Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with GEN PAK 001


  • This topic is locked This topic is locked
3 replies to this topic

#1 frankmc98

frankmc98

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 29 November 2008 - 12:35 AM

My trend micro picked up on a virus infection known as GEN PAK 001 and can not quarentine it. Here are the logs that were generated by RSIT:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Frank McCaskill at 2008-11-28 23:19:03
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 103 GB (45%) free of 227 GB
Total RAM: 3837 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:08 PM, on 11/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Users\Frank McCaskill\AppData\Local\Temp\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
C:\Program Files (x86)\NewsBin\nbpro.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Users\Frank McCaskill\Desktop\RSIT.exe
C:\Users\Frank McCaskill\Desktop\Frank McCaskill.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [explore] C:\Windows\system32\explore.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\FRANKM~1\AppData\Local\Temp\efcYQHYQ.dll,#1
O4 - HKLM\..\Policies\Explorer\Run: [Sidebar] C:\Users\FRANKM~1\AppData\Local\Temp\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\STacSV64.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11753 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForFrank McCaskill.job
C:\Windows\tasks\User_Feed_Synchronization-{43A82972-0E2A-440C-A91F-FB1828CAEB41}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-12-24 222504]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-03-14 202032]
"QPService"=C:\Program Files (x86)\HP\QuickPlay\QPService.exe [2008-05-14 468264]
"explore"=C:\Windows\system32\explore.exe []
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2007-08-06 200704]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Sidebar"=C:\Users\FRANKM~1\AppData\Local\Temp\sidebar.exe [2008-11-13 19968]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1555968]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-02-15 842504]
"MsnMsgr"=C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"MSServer"=C:\Users\FRANKM~1\AppData\Local\Temp\efcYQHYQ.dll [2008-11-27 36352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15 70912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-11-20 488752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"=C:\Program Files (x86)\DVDIdle Pro\DVDShell.dll [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b65796fd-b1ff-11dd-9f51-001eecb93600}]
shell\AutoRun\command - F:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb24096e-ad51-11dd-8765-001eecb93600}]
shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb24097b-ad51-11dd-8765-001eecb93600}]
shell\AutoRun\command - G:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-11-28 23:18:17 ----D---- C:\rsit
2008-11-27 08:51:25 ----AD---- C:\ProgramData\TEMP
2008-11-27 08:49:32 ----D---- C:\Program Files (x86)\Boilsoft Video Joiner
2008-11-26 02:57:25 ----A---- C:\Windows\system32\connect.dll
2008-11-26 02:57:23 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-26 02:57:21 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-26 02:57:21 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-26 02:57:21 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-23 05:45:45 ----D---- C:\Program Files (x86)\Common Files\Apple
2008-11-23 05:45:40 ----D---- C:\Program Files (x86)\QuickTime
2008-11-23 05:45:39 ----D---- C:\ProgramData\Apple Computer
2008-11-23 05:43:50 ----D---- C:\Program Files (x86)\Apple Software Update
2008-11-23 05:43:49 ----D---- C:\ProgramData\Apple
2008-11-22 10:28:29 ----D---- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2008-11-22 10:28:22 ----A---- C:\Windows\system32\cdintf300.dll
2008-11-22 10:28:22 ----A---- C:\Windows\system32\acXMLParser.dll
2008-11-22 10:28:12 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Intuit
2008-11-22 10:28:03 ----D---- C:\Program Files (x86)\Common Files\Palo Alto Software
2008-11-22 10:27:56 ----D---- C:\Program Files (x86)\Common Files\Intuit
2008-11-22 10:27:50 ----D---- C:\Program Files (x86)\Quicken
2008-11-22 10:27:40 ----A---- C:\Windows\QUICKEN.INI
2008-11-22 10:27:18 ----D---- C:\ProgramData\Intuit
2008-11-22 10:21:53 ----D---- C:\Program Files (x86)\PowerISO
2008-11-20 22:48:45 ----D---- C:\Program Files (x86)\PowerTracks DirectX Plugins
2008-11-20 22:46:53 ----D---- C:\bb
2008-11-20 13:39:31 ----D---- C:\Program Files (x86)\Common Files\Macrovision Shared
2008-11-18 22:35:56 ----A---- C:\Windows\system32\wups.dll
2008-11-18 22:35:56 ----A---- C:\Windows\system32\wudriver.dll
2008-11-18 22:35:56 ----A---- C:\Windows\system32\wuapi.dll
2008-11-18 21:30:18 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Corel
2008-11-18 21:28:10 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Real
2008-11-18 21:26:28 ----D---- C:\ProgramData\Corel
2008-11-18 21:26:07 ----D---- C:\Program Files (x86)\InterVideo
2008-11-18 21:26:06 ----D---- C:\Program Files (x86)\Common Files\InterVideo
2008-11-18 21:26:05 ----D---- C:\Program Files (x86)\Common Files\Protexis
2008-11-18 21:25:14 ----D---- C:\Program Files (x86)\Corel
2008-11-18 21:23:39 ----D---- C:\Windows\{AEC0FEE6-3A76-44E1-97A2-5DA325DFC41C}
2008-11-18 21:23:16 ----A---- C:\Windows\system32\xactengine2_6.dll
2008-11-18 21:23:15 ----A---- C:\Windows\system32\xactengine2_5.dll
2008-11-18 21:23:15 ----A---- C:\Windows\system32\d3dx10.dll
2008-11-18 21:23:14 ----A---- C:\Windows\system32\d3dx9_32.dll
2008-11-18 21:23:13 ----A---- C:\Windows\system32\xinput1_3.dll
2008-11-18 21:23:13 ----A---- C:\Windows\system32\xactengine2_4.dll
2008-11-18 21:23:13 ----A---- C:\Windows\system32\x3daudio1_1.dll
2008-11-18 21:23:12 ----A---- C:\Windows\system32\xinput1_2.dll
2008-11-18 21:23:12 ----A---- C:\Windows\system32\xactengine2_3.dll
2008-11-18 21:23:12 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-11-18 21:23:11 ----A---- C:\Windows\system32\xinput1_1.dll
2008-11-18 21:23:11 ----A---- C:\Windows\system32\xactengine2_2.dll
2008-11-18 21:23:10 ----A---- C:\Windows\system32\xactengine2_1.dll
2008-11-18 21:23:01 ----A---- C:\Windows\system32\xactengine2_0.dll
2008-11-18 21:23:01 ----A---- C:\Windows\system32\x3daudio1_0.dll
2008-11-18 21:23:00 ----A---- C:\Windows\system32\d3dx9_29.dll
2008-11-18 21:22:59 ----A---- C:\Windows\system32\d3dx9_28.dll
2008-11-18 21:22:59 ----A---- C:\Windows\system32\d3dx9_27.dll
2008-11-18 21:22:58 ----A---- C:\Windows\system32\d3dx9_26.dll
2008-11-18 21:22:58 ----A---- C:\Windows\system32\d3dx9_25.dll
2008-11-18 21:22:57 ----A---- C:\Windows\system32\d3dx9_24.dll
2008-11-18 17:45:18 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\DivX
2008-11-18 04:21:36 ----A---- C:\Windows\system32\wuwebv.dll
2008-11-18 04:21:36 ----A---- C:\Windows\system32\wuapp.exe
2008-11-17 23:24:56 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Mozilla
2008-11-17 23:21:05 ----D---- C:\Program Files (x86)\Mozilla Firefox
2008-11-16 22:23:18 ----D---- C:\Program Files (x86)\EA GAMES
2008-11-16 18:32:36 ----D---- C:\ProgramData\LightScribe
2008-11-16 18:30:59 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Nero
2008-11-16 18:02:33 ----D---- C:\Program Files (x86)\Nero
2008-11-16 18:02:04 ----D---- C:\ProgramData\Nero
2008-11-16 18:02:03 ----D---- C:\Program Files (x86)\Common Files\Nero
2008-11-16 18:01:46 ----A---- C:\Windows\system32\d3dx9_30.dll
2008-11-16 18:01:22 ----D---- C:\Program Files (x86)\Common Files\LightScribe
2008-11-16 17:18:05 ----D---- C:\ProgramData\FLEXnet
2008-11-16 15:21:21 ----D---- C:\Program Files (x86)\Common Files\Ahead
2008-11-16 14:41:07 ----A---- C:\dvdlog.txt
2008-11-16 14:41:04 ----D---- C:\TempDVD
2008-11-16 14:40:57 ----D---- C:\Program Files (x86)\dvdSanta
2008-11-15 12:38:26 ----D---- C:\Program Files (x86)\DVD Decrypter
2008-11-15 12:35:00 ----A---- C:\Windows\system32\NMSDVDXU.dll
2008-11-15 12:34:59 ----A---- C:\Windows\system32\viscomwave.dll
2008-11-15 12:34:59 ----A---- C:\Windows\system32\VB5DB.DLL
2008-11-15 12:34:59 ----A---- C:\Windows\system32\msvcr70.dll
2008-11-15 12:34:59 ----A---- C:\Windows\system32\FoxImager.dll
2008-11-14 09:28:40 ----D---- C:\Program Files (x86)\QuickPar
2008-11-13 21:51:45 ----A---- C:\Windows\DCEBoot64.exe
2008-11-13 05:46:46 ----D---- C:\Program Files (x86)\AC3Filter
2008-11-12 23:56:29 ----D---- C:\Program Files (x86)\DivX
2008-11-12 23:46:13 ----D---- C:\Program Files (x86)\Tag Support Plugin for Media Player
2008-11-12 23:43:13 ----D---- C:\Program Files (x86)\illiminable
2008-11-11 23:36:37 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\HP
2008-11-11 22:48:14 ----D---- C:\Program Files (x86)\FLAC
2008-11-11 22:07:51 ----SHDC---- C:\Program Files (x86)\Common Files\WindowsLiveInstaller
2008-11-11 22:07:38 ----D---- C:\Program Files (x86)\Windows Live
2008-11-11 22:07:26 ----D---- C:\ProgramData\WLInstaller
2008-11-11 12:31:25 ----A---- C:\Windows\system32\msxml3.dll
2008-11-11 12:31:23 ----A---- C:\Windows\system32\msxml6.dll
2008-11-11 11:02:19 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\WinRAR
2008-11-11 03:00:51 ----A---- C:\Windows\system32\msshooks.dll
2008-11-11 03:00:51 ----A---- C:\Windows\system32\msscb.dll
2008-11-11 03:00:51 ----A---- C:\Windows\system32\mimefilt.dll
2008-11-11 03:00:49 ----A---- C:\Windows\system32\thawbrkr.dll
2008-11-11 03:00:49 ----A---- C:\Windows\system32\SearchFilterHost.exe
2008-11-11 03:00:49 ----A---- C:\Windows\system32\propdefs.dll
2008-11-11 03:00:49 ----A---- C:\Windows\system32\msstrc.dll
2008-11-11 03:00:49 ----A---- C:\Windows\system32\mssprxy.dll
2008-11-11 03:00:49 ----A---- C:\Windows\system32\mssitlb.dll
2008-11-11 03:00:49 ----A---- C:\Windows\system32\msshsq.dll
2008-11-11 03:00:49 ----A---- C:\Windows\system32\chsbrkr.dll
2008-11-11 03:00:48 ----A---- C:\Windows\system32\propsys.dll
2008-11-11 03:00:48 ----A---- C:\Windows\system32\offfilt.dll
2008-11-11 03:00:48 ----A---- C:\Windows\system32\korwbrkr.dll
2008-11-11 03:00:47 ----A---- C:\Windows\system32\xmlfilter.dll
2008-11-11 03:00:47 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2008-11-11 03:00:47 ----A---- C:\Windows\system32\rtffilt.dll
2008-11-11 03:00:47 ----A---- C:\Windows\system32\nlhtml.dll
2008-11-11 03:00:47 ----A---- C:\Windows\system32\mssphtb.dll
2008-11-11 03:00:47 ----A---- C:\Windows\system32\mssph.dll
2008-11-11 03:00:47 ----A---- C:\Windows\system32\msscntrs.dll
2008-11-11 03:00:47 ----A---- C:\Windows\system32\chtbrkr.dll
2008-11-11 03:00:46 ----A---- C:\Windows\system32\tquery.dll
2008-11-11 03:00:46 ----A---- C:\Windows\system32\SearchIndexer.exe
2008-11-11 03:00:46 ----A---- C:\Windows\system32\mssvp.dll
2008-11-11 03:00:46 ----A---- C:\Windows\system32\mssrch.dll
2008-11-11 03:00:32 ----D---- C:\Program Files (x86)\MSXML 4.0
2008-11-10 21:45:38 ----D---- C:\Program Files (x86)\DVDIdle Pro
2008-11-10 21:32:12 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\NewsBin
2008-11-10 21:32:12 ----D---- C:\ProgramData\NewsBin
2008-11-10 21:32:11 ----D---- C:\Program Files (x86)\NewsBin
2008-11-10 21:11:23 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\LimeWire
2008-11-10 21:10:59 ----D---- C:\Program Files (x86)\LimeWire
2008-11-10 21:04:21 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Thinstall
2008-11-10 20:16:44 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\BSplayer PRO
2008-11-10 20:16:43 ----D---- C:\Program Files (x86)\Webteh
2008-11-10 14:45:19 ----D---- C:\ComboFix
2008-11-10 14:45:19 ----A---- C:\Windows\system32\CF1725.exe
2008-11-10 14:45:18 ----A---- C:\Windows\system32\swsc.exe
2008-11-10 14:45:16 ----A---- C:\Bug.txt
2008-11-10 14:45:14 ----A---- C:\Windows\system32\cmd.execf
2008-11-10 14:02:39 ----D---- C:\ProgramData\Trend Micro
2008-11-10 13:48:14 ----D---- C:\Program Files (x86)\WinRAR
2008-11-10 13:42:35 ----D---- C:\Program Files (x86)\DAMN NFO Viewer
2008-11-10 13:38:51 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\CyberLink
2008-11-10 13:30:26 ----A---- C:\Windows\system32\Faultrep.dll
2008-11-08 16:31:57 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\vlc
2008-11-08 16:31:08 ----D---- C:\Program Files (x86)\VideoLAN
2008-11-08 16:15:01 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\IrfanView
2008-11-08 16:15:01 ----D---- C:\Program Files (x86)\IrfanView
2008-11-07 23:46:17 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Macromedia
2008-11-07 23:46:15 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Adobe
2008-11-07 11:02:09 ----D---- C:\ProgramData\Geek Squad
2008-11-07 11:00:31 ----A---- C:\Windows\system32\netapi32.dll
2008-11-07 10:59:07 ----A---- C:\Windows\system32\shell32.dll
2008-11-07 10:57:58 ----A---- C:\Windows\system32\win32spl.dll
2008-11-07 10:55:55 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-11-07 10:55:54 ----A---- C:\Windows\system32\gameux.dll
2008-11-07 10:55:53 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-11-07 10:52:56 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-11-07 10:52:54 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-11-07 10:52:41 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-07 10:47:59 ----A---- C:\Windows\system32\inetcomm.dll
2008-11-07 10:47:05 ----A---- C:\Windows\system32\es.dll
2008-11-07 10:46:00 ----A---- C:\Windows\system32\tzres.dll
2008-11-07 10:44:51 ----A---- C:\Windows\system32\winipsec.dll
2008-11-07 10:44:51 ----A---- C:\Windows\system32\polstore.dll
2008-11-07 10:44:51 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-11-07 10:42:52 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-07 10:41:03 ----A---- C:\Windows\system32\wshext.dll
2008-11-07 10:41:03 ----A---- C:\Windows\system32\wscript.exe
2008-11-07 10:41:03 ----A---- C:\Windows\system32\vbscript.dll
2008-11-07 10:41:03 ----A---- C:\Windows\system32\scrrun.dll
2008-11-07 10:41:03 ----A---- C:\Windows\system32\scrobj.dll
2008-11-07 10:41:03 ----A---- C:\Windows\system32\jscript.dll
2008-11-07 10:41:03 ----A---- C:\Windows\system32\cscript.exe
2008-11-07 10:40:13 ----A---- C:\Windows\system32\dataclen.dll
2008-11-07 10:38:38 ----A---- C:\Windows\system32\wshrm.dll
2008-11-07 10:37:23 ----A---- C:\Windows\system32\psisdecd.dll
2008-11-07 10:37:21 ----A---- C:\Windows\system32\EncDec.dll
2008-11-07 10:36:23 ----A---- C:\Windows\system32\traffic.dll
2008-11-07 10:36:23 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-07 10:36:22 ----A---- C:\Windows\system32\wshqos.dll
2008-11-07 10:36:22 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-07 10:35:30 ----A---- C:\Windows\system32\quartz.dll
2008-11-07 10:33:25 ----A---- C:\Windows\system32\mstime.dll
2008-11-07 10:33:24 ----A---- C:\Windows\system32\urlmon.dll
2008-11-07 10:33:24 ----A---- C:\Windows\system32\iertutil.dll
2008-11-07 10:33:22 ----A---- C:\Windows\system32\mshtml.dll
2008-11-07 10:33:21 ----A---- C:\Windows\system32\wininet.dll
2008-11-07 10:33:21 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-07 10:33:12 ----A---- C:\Windows\system32\ieframe.dll
2008-11-07 10:32:28 ----A---- C:\Updates.txt
2008-11-06 22:34:26 ----D---- C:\Temp
2008-11-06 22:13:21 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Symantec
2008-11-06 22:12:48 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\ATI
2008-11-06 22:12:16 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Identities
2008-11-06 22:11:53 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\hewlett-packard
2008-11-06 22:09:11 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\HP TCS
2008-11-06 22:08:09 ----D---- C:\ProgramData\Viewpoint
2008-11-06 22:08:08 ----D---- C:\Program Files (x86)\Viewpoint
2008-11-06 22:07:54 ----D---- C:\ProgramData\AOL OCP
2008-11-06 22:07:54 ----D---- C:\ProgramData\AOL
2008-11-06 22:07:35 ----D---- C:\Program Files (x86)\Common Files\AOL
2008-11-06 22:03:45 ----SD---- C:\Users\Frank McCaskill\AppData\Roaming\Microsoft
2008-11-06 22:03:45 ----D---- C:\Users\Frank McCaskill\AppData\Roaming\Media Center Programs

======List of files/folders modified in the last 1 months======

2008-11-28 23:19:01 ----D---- C:\Windows\Temp
2008-11-28 23:18:22 ----D---- C:\Windows\Prefetch
2008-11-28 21:41:00 ----D---- C:\Windows\System32
2008-11-28 08:05:42 ----D---- C:\Windows\SysWOW64
2008-11-27 08:51:25 ----HD---- C:\ProgramData
2008-11-27 08:49:32 ----RD---- C:\Program Files (x86)
2008-11-27 08:35:31 ----D---- C:\Windows\inf
2008-11-26 03:05:02 ----D---- C:\Windows\winsxs
2008-11-26 03:04:59 ----SHD---- C:\Windows\Installer
2008-11-26 03:04:57 ----D---- C:\ProgramData\Microsoft Help
2008-11-26 03:03:01 ----RSD---- C:\Windows\assembly
2008-11-26 03:02:08 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2008-11-23 05:45:45 ----D---- C:\Program Files (x86)\Common Files
2008-11-22 10:28:29 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2008-11-22 10:27:40 ----D---- C:\Windows
2008-11-21 15:46:09 ----D---- C:\Windows\Tasks
2008-11-20 22:48:30 ----D---- C:\Windows\system
2008-11-20 13:37:59 ----D---- C:\Program Files (x86)\Common Files\Adobe
2008-11-20 13:34:33 ----RSD---- C:\Windows\Fonts
2008-11-20 13:33:08 ----D---- C:\ProgramData\Adobe
2008-11-20 10:00:35 ----D---- C:\Windows\rescache
2008-11-20 09:43:55 ----D---- C:\Windows\system32\en-US
2008-11-18 21:27:34 ----D---- C:\Program Files (x86)\Internet Explorer
2008-11-18 21:23:04 ----D---- C:\Windows\Microsoft.NET
2008-11-18 00:10:55 ----D---- C:\Windows\system32\drivers
2008-11-16 17:09:15 ----D---- C:\Program Files (x86)\Adobe
2008-11-16 15:53:44 ----RD---- C:\Program Files
2008-11-12 23:46:17 ----SD---- C:\ProgramData\Microsoft
2008-11-11 23:36:37 ----D---- C:\ProgramData\HP
2008-11-11 22:20:59 ----D---- C:\ProgramData\CyberLink
2008-11-11 18:54:20 ----D---- C:\Windows\Registration
2008-11-11 13:09:03 ----SD---- C:\Windows\Downloaded Program Files
2008-11-11 03:06:37 ----D---- C:\Windows\PolicyDefinitions
2008-11-11 03:06:36 ----D---- C:\Program Files (x86)\Windows Mail
2008-11-08 16:08:10 ----D---- C:\Windows\Logs
2008-11-07 22:56:27 ----D---- C:\Windows\Debug
2008-11-07 11:07:41 ----D---- C:\Windows\SoftwareDistribution
2008-11-07 11:03:47 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2008-11-07 11:02:34 ----D---- C:\Windows\ehome
2008-11-07 11:02:34 ----D---- C:\Windows\AppPatch
2008-11-07 10:31:15 ----D---- C:\Program Files (x86)\Yahoo!
2008-11-07 10:29:03 ----SHD---- C:\System Volume Information
2008-11-07 10:18:18 ----D---- C:\Windows\SMINST
2008-11-07 08:20:15 ----D---- C:\ProgramData\Symantec
2008-11-07 04:48:31 ----D---- C:\Windows\panther
2008-11-06 22:12:42 ----SHD---- C:\$RECYCLE.BIN
2008-11-06 22:09:05 ----RD---- C:\Program Files (x86)\Online Services
2008-11-06 22:09:05 ----HD---- C:\HP
2008-11-06 22:06:28 ----HD---- C:\System.sav
2008-11-06 22:06:28 ----D---- C:\SWSETUP
2008-11-06 22:03:45 ----RD---- C:\Users

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys []
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver; C:\Windows\system32\DRIVERS\tmlwf.sys []
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys []
R2 regi;regi; C:\Windows\system32\drivers\regi.sys []
R2 tmpreflt;tmpreflt; C:\Windows\system32\DRIVERS\tmpreflt.sys []
R2 tmwfp;Trend Micro WFP Callout Driver; C:\Windows\system32\DRIVERS\tmwfp.sys []
R2 tmxpflt;tmxpflt; C:\Windows\system32\DRIVERS\tmxpflt.sys []
R2 vsapint;vsapint; C:\Windows\system32\DRIVERS\vsapint.sys []
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x64.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.SYS []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe []
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agr64svc.exe []
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-04-15 94208]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe []
R2 IviRegMgr;IviRegMgr; C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2008-05-14 292248]
R2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [2008-05-14 116112]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-03-26 341328]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\STacSV64.exe []
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2008-01-25 148832]
S2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2008-07-29 817904]
S2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2008-02-15 561928]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-20 651720]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2007-12-04 181784]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 TmPfw;Trend Micro Personal Firewall; C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2008-02-16 584624]
S3 tmproxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2008-02-16 854280]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:29:20 PM, on 11/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Users\Frank McCaskill\AppData\Local\Temp\sidebar.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Nero\Nero 9\Nero StartSmart\NeroStartSmart.exe
C:\Program Files (x86)\NewsBin\nbpro.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Frank McCaskill\Desktop\RSIT.exe
C:\Users\Frank McCaskill\Desktop\Frank McCaskill.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - MRI_DISABLED - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [explore] C:\Windows\system32\explore.exe
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\FRANKM~1\AppData\Local\Temp\efcYQHYQ.dll,#1
O4 - HKLM\..\Policies\Explorer\Run: [Sidebar] C:\Users\FRANKM~1\AppData\Local\Temp\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O13 - Gopher Prefix:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_5d1a7764\STacSV64.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11786 bytes

BC AdBot (Login to Remove)

 


#2 frankmc98

frankmc98
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 30 November 2008 - 06:48 AM

I have name wrong it's PAK Generic 001

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:35 PM

Posted 14 December 2008 - 01:15 PM

Hello and :thumbsup: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:35 PM

Posted 21 December 2008 - 01:11 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users