Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google browser hijack, but not Dogpile


  • This topic is locked This topic is locked
6 replies to this topic

#1 randalljvh

randalljvh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 05 March 2009 - 01:37 PM

Sorry about this, but the DDS log file came out gibberish instead of text, so all I have is the hijackthis.log. I'm not quite sure what is doing it, but when I click on a google search result, it gets redirected to yellowpages or some other sales site.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:05 AM, on 3/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\JBASE30\jDP\Bin\irpcd.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\JBASE30\jDP\Bin\nav_util.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\TEMP\OL456B.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedaily.com/overlook.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://quotes.quickparts.com/java/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{09ECF242-CD3C-4DB4-9D77-9CE3569DC112}: NameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CE9C158-59AD-464E-8393-570A1FED4B05}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABB12DC9-895B-4A2C-9BAD-E4BBE0C63552}: NameServer = 192.168.1.1,192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{09ECF242-CD3C-4DB4-9D77-9CE3569DC112}: NameServer = 192.168.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{09ECF242-CD3C-4DB4-9D77-9CE3569DC112}: NameServer = 192.168.1.5
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Attunity Connect Daemon (IRPCD) (IRPCD) - Attunity Ltd. - C:\JBASE30\jDP\Bin\irpcd.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7070 bytes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:22 PM

Posted 18 March 2009 - 08:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 randalljvh

randalljvh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 19 March 2009 - 11:01 AM

I ran DDS.scr, which is the only one that would work of the 3 choices. I got a ton of gobbledygook, with a little text in the middle. That's why I posted the hijackthis log earlier.


       X     d     8 a      `    x a ? 
A S K N E X T V O L G E T P A S S W O R D 1
L I C E N S E D L G R E N A M E D L G  R E P L A C E F I L E D L G  S T A R T D L G  D V C L A L  ( @   33333333330  o  ox   o xx  o8 ? o 8Ǐ ?̏ o8x ?̏ 8x o?̏ x ̏ o                              
  S e l e c t d e s t i n a t i o n f o l d e r
E x t r a c t i n g % s S k i p p i n g % s  U n e x p e c t e d e n d o f a r c h i v e  T h e f i l e " % s " h e a d e r i s c o r r u p t % T h e a r c h i v e c o m m e n t h e a d e r i s c o r r u p t  T h e a r c h i v e c o m m e n t i s c o r r u p t  N o t e n o u g h m e m o r y  U n k n o w n m e t h o d i n % s  C a n n o t o p e n % s  C a n n o t c r e a t e % s  C a n n o t c r e a t e f o l d e r % s  6 C R C f a i l e d i n t h e e n c r y p t e d f i l e % s ( w r o n g p a s s w o r d ? )  C R C f a i l e d i n % s  P a c k e d d a t a C R C f a i l e d i n % s  W r o n g p a s s w o r d f o r % s 5 W r i t e e r r o r i n t h e f i l e % s . P r o b a b l y t h e d i s k i s f u l l  R e a d e r r o r i n t h e f i l e % s  F i l e c l o s e e r r o r  T h e r e q u i r e d v o l u m e i s a b s e n t 2 T h e a r c h i v e i s e i t h e r i n u n k n o w n f o r m a t o r d a m a g e d  E x t r a c t i n g f r o m % s N e x t v o l u m e  T h e a r c h i v e h e a d e r i s c o r r u p t  C l o s e  E r r o r a E r r o r s e n c o u n t e r e d w h i l e p e r f o r m i n g t h e o p e r a t i o n
L o o k a t t h e i n f o r m a t i o n w i n d o w f o r m o r e d e t a i l s PA  b y t e s m o d i f i e d o n  f o l d e r i s n o t a c c e s s i b l e l S o m e f i l e s c o u l d n o t b e c r e a t e d .
P l e a s e c l o s e a l l a p p l i c a t i o n s , r e b o o t W i n d o w s a n d r e s t a r t t h i s i n s t a l l a t i o n \ S o m e i n s t a l l a t i o n f i l e s a r e c o r r u p t .
P l e a s e d o w n l o a d a f r e s h c o p y a n d r e t r y t h e i n s t a l l a t i o n A l l f i l e s PA E < u l > < l i > P r e s s < b > I n s t a l l < / b > b u t t o n t o s t a r t e x t r a c t i o n . < / l i > < b r > < b r > 6 < l i > U s e < b > B r o w s e < / b > b u t t o n t o s e l e c t t h e d e s t i n a t i o n 4 f o l d e r f r o m t h e f o l d e r s t r e e . I t c a n b e a l s o e n t e r e d  m a n u a l l y . < / l I > < b r > < b r > 8 < l I > I f t h e d e s t i n a t i o n f o l d e r d o e s n o t e x i s t , i t w i l l b e 2 c r e a t e d a u t o m a t i c a l l y b e f o r e e x t r a c t i o n . < / l I > < / u l > PAh        | <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
version="1.0.0.0"
processorArchitecture="X86"
name="WinRAR SFX"
type="win32"/>
<description>WinRAR SFX module</description>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator"
uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="X86"
publicKeyToken="6595b64144ccf1df"
language="*"/>
</dependentAssembly>
</dependency>
</assembly>
P e e f e f e f e (f e 2f e <f e Hf e Rf `f pf f f f f  f f f f f KERNEL32.DLL ADVAPI32.DLL COMCTL32.DLL COMDLG32.DLL GDI32.DLL OLE32.DLL SHELL32.DLL USER32.DLL LoadLibraryA GetProcAddress VirtualProtect VirtualAlloc VirtualFree ExitProcess RegCloseKey GetOpenFileNameA DeleteObject OleInitialize SHGetMalloc SetMenu Rar! ;s
z # k j  3 CMT
P
/N
E7AiCCoHwTWr3ܽ2zt7ͯ+A6INoQ&ѽ!f<dqUݮoe-ut. 
I0Js(95 Assoc.cmd Ik fqױ`.'IX1Kh=LJ4>hTw{br!)`CP3P_3ΥmY &GxUB.C&vT
d7J
j Ww;EOQ:Amj+0eX_ʝlO0p5 d˭dw)@/<r ^Ā Ey6V<;uZd4n_PRW3zE=}ͰkU<Ҩ~4x=C 60$Rz#S:4rV8wZA[OHZ(^vl
1M~B7r$ &xu!Uth EtIAgsСϰ,Yu:3SA82C:G28\[])V+#z@FiE)GDһ? x*2'8qh~{yW2U9b˘Pt;C ⤯ݹx_lE.oG$^Y٘y
`*,@Kljݏ;0>l
UE*
Fo'=A|Hb^FpYӆ)`yU<Ř|wocoUv*-@ǎD)
Ŗ' gz{tА, Z4 * -Zu(p:3 dds.cmd g  @!k>|qO[`0f0r]$|BH$$> ϻsMP:T$ng35r{m^ouӺnTk/@`I5'>w)(_ Z5iO37R6
)e'oi3;u.oJb!
,y2
Kh|⫋ sa
j횎be%GM!A>c82I{.1xS!.;m5zV0u mt R_fc@HjY8~ `.۷ne$5ĺ7UK&b꧒:o[^Na'R4'3@hUd]w̓뇒v#gG%\WfOkJ4mFP:ܼԧ-^

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 19 March 2009 - 02:26 PM

Hi,
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 randalljvh

randalljvh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:22 AM

Posted 19 March 2009 - 02:45 PM

As requested ...

Logfile of random's system information tool 1.05 (written by random/random)
Run by Randy at 2009-03-19 12:57:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 23 GB (60%) free of 38 GB
Total RAM: 1023 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:51 PM, on 3/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\JBASE30\jDP\Bin\irpcd.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\JBASE30\jDP\Bin\nav_util.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\TEMP\HKC48C.EXE
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\AutoCAD LT 2009\acadlt.exe
C:\DOCUME~1\Randy.DMI\LOCALS~1\Temp\AdskCleanup.0001
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe
C:\Program Files\Windows NT\HYPERTRM.EXE
C:\Program Files\Common Files\Autodesk Shared\AcHelp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Randy.DMI\Local Settings\Temporary Internet Files\Content.IE5\4TE38DI7\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Randy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thedaily.com/overlook.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R3 - URLSearchHook: FCToolbarURLSearchHook Class - {085FEAA9-36F6-4A6D-9EE7-11951AE89CFC} - C:\Program Files\Dogpile Search and Rescue\Helper.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FCTBPos00Pos - {266CE7B2-DA3E-421F-BCB9-474896939A10} - C:\Program Files\Dogpile Search and Rescue\Toolbar.dll
O3 - Toolbar: Dogpile Search and Rescue - {E1530CD5-6933-49FB-973A-41C1924DE198} - C:\Program Files\Dogpile Search and Rescue\Toolbar.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://quickquotes.quickparts.com/References/XUpload.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{09ECF242-CD3C-4DB4-9D77-9CE3569DC112}: NameServer = 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CE9C158-59AD-464E-8393-570A1FED4B05}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ABB12DC9-895B-4A2C-9BAD-E4BBE0C63552}: NameServer = 192.168.1.1,192.168.1.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{09ECF242-CD3C-4DB4-9D77-9CE3569DC112}: NameServer = 192.168.1.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{09ECF242-CD3C-4DB4-9D77-9CE3569DC112}: NameServer = 192.168.1.5
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Attunity Connect Daemon (IRPCD) (IRPCD) - Attunity Ltd. - C:\JBASE30\jDP\Bin\irpcd.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8159 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{6307CAA9-08C8-4DE2-B2E5-30C2C6E0E8DE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{266CE7B2-DA3E-421F-BCB9-474896939A10}]
FCTBPos00Pos Class - C:\Program Files\Dogpile Search and Rescue\Toolbar.dll [2009-03-16 1256960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E1530CD5-6933-49FB-973A-41C1924DE198} - Dogpile Search and Rescue - C:\Program Files\Dogpile Search and Rescue\Toolbar.dll [2009-03-16 1256960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\Smtray.exe [2002-06-26 90112]
"nwiz"=nwiz.exe /install []
"NeroCheck"=C:\WINDOWS\System32\NeroCheck.exe [2001-07-09 155648]
"IntelliType"=C:\Program Files\Microsoft Hardware\Keyboard\type32.exe [2002-03-21 94208]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-03-02 77824]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe [2006-11-10 381005]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-04-04 185896]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\SolidWorks\SLDWORKS.exe"="C:\Program Files\SolidWorks\SLDWORKS.exe:*:Enabled:SldWorks"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-03-19 12:57:43 ----D---- C:\rsit
2009-03-16 08:51:58 ----D---- C:\Program Files\Dogpile Search and Rescue
2009-03-12 15:53:30 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-11 13:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 13:51:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-11 13:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-03 16:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-03 16:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-02 09:16:26 ----D---- C:\WINDOWS\Prefetch
2009-03-02 09:14:23 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-02 09:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-02 09:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-02 09:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-02 09:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2009-03-02 09:13:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-02 09:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-02 09:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-02 09:12:32 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-02 09:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-02 09:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-03-02 09:11:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-02 09:11:43 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-02 09:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-02 09:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-02 09:11:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-02 09:10:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2009-03-02 09:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-02 09:10:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-02 09:10:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-02 09:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-02 09:09:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-03-02 09:04:46 ----A---- C:\WINDOWS\setuplog.txt
2009-03-02 09:03:04 ----D---- C:\WINDOWS\system32\scripting
2009-03-02 09:02:58 ----D---- C:\WINDOWS\l2schemas
2009-03-02 09:02:57 ----D---- C:\WINDOWS\system32\en
2009-02-25 16:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-02-25 16:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-02-25 16:43:14 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-02-25 16:43:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-25 16:42:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-02-25 16:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-02-25 16:41:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-02-25 16:41:18 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-02-25 16:40:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$

======List of files/folders modified in the last 1 months======

2009-03-19 08:03:14 ----D---- C:\WINDOWS\Temp
2009-03-19 07:50:50 ----D---- C:\WINDOWS\security
2009-03-19 07:45:39 ----SHD---- C:\Config.Msi
2009-03-19 07:45:37 ----SHD---- C:\WINDOWS\Installer
2009-03-19 07:44:05 ----D---- C:\WINDOWS\Help
2009-03-19 07:35:43 ----RD---- C:\Program Files
2009-03-19 07:35:42 ----D---- C:\Documents and Settings\Randy.DMI\Application Data\Lavasoft
2009-03-19 07:35:41 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-19 07:20:31 ----AC---- C:\WINDOWS\cfgall.ini
2009-03-19 07:17:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-17 07:37:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-16 07:11:08 ----D---- C:\WINDOWS
2009-03-13 07:55:11 ----HD---- C:\WINDOWS\inf
2009-03-12 15:53:33 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-12 07:17:13 ----D---- C:\WINDOWS\system32
2009-03-11 13:51:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-11 13:51:35 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 13:51:31 ----D---- C:\WINDOWS\WinSxS
2009-03-11 09:00:09 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-09 09:04:31 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-06 11:59:36 ----D---- C:\Documents and Settings
2009-03-05 10:55:44 ----D---- C:\Program Files\Trend Micro
2009-03-05 10:39:01 ----D---- C:\Program Files\Common Files
2009-03-05 10:35:57 ----D---- C:\Program Files\Google
2009-03-05 10:35:56 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-03-04 12:57:34 ----D---- C:\Program Files\Ferroxcube Soft Ferrite Design Tools
2009-03-02 09:38:12 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-02 09:15:55 ----D---- C:\WINDOWS\system32\wbem
2009-03-02 09:15:55 ----D---- C:\WINDOWS\system32\Setup
2009-03-02 09:15:55 ----D---- C:\WINDOWS\AppPatch
2009-03-02 09:15:55 ----D---- C:\Program Files\Messenger
2009-03-02 09:15:54 ----RSD---- C:\WINDOWS\Fonts
2009-03-02 09:15:51 ----D---- C:\WINDOWS\system32\drivers
2009-03-02 09:14:44 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-02 09:03:33 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-02 09:03:33 ----D---- C:\WINDOWS\network diagnostic
2009-03-02 09:03:32 ----D---- C:\WINDOWS\ime
2009-03-02 09:03:05 ----D---- C:\WINDOWS\system32\usmt
2009-03-02 09:03:05 ----D---- C:\WINDOWS\system32\en-US
2009-03-02 09:02:56 ----D---- C:\WINDOWS\system32\bits
2009-03-02 09:02:56 ----D---- C:\WINDOWS\peernet
2009-03-02 09:02:56 ----D---- C:\Program Files\Movie Maker
2009-03-02 08:58:22 ----D---- C:\WINDOWS\system32\Restore
2009-03-02 08:58:21 ----D---- C:\WINDOWS\system32\npp
2009-03-02 08:58:21 ----D---- C:\WINDOWS\mui
2009-03-02 08:58:20 ----D---- C:\WINDOWS\msagent
2009-03-02 08:58:18 ----D---- C:\WINDOWS\srchasst
2009-03-02 08:58:17 ----D---- C:\Program Files\NetMeeting
2009-03-02 08:58:15 ----D---- C:\WINDOWS\system32\Com
2009-03-02 08:58:09 ----D---- C:\Program Files\Windows Media Player
2009-03-02 08:58:08 ----D---- C:\Program Files\Windows NT
2009-03-02 08:58:08 ----D---- C:\Program Files\Outlook Express
2009-03-02 08:58:05 ----D---- C:\Program Files\Common Files\System
2009-03-02 08:57:48 ----D---- C:\WINDOWS\system32\oobe
2009-03-02 08:57:45 ----D---- C:\WINDOWS\system
2009-03-02 08:53:51 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-02 08:53:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-02 08:49:00 ----D---- C:\WINDOWS\EHome
2009-02-25 16:42:06 ----D---- C:\Program Files\Internet Explorer
2009-02-25 13:54:59 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-08-29 55936]
R2 TM_CFW;Common Firewall Driver; \??\C:\Program Files\Trend Micro\Client Server Security Agent\tm_cfw.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-08-22 98752]
R3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys [2005-07-28 43008]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-07-30 994650]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-23 549672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ADM8511;Belkin USB Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\NET8511.SYS [2000-12-11 24424]
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-02-25 139776]
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2004-07-21 176241]
R2 IRPCD;Attunity Connect Daemon (IRPCD); C:\JBASE30\jDP\Bin\irpcd.exe [2002-12-25 135206]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2005-03-07 71168]
R2 ntrtscan;Trend Micro Client/Server Security Agent RealTime Scan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [2006-11-10 598104]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-07-30 61440]
R2 OfcPfwSvc;Trend Micro Client/Server Security Agent Personal Firewall; C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe [2006-11-10 278608]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-07-15 45056]
R2 tmlisten;Trend Micro Client/Server Security Agent Listener; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [2006-11-10 655448]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-09-25 85096]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-01-27 79360]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------





info.txt logfile of random's system information tool 1.05 2009-03-19 12:57:55

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec.exe /I{3296ED42-1E2A-41ED-808D-4704BB94E874}
-->MsiExec.exe /I{EBF5C47B-5363-454F-BE1B-C0887BEEBDD1}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000702}
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000703}
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000704}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Reader Chinese Traditional Fonts-->MsiExec.exe /I{AC76BA86-7AD7-2448-5A64-7E8A45000001}
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
AR-M350 PCL6-->C:\WINDOWS\ISUNINST.EXE -fC:\WINDOWS\arm3506.isu -cC:\WINDOWS\System32\uarm3506.dll
Attunity Connect v3.4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9A341C6-7452-4062-8EDF-AE2AA68D4DAC}\Setup.exe" -l0x9 UNINSTALL
AutoCAD LT 2009 - English-->C:\Program Files\AutoCAD LT 2009\Setup\Setup.exe /P {5783F2D7-7009-0409-0002-0060B0CE6BBA} /M ACADLT
AutoCAD LT 97-->C:\WINDOWS\acremen.exe ACLT-2452752:28912953
CMC-->"C:\Program Files\Core Calculator\CommonModeChoke\uninstall.exe"
Common Mode Inductor Design-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Common Mode Filter\ST6UNST.LOG"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
D-Link PCI Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $D-Link
Dogpile Search and Rescue-->C:\Program Files\Dogpile Search and Rescue\Uninst.exe
Ferrite Magnetic Design Tool 4.0-->C:\WINDOWS\IsUninst.exe -f"c:\program files\epcos\Uninst.isu"
Ferroxcube Soft Ferrite Design Tools 2002 (C:\Program Files\Ferroxcube Soft Ferrite Design Tools\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Ferroxcube Soft Ferrite Design Tools\ST6UNST.000"
Ferroxcube Soft Ferrite Design Tools 2002-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Ferroxcube Soft Ferrite Design Tools\ST6UNST.LOG"
First Step Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C797EAF2-707A-4239-BDF3-F2672314A734}\setup.exe" -l0x9 UNINSTALL
GoldMine 4.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GoldMine\Uninst.isu"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImageMixer VCD2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel® PRO Ethernet Adapter and Software-->Prounstl.exe
jBASE 3.0-->C:\WINDOWS\uninst.exe -fC:\JBASE30\DeIsL1.isu
jBASE Remote Connectivity Service-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{CAF5AF62-848C-42FE-8D2D-DED408C6A0D6}
JD Secure 3.1-->C:\WINDOWS\System32\JDSecure31.exe /u
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Magnetics Designer 4.1 Build 341-->C:\WINDOWS\IsUninst.exe -fC:\Spice8\4_1_341.isu
Mathcad 7-->C:\WINDOWS\uninst.exe -f"C:\Program Files\MathSoft\Mathcad\DeIsL1.isu"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MISUMI 3D Catalog Viewer-->MsiExec.exe /I{515D494D-035B-42C3-B05B-9AB30CF4A4D9}
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
OBjEX-->MsiExec.exe /I{DCBC59FF-A4CF-4C02-8C01-09125A6493D1}
PDMWorks Clients 2004-->MsiExec.exe /I{FE7C34DE-C597-4762-BA67-5FFC7A447DDA}
PDMWorks-->RunDll32 C:\PROGRA~1\PDMWorks\STANDA~1\PDMWUN~1.DLL,UninstInitViaRunDll32 /pg:"{606D713F-B60C-11D6-A47A-00B0D03E4223}"
PI Expert Suite v.6.5-->MsiExec.exe /I{545033EE-2FC9-43C9-865B-52B7E2C7F541}
Proman V-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\Microsoft Shared\DAO\Uninst.isu"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SIMetrix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88A531A7-4678-45AF-A253-2EB23D9D79CA}\Setup.exe" -l0x9
SMPS Design Toolkit 1.6 (remove only)-->C:\Program Files\SMPS Design Toolkit 1.6\Uninst.exe
SolidWorks 2004 SP0-->MsiExec.exe /I{4E921E6B-CFF1-4901-B262-FD049AC8EF56}
SolidWorks eDrawings 2009-->MsiExec.exe /I{41F8F89F-4638-4201-8072-D610F61506C9}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Trend Micro Client/Server Security Agent-->"C:\Program Files\Trend Micro\Client Server Security Agent\ntrmv.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VIPer Pack-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\VIPer\ST6UNST.LOG"
Voltech AT Editor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1959CFC-8893-11D4-B438-004095A11F2A}\Setup.exe" -l0x9
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xpress3D for SolidWorks-->MsiExec.exe /I{37AEFF36-2CBE-4C19-B218-38F1F4E2C66F}

======Security center information======

FW: Trend Micro Client-Server Security Agent Firewall (disabled)

System event log

Computer Name: RVH
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free.

Record Number: 37936
Source Name: EventLog
Time Written: 20081121074249.000000-480
Event Type: information
User:

Computer Name: RVH
Event Code: 6006
Message: The Event log service was stopped.

Record Number: 37935
Source Name: EventLog
Time Written: 20081120163622.000000-480
Event Type: information
User:

Computer Name: RVH
Event Code: 5719
Message: No Domain Controller is available for domain DMI due to the following:
There are currently no logon servers available to service the logon request.
.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Record Number: 37934
Source Name: NETLOGON
Time Written: 20081120163347.000000-480
Event Type: error
User:

Computer Name: RVH
Event Code: 5719
Message: No Domain Controller is available for domain DMI due to the following:
There are currently no logon servers available to service the logon request.
.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.

Record Number: 37933
Source Name: NETLOGON
Time Written: 20081120123347.000000-480
Event Type: error
User:

Computer Name: RVH
Event Code: 28
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are accessible.
NtpClient has no source of accurate time.

Record Number: 37932
Source Name: W32Time
Time Written: 20081120101834.000000-480
Event Type: error
User:

Application event log

Computer Name: RVH
Event Code: 1904
Message:
Record Number: 12256
Source Name: HHCTRL
Time Written: 20081022124335.000000-420
Event Type: information
User:

Computer Name: RVH
Event Code: 1904
Message:
Record Number: 12255
Source Name: HHCTRL
Time Written: 20081022124335.000000-420
Event Type: information
User:

Computer Name: RVH
Event Code: 1904
Message:
Record Number: 12254
Source Name: HHCTRL
Time Written: 20081022124335.000000-420
Event Type: information
User:

Computer Name: RVH
Event Code: 1904
Message:
Record Number: 12253
Source Name: HHCTRL
Time Written: 20081022124335.000000-420
Event Type: information
User:

Computer Name: RVH
Event Code: 1904
Message:
Record Number: 12252
Source Name: HHCTRL
Time Written: 20081022124335.000000-420
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\JBASE30\bin;C:\JBASE30\jDP\bin;C:\PROMAN\BIN
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0204
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"NAVROOT"=C:\JBASE30\jDP
"JBCGLOBALDIR"=C:\JBASE30
"JBCRELEASEDIR"=C:\JBASE30
"PROMANDIR"=C:\PROMAN
"JBCOBJECTLIST"=C:\PROMAN\lib
"JEDIFILEPATH"=\\PROMAN\PROMAN$\Proman;\\PROMAN\PROMAN$\PRO.DOC
"JEDIFILENAME_MD"=\\PROMAN\PROMAN$\MASTERDICTS\Randy.MD]D
"JEDIFILENAME_SYSTEM"=\\PROMAN\PROMAN$\MASTERDICTS\SYSTEM]D
"JBCNOINTERNAL"=1
"JBCSPOOLERDIR"=\\PROMAN\PROMAN$\spooler
"HOME"=C:\PROMAN
"JBCPRINTER_DEPTH"=59
"JBCDEV_BIN"=\\PROMAN\PROMAN$\PRO.DOC\BIN
"JBCDEV_LIB"=\\PROMAN\PROMAN$\PRO.DOC\LIB
"JBCNETDIR"=C:\PROMAN\JNETCONFIG
"JRFS_CHK_REMOTE"=1
"JBCEMULATE"=SEQ

-----------------EOF-----------------

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 20 March 2009 - 10:11 AM

Hi again,


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
Download dds to your desktop (don't run from temporary location) and try running it making sure TrendMicro is disabled.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 31 March 2009 - 01:33 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users