tools
Ad-Aware
Adobe Acrobat 5.0
Adobe Audition 3.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.9
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Bonjour
CamStudio
Check Point VPN-1 SecureClient NGX R60 HFA1
Chinese (Simplified) Language Support
CleanUp!
Compatibility Pack for the 2007 Office system
Corel Paint Shop Pro Photo XI
Easy GIF Animator 4.1
FAXCOM Suite for Windows Client
FTPEdit 3.10
Google Pinyin IME
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Homestead SiteBuilder
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
HP Photosmart Essential
HP Smart Web Printing 1.0
HP Update
HPSSupply
IBM iSeries Access for Windows
IBM iSeries Access for Windows SI18651
IBM Update Connector
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Connections Drivers
Intel® PROSet
InterVideo WinDVD 8
iTunes
Java DB 10.3.1.4
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Development Kit 6 Update 7
Java™ SE Runtime Environment 6 Update 1
king.com (remove only)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Journal Viewer
Microsoft XML 4.0 SP 2
Morpheus Photo Compressor v2.00
Mouse Suite
Mozilla Firefox (2.0.0.16)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
PatchLink Update Agent
QuickTime
Rapid PHP 2007 v8.31
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Smart PDF Creator 3.1.5
SoundMAX
SpeedFan (remove only)
ThinkCentre Wallpaper
Trend Micro OfficeScan Client
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
USB PC Camera (Vimicro301 Neptune)
VobSub v2.23 (Remove Only)
WebEx
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows NT Messaging
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
XviD MPEG4 Video Codec (remove only)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users