Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desktop Hijackers


  • This topic is locked This topic is locked
2 replies to this topic

#1 10nitro

10nitro

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:39 AM

Posted 01 December 2008 - 08:52 PM

A while ago this computer got infected with numerous desktop hijackers. I ran CCleaner, Smitfraudfix, and Antivir (in that order).

As far as one can tell, the malware is gone. However, the malware had made the system excruciatingly slow, and this is the sole symptom I could not treat.

I tried to run Kaspersky. It got to 3% after about 30 min, and remained there for about the net 24 hours, until I killed it.

log.txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-11-30 16:06:02
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 21 GB (54%) free of 38 GB
Total RAM: 190 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:24, on 11/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\carpserv.exe
C:\Documents and Settings\Owner\My Documents\installers\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,C:\WINDOWS\system32\oembios.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - (no file)
O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://mibor.mlxtempo.com
O16 - DPF: ImageUploader - http://www.assetval.com/app/ImageUploader.CAB
O16 - DPF: {0D859AF0-C75E-11D4-B760-00E0B81077E8} (FileCruiser Class) - http://mibor.mlxtempo.com/4.1.14.35/Control/FileCruiser.cab
O16 - DPF: {16FD824B-8E7B-11D2-9855-00802962956C} (Specfile Control) - http://mibor.mlxtempo.com/4.1.14.35/Control/Specfile.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1220820397420
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://web02.farvv.com/sn/ImageUploader4.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLS Client Utils) - http://mibor.mlxtempo.com/4.1.14.35/Contro...ClientUtils.cab
O16 - DPF: {78523E50-56EB-11D3-B739-CAA1986A452F} (LiteGridCtl Class) - http://mibor.mlxtempo.com/4.1.14.35/Control/LiteGrid.cab
O16 - DPF: {7A7537FC-5988-11D3-8B33-00104B9E5A4A} (IRCWwwPrint Class) - http://mibor.mlxtempo.com/4.1.14.35/Control/IRCWebPrint.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mibor.mlxtempo.com/4.3.07.83/Control/IRCSharc.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab
O16 - DPF: {F060A272-A18A-11D3-B75B-00E0B81077E8} (DropList Class) - http://mibor.mlxtempo.com/4.1.14.35/Contro...CustomCtrls.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: karina.dat
O21 - SSODL: QUaNDIvxbfdW - {00003368-AAAA-99C2-C780-FB5049961C86} - (no file)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5510 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-29 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-29 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-29 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}
{A057A204-BACC-4D26-9990-79A187E2698E}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"srmclean"=C:\Cpqs\Scom\srmclean.exe [2001-07-24 36864]
"QT4HPOT"=C:\PROGRA~1\HPQ\ONE-TO~1\OneTouch.EXE [2002-10-14 98304]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-29 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"CARPService"=C:\WINDOWS\system32\carpserv.exe [2002-10-21 4608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\WINDOWS\system32\Ati2mdxx.exe [2002-06-11 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\WINDOWS\system32\atiptaxx.exe [2002-06-11 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
C:\WINDOWS\system32\carpserv.exe [2002-10-21 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe [2002-10-23 176197]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Display Settings]
C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePrint 3.0 Service]
C:\PROGRA~1\LEADTE~1\LEADTO~1.0\bin\EPRINT3.EXE [2003-03-24 58368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Network Registry Agent]
C:\WINDOWS\System32\hpnra.exe [2000-10-26 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
c:\windows\system\hpsysdrv.exe [2001-07-19 52736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TV Now]
C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karina.dat"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
QUaNDIvxbfdW - {00003368-AAAA-99C2-C780-FB5049961C86}
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SYMTDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Documents and Settings\Owner\Local Settings\Temp\.tt16.tmp"="C:\Documents and Settings\Owner\Local Settings\Temp\.tt16.tmp:*:Enabled:enable"
"C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmiUpdate.exe"="C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmiUpdate.exe:*:Enabled:SmiUpdate.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2008-11-30 16:06:02 ----D---- C:\rsit
2008-11-30 15:58:33 ----D---- C:\WINDOWS\LastGood
2008-11-30 15:38:27 ----A---- C:\WINDOWS\system32\results.txt
2008-11-30 15:36:14 ----N---- C:\WINDOWS\system32\BCMWLU00.EXE
2008-11-29 23:28:43 ----D---- C:\WINDOWS\Sun
2008-11-29 23:06:09 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-11-29 19:24:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-29 19:24:31 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-29 19:24:31 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-29 19:24:31 ----A---- C:\WINDOWS\system32\java.exe
2008-11-29 19:20:50 ----D---- C:\Documents and Settings\Owner\Desktop\Application Data\Sun
2008-11-24 22:34:06 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-24 22:02:57 ----D---- C:\Program Files\Trend Micro
2008-11-24 20:52:38 ----D---- C:\Documents and Settings\All Users\Application Data\Ascentive
2008-11-24 20:46:53 ----A---- C:\WINDOWS\system32\ascbalon.dll
2008-11-24 20:46:47 ----A---- C:\WINDOWS\system32\SysRestore.dll
2008-11-24 20:46:46 ----A---- C:\WINDOWS\system32\CreateLog.dll
2008-11-24 20:46:46 ----A---- C:\WINDOWS\system32\ConTest.dll
2008-11-24 20:44:44 ----D---- C:\Program Files\Ascentive
2008-10-24 15:05:38 ----D---- C:\Documents and Settings\Owner\Desktop\Application Data\AVGTOOLBAR
2008-10-24 15:04:35 ----D---- C:\Program Files\AVG
2008-10-24 15:04:29 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-09-07 18:54:16 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-09-07 18:54:13 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-09-07 18:38:32 ----D---- C:\WINDOWS\Prefetch
2008-09-07 18:06:43 ----D---- C:\WINDOWS\system32\scripting
2008-09-07 18:06:34 ----D---- C:\WINDOWS\l2schemas
2008-09-07 18:06:32 ----D---- C:\WINDOWS\system32\en
2008-09-07 17:21:30 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-07 17:21:26 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-07 17:21:22 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-07 17:21:22 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-07 17:21:05 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-07 17:21:05 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-07 17:20:40 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-07 17:20:33 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-07 17:20:31 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-07 17:20:30 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-07 17:20:26 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-07 17:20:26 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-07 17:20:26 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-07 17:20:23 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-07 17:20:18 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-07 17:19:56 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-07 17:19:56 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-07 17:19:56 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-07 17:19:53 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-07 17:19:52 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-07 17:19:47 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-07 17:19:47 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-07 17:19:14 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-07 17:19:13 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-07 17:19:13 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-07 17:19:13 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-07 17:18:47 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-07 17:18:46 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-07 17:18:45 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-07 17:18:45 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-07 17:18:44 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-07 17:18:44 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-07 17:18:14 ----A---- C:\WINDOWS\005514_.tmp
2008-09-07 17:18:11 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-07 17:18:11 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-07 17:18:11 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-07 17:18:11 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-07 17:18:11 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-07 17:18:11 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-07 17:18:11 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-07 17:18:11 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-07 17:18:02 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-07 17:18:01 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-07 17:18:01 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-07 17:18:01 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-07 17:18:01 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-07 17:18:01 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-07 17:18:01 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-07 17:17:55 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-07 17:17:55 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-07 17:17:53 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-07 17:17:47 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-07 17:17:32 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-07 17:17:32 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-07 17:17:15 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-07 15:39:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-09-07 13:50:16 ----D---- C:\Program Files\Windows Defender

======List of files/folders modified in the last 3 months======

2008-11-30 16:05:24 ----A---- C:\WINDOWS\WININIT.INI
2008-11-30 15:59:35 ----SD---- C:\WINDOWS\Tasks
2008-11-30 15:58:48 ----D---- C:\WINDOWS\system32
2008-11-30 15:58:47 ----D---- C:\WINDOWS\system32\drivers
2008-11-30 15:58:43 ----HD---- C:\WINDOWS\inf
2008-11-30 15:58:40 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-30 15:58:33 ----D---- C:\WINDOWS
2008-11-30 15:58:19 ----D---- C:\WINDOWS\Temp
2008-11-30 15:56:29 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-30 15:51:19 ----D---- C:\WINDOWS\Help
2008-11-30 15:37:35 ----D---- C:\SWSETUP
2008-11-29 23:16:59 ----A---- C:\WINDOWS\hpbafd.ini
2008-11-29 23:06:21 ----SHD---- C:\WINDOWS\Installer
2008-11-29 23:06:09 ----D---- C:\Program Files\Common Files
2008-11-29 23:02:42 ----D---- C:\Program Files\Common Files\Adobe
2008-11-29 23:02:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-29 23:00:32 ----D---- C:\Program Files\Adobe
2008-11-29 22:51:41 ----D---- C:\WINDOWS\system32\wbem
2008-11-29 22:51:40 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-29 22:49:39 ----D---- C:\Program Files\Mozilla Firefox
2008-11-29 22:43:50 ----SD---- C:\Documents and Settings\Owner\Desktop\Application Data\Microsoft
2008-11-29 20:11:55 ----AD---- C:\Program Files
2008-11-29 19:54:08 ----D---- C:\Documents and Settings\Owner\Desktop\Application Data\MSN6
2008-11-29 19:34:55 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-11-29 19:22:13 ----D---- C:\Program Files\Java
2008-11-24 21:09:32 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-22 14:40:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-22 13:36:38 ----D---- C:\Program Files\CONEXANT
2008-11-21 16:41:21 ----RASH---- C:\boot.ini
2008-11-21 16:41:21 ----A---- C:\WINDOWS\win.ini
2008-11-21 16:41:21 ----A---- C:\WINDOWS\system.ini
2008-11-18 19:32:03 ----D---- C:\WINDOWS\Debug
2008-11-18 19:25:28 ----D---- C:\Program Files\Outlook Express
2008-11-18 19:25:28 ----D---- C:\Program Files\Common Files\System
2008-11-18 19:25:28 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-18 19:20:45 ----RSD---- C:\WINDOWS\assembly
2008-11-18 19:20:45 ----D---- C:\WINDOWS\system32\mui
2008-11-18 19:20:42 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-18 19:18:19 ----D---- C:\WINDOWS\Registration
2008-11-18 19:05:30 ----D---- C:\hp
2008-11-18 18:59:46 ----D---- C:\WINDOWS\system32\Adobe
2008-11-18 18:59:39 ----D---- C:\WINDOWS\system32\Macromed
2008-11-14 14:42:48 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-03 19:10:25 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-10-27 09:31:49 ----D---- C:\Program Files\Hewlett-Packard
2008-10-25 12:16:26 ----D---- C:\WINDOWS\twain_32
2008-10-24 18:46:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-24 18:45:33 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-24 17:15:51 ----D---- C:\Program Files\System Soap Pro
2008-10-24 15:03:26 ----D---- C:\WINDOWS\WinSxS
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-10-16 14:13:40 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-10-16 14:12:22 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-10-16 14:12:20 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-10-16 14:09:44 ----AC---- C:\WINDOWS\system32\wups2.dll
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-10-16 14:09:44 ----A---- C:\WINDOWS\system32\cdm.dll
2008-10-16 14:09:40 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-10-16 14:08:58 ----A---- C:\WINDOWS\system32\wups.dll
2008-10-16 14:07:44 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-10-16 14:07:14 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2008-10-16 14:06:48 ----A---- C:\WINDOWS\system32\muweb.dll
2008-10-15 14:46:43 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-23 14:18:01 ----D---- C:\Program Files\ZipForm Desktop
2008-09-11 14:40:09 ----A---- C:\WINDOWS\system32\MRT.INI
2008-09-10 14:15:17 ----SHD---- C:\WINDOWS\system32\sysproc64
2008-09-08 11:01:30 ----A---- C:\WINDOWS\system32\delself.bat
2008-09-07 19:41:49 ----D---- C:\Program Files\Microsoft Works
2008-09-07 19:41:34 ----RSD---- C:\WINDOWS\Fonts
2008-09-07 18:37:32 ----D---- C:\WINDOWS\system32\Setup
2008-09-07 18:37:32 ----D---- C:\WINDOWS\AppPatch
2008-09-07 18:36:20 ----D---- C:\WINDOWS\security
2008-09-07 18:28:27 ----D---- C:\Program Files\Messenger
2008-09-07 18:07:37 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-07 18:07:30 ----D---- C:\WINDOWS\network diagnostic
2008-09-07 18:07:29 ----D---- C:\WINDOWS\ime
2008-09-07 18:06:47 ----D---- C:\WINDOWS\system32\en-US
2008-09-07 18:06:46 ----D---- C:\WINDOWS\system32\usmt
2008-09-07 18:06:31 ----D---- C:\WINDOWS\system32\bits
2008-09-07 18:06:31 ----D---- C:\WINDOWS\PeerNet
2008-09-07 18:06:31 ----D---- C:\Program Files\Movie Maker
2008-09-07 17:59:07 ----D---- C:\WINDOWS\system32\Restore
2008-09-07 17:59:06 ----D---- C:\WINDOWS\system32\npp
2008-09-07 17:59:03 ----D---- C:\WINDOWS\msagent
2008-09-07 17:59:00 ----D---- C:\WINDOWS\srchasst
2008-09-07 17:58:55 ----D---- C:\Program Files\NetMeeting
2008-09-07 17:58:52 ----D---- C:\WINDOWS\system32\Com
2008-09-07 17:58:47 ----D---- C:\Program Files\Windows Media Player
2008-09-07 17:58:46 ----D---- C:\Program Files\Windows NT
2008-09-07 17:57:59 ----D---- C:\WINDOWS\system32\oobe
2008-09-07 17:57:54 ----D---- C:\WINDOWS\system
2008-09-07 17:40:50 ----D---- C:\WINDOWS\EHome
2008-09-07 15:25:51 ----A---- C:\rapport.txt
2008-09-07 15:09:40 ----AC---- C:\WINDOWS\system32\tmp.txt
2008-09-07 14:48:01 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-09-07 14:04:40 ----D---- C:\WINDOWS\system32\LogFiles
2008-09-07 14:02:20 ----D---- C:\Program Files\RogueRemover
2008-09-07 14:01:34 ----D---- C:\WINDOWS\PCHealth
2008-09-04 12:15:04 ----A---- C:\WINDOWS\system32\msxml3.dll
2008-09-02 10:31:22 ----D---- C:\Documents and Settings\Owner\Desktop\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-06-11 448512]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2002-10-21 9855]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2002-10-21 34224]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO; C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 291328]
R3 CALIHALA;CALIHALA; C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 244608]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.SYS [2002-10-11 14543]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver; C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2004-05-04 19112]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-10-21 1171616]
R3 HSFHWALI;HSFHWALI; C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys [2002-10-21 153380]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-10-21 594960]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S3 AIRPLUS;D-Link AirPlus Wireless Adapter; C:\WINDOWS\System32\DRIVERS\AIRPLUS.sys []
S3 allegro;ESS Allegro Audio Driver (WDM); C:\WINDOWS\system32\drivers\es198x.sys [2001-08-17 174464]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 atimpab;atimpab; C:\WINDOWS\System32\DRIVERS\atimpab.sys [2001-08-17 289664]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CE3;Xircom Ethernet Adapter 10/100 Service; C:\WINDOWS\System32\DRIVERS\ce3n5.sys [2001-08-17 27164]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPCI;HP Configuration Interface; C:\WINDOWS\System32\DRIVERS\hpci.sys []
S3 LEX_NIC_SERVICE;IEEE 802.11 Wireless NIC Win2000 Driver; C:\WINDOWS\System32\DRIVERS\Express.sys [2002-10-16 57344]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SCR33X USB Smart Card Reader;SCR33X USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\SCR33X2K.sys []
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-29 152984]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2002-08-28 19456]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2002-06-11 131072]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
S4 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt:
info.txt logfile of random's system information tool 1.04 2008-11-30 16:06:30

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\COMPAQ\Software Setup\Uninst.isu" -c"C:\Program Files\COMPAQ\Software Setup\CPQUNST.DLL"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
AgentOffice SR-1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{060BF1C2-E768-4294-9E96-DF1794EA27FA}
AgentOffice SR-2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{FC3D419D-E13B-414A-8441-9A6B3964D71C}
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery Wizard 2.1 for Microsoft® Word 2002-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Avery Wizard\DeIsL1.isu" -c"C:\Program Files\Avery Wizard\uninst.dll
Conexant 56K ACLink Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0024103C\HXFSETUP.EXE -U -IVEN_10B9&DEV_5457&SUBSYS_0024103C
Conexant AC-Link Audio-->CIAunwdm.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
hp color LaserJet 4600 Uninstaller-->C:\Program Files\Hewlett-Packard\CLJ4600\Uninstall\unhp.exe ciuninst.ini
HP Real Estate Document Assistant FA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9488325-567E-408A-8ED8-46D794DD1F64}\setup.exe"
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LEADTOOLS ePrint 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A898F014-EF7E-4B71-88D6-7C5A09BC8C86}\setup.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
One-Touch Buttons-->C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\Setup.exe" ADDREMOVEDLG
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
The Print Shop 22-->MsiExec.exe /I{E34351A4-4B10-4DFF-96BC-84C642D9C625}
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\uninst32.exe
WordPerfect Productivity Pack-->C:\WINDOWS\Corel\Uninst32.exe
ZipForm Desktop-->C:\PROGRA~1\ZIPFOR~1\UNWISE.EXE C:\PROGRA~1\ZIPFOR~1\INSTALL.LOG

======Security center information======

AV: NT AUTHORITY\SYSTEM (disabled) (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\ols;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:39 AM

Posted 14 December 2008 - 06:47 PM

Hello 10nitro,

Posted Image

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:39 AM

Posted 23 December 2008 - 02:15 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users