View Full Version : Help.. Virtumonde, Virtumonde.genric, & Virtumonde.prx Viruses
collegegirl
2008-12-25, 02:10
Hi..
I need some help getting rid of viruses.. I'm a college student and have a laptop that the school provides all the services for.. I've had viruses before and the schools moto to getting rid of them is to reimage my entire laptop... yet that didn't get rid of these viruses..which I happened to find out by accident..
I then had a friend who works with computers try to get rid of the viruses... he was able to get rid of one of them... the win32.agent and he removed the files associated with it.. but I noticed the laptop was still running slow and I ran spybot again to find out I had the virtumonde viruses still and more than before... here is my Hijacks Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:59 PM, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\TEMP\CHBB53.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Trend OfficeScan ImageSetup] "C:\Documents and Settings\All Users\Desktop\ImgSetup.exe" "/001f297b5af0" -HideWindow
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [1217baa6] rundll32.exe "C:\WINDOWS\system32\thjuqwju.dll",b
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.msoe.edu
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230138355390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230138348968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msoe.edu
O17 - HKLM\Software\..\Telephony: DomainName = msoe.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msoe.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12281 bytes
I also did the Kaspersky Online Scan...
here is its results!!
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, December 24, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, December 24, 2008 18:43:51
Records in database: 1510376
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 204844
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:42:22
File name / Threat name / Threats count
C:\Documents and Settings\fricka\Local Settings\Temporary Internet Files\Content.IE5\74NQ96VT\apstpldr.dll[1].htm Infected: Trojan.Win32.Monder.aehd 1
The selected area was scanned.
All help is greatly appreciated.... I have no idea what do to..and I really need my laptop running so I can do my homework over the rest of break.!!!
Thanks,
College Girl!!!
Hi collegegirl
Rename HijackThis.exe to collegegirl.exe and post back a fresh HijackThis log, please :)
collegegirl
2008-12-29, 16:39
Here you go... I think this is what you wanted.. If not just let me know!!
And thanks a lot for the help!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:26 AM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\TEMP\RA490C.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Trend OfficeScan ImageSetup] "C:\Documents and Settings\All Users\Desktop\ImgSetup.exe" "/001f297b5af0" -HideWindow
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [1217baa6] rundll32.exe "C:\WINDOWS\system32\pljqliys.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.msoe.edu
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230138355390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230138348968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msoe.edu
O17 - HKLM\Software\..\Telephony: DomainName = msoe.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msoe.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12108 bytes
collegegirl
2008-12-29, 16:42
Okay ignore the first one please...I'm a little behind in computer knowledge other than how to run the programs I usually need but I got it changed to collegegirl.exe now...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:41:33 AM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\TEMP\RA490C.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\College Girl.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A2D091D-1777-4117-B604-02CE92AEAC1F} - C:\WINDOWS\system32\pmnllmMg.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\geBrpoMg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B6518BF3-7C38-48A8-ADFA-3EA48526F99F} - (no file)
O2 - BHO: (no name) - {EA3CDA4F-9828-4C6D-9CFC-03526CEF7C01} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Trend OfficeScan ImageSetup] "C:\Documents and Settings\All Users\Desktop\ImgSetup.exe" "/001f297b5af0" -HideWindow
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [1217baa6] rundll32.exe "C:\WINDOWS\system32\pljqliys.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.msoe.edu
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230138355390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230138348968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msoe.edu
O17 - HKLM\Software\..\Telephony: DomainName = msoe.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msoe.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: geBrpoMg - C:\WINDOWS\SYSTEM32\geBrpoMg.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12791 bytes
That looks better :)
Are both avast! and Trend micro up-to-date and does Trend micro have also antivirus?
collegegirl
2008-12-29, 17:16
Avast was just downloaded a few days ago by my friend who tried to remove the programs... and Micro Trend is just a scanning tool provided by my school's laptop program... it scans for viruses but it can't fix them...
Yes but does trend micro have real-time protection?
collegegirl
2008-12-29, 17:25
It does have real-time protection..
Then you will need to uninstall either avast! or trend-micro as only one antivirus should be active.
As trend-micro has been came from school, I suggest that you uninstall avast!
Post back a fresh HijackThis log afterwards, please.
collegegirl
2008-12-29, 17:37
Here's the new Hijack Log as requested! :-)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:35:18 AM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\TEMP\EM9802.EXE
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Trend Micro\HijackThis\College Girl.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\geBrpoMg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B6518BF3-7C38-48A8-ADFA-3EA48526F99F} - (no file)
O2 - BHO: (no name) - {EA3CDA4F-9828-4C6D-9CFC-03526CEF7C01} - (no file)
O2 - BHO: (no name) - {FF3E7744-19C3-444E-8B18-8BFD5AE998EA} - C:\WINDOWS\system32\pmnllmMg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Trend OfficeScan ImageSetup] "C:\Documents and Settings\All Users\Desktop\ImgSetup.exe" "/001f297b5af0" -HideWindow
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [1217baa6] rundll32.exe "C:\WINDOWS\system32\pljqliys.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.msoe.edu
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230138355390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230138348968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msoe.edu
O17 - HKLM\Software\..\Telephony: DomainName = msoe.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msoe.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: geBrpoMg - C:\WINDOWS\SYSTEM32\geBrpoMg.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12122 bytes
We will begin with ComboFix.
Please download ComboFix from one of these locations:
Link 1 (http://subs.geekstogo.com/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
collegegirl
2008-12-29, 20:20
Quick Question...
Every time I go to run Combofix I get a thing saying my Trend Micro Real Time Scanner is running.. I've disabled it in the system tray icon.. but it doesn't quit running apparently.. could this be because it is a network program?
It is possible.
Please try to run combofix in safe mode.
collegegirl
2008-12-29, 20:25
I can remove the office scan and reload it on the laptop from the network after the laptop is clean if that works... or do you just want my laptop brought up in safe mode and then run the combofix
Please try first in safe mode :)
collegegirl
2008-12-29, 20:42
Even with my laptop in safe mode it still comes up that the Trend Micro Scans are running when I try to run combo fix... any suggestions?
Then uninstallation is needed.
Combofix should run fine after that.
collegegirl
2008-12-29, 20:56
Sorry for being such a pain.. I really appreciate all your help..
But even after removing the Trend Micro Office Scan and restarting the laptop..I tried running combofix and it still says the scanner are activated..
anyways ideas?:sad:
Then we simply use something else :)
You can now reinstall trend micro.
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform Full Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Post:
- mbam log
- rsit logs (taken after mbam run)
collegegirl
2008-12-29, 21:54
Here is the MBAM
Malwarebytes' Anti-Malware 1.31
Database version: 1565
Windows 5.1.2600 Service Pack 3
12/29/2008 1:47:50 PM
mbam-log-2008-12-29 (13-47-50).txt
Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 264611
Time elapsed: 39 minute(s), 19 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 12
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 18
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\pljqliys.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnllmMg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\geBrpoMg.dll (Trojan.Vundo) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebrpomg (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f2ef5885-2963-43db-8186-b72db575d280} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{f2ef5885-2963-43db-8186-b72db575d280} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1217baa6 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\pmnllmmg -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\pmnllmmg -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\geBrpoMg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\pmnllmMg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\gMmllnmp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gMmllnmp.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bhomnsix.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xisnmohb.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pljqliys.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\syilqjlp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pqlhbyju.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ujybhlqp.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oxsncq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vemffnhc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hyvxnrfq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lijzzd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\fricka\Local Settings\Temporary Internet Files\Content.IE5\74NQ96VT\divx[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\fricka\Local Settings\Temporary Internet Files\Content.IE5\74NQ96VT\index[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\fricka\Local Settings\Temporary Internet Files\Content.IE5\885E3V63\upd105320[1] (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\fricka\Local Settings\Temporary Internet Files\Content.IE5\9S9YSNBC\load[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
collegegirl
2008-12-29, 21:56
The regular log from RSIT
Logfile of random's system information tool 1.05 (written by random/random)
Run by fricka at 2008-12-29 13:52:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (62%) free of 55 GB
Total RAM: 2047 MB (72% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:52:40 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\fricka\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\fricka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {B6518BF3-7C38-48A8-ADFA-3EA48526F99F} - (no file)
O2 - BHO: (no name) - {EA3CDA4F-9828-4C6D-9CFC-03526CEF7C01} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Trend OfficeScan ImageSetup] "C:\Documents and Settings\All Users\Desktop\ImgSetup.exe" "/001f297b5af0" -HideWindow
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.msoe.edu
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230138355390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230138348968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msoe.edu
O17 - HKLM\Software\..\Telephony: DomainName = msoe.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msoe.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11724 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6518BF3-7C38-48A8-ADFA-3EA48526F99F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA3CDA4F-9828-4C6D-9CFC-03526CEF7C01}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-03-19 13524992]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-03-19 86016]
"nwiz"=nwiz.exe /installquiet /nodetect []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"niDevMon"=C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [2007-12-23 106064]
"Trend OfficeScan ImageSetup"=C:\Documents and Settings\All Users\Desktop\ImgSetup.exe /001f297b5af0 -HideWindow []
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2008-08-05 709928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
C:\WINDOWS\system32\AccelerometerSt.exe [2007-01-24 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-05-03 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2008-10-06 793712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWWANGSAssistant]
c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files\PDF Complete\pdfsty.exe [2007-05-08 331552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1040384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IO Control.lnk]
C:\WINDOWS\Installer\{F1963EE1-2CB5-4032-97FF-842D4B8B622A}\Icon_iprocsvr.exe [2008-08-18 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PASPortal.lnk]
C:\WINDOWS\Installer\{ED6F9373-DE63-4E95-B751-B7D750A26382}\NewShortcut1.exe [2008-08-07 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-04-30 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2007-02-06 74240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=SbHpNp
ASWLNPkg
scecli
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\Updates for Images-July08\Absolute-DL\ctmweb.exe"="F:\Updates for Images-July08\Absolute-DL\ctmweb.exe:*:Enabled:ctmweb.exe"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Updates for Images-July08\Absolute-DL\ctmweb.exe"="F:\Updates for Images-July08\Absolute-DL\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9b28426-5865-11dd-bfac-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2008-12-29 13:52:33 ----D---- C:\rsit
2008-12-29 13:06:51 ----D---- C:\Documents and Settings\fricka\Application Data\Malwarebytes
2008-12-29 13:06:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 13:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 13:00:17 ----D---- C:\ComboFix
2008-12-29 12:54:16 ----D---- C:\ComboFix(3)
2008-12-29 12:37:56 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-29 12:17:40 ----D---- C:\ComboFix(2)
2008-12-29 09:45:01 ----D---- C:\WINDOWS\ERDNT
2008-12-29 09:45:01 ----D---- C:\Qoobox
2008-12-29 09:45:00 ----A---- C:\WINDOWS\system32\CF5482.exe
2008-12-24 11:01:31 ----SH---- C:\WINDOWS\system32\ujwqujht.ini
2008-12-24 10:59:43 ----SH---- C:\WINDOWS\system32\nisuevms.ini
2008-12-23 22:20:53 ----D---- C:\Program Files\Alwil Software
2008-12-22 20:50:33 ----D---- C:\Program Files\HijackThis
2008-12-22 20:50:22 ----D---- C:\VundoFix Backups
2008-12-22 20:50:22 ----A---- C:\VundoFix.txt
2008-12-22 20:49:53 ----D---- C:\Documents and Settings\fricka\Application Data\U3
2008-12-21 19:42:25 ----A---- C:\WINDOWS\wininit.ini
2008-12-21 19:20:20 ----A---- C:\WINDOWS\system32\19347ed8-.txt
2008-12-21 19:20:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-21 19:20:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 08:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-15 08:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-15 08:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-15 08:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-15 08:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-15 08:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-15 08:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-15 08:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-15 08:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-15 08:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-15 08:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-15 08:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-15 08:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-15 08:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-15 08:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-15 08:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-15 08:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-15 08:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-15 08:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-15 08:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-14 23:11:50 ----D---- C:\Program Files\Linksys EasyLink Advisor
2008-12-14 22:43:19 ----HD---- C:\Documents and Settings\fricka\Application Data\GTek
2008-12-14 22:42:59 ----AHD---- C:\Documents and Settings\All Users\Application Data\GTek
2008-12-14 15:55:08 ----D---- C:\WINDOWS\Sun
2008-12-14 15:32:20 ----A---- C:\WINDOWS\system32\IESEngineering04.dll
2008-12-14 15:32:13 ----A---- C:\WINDOWS\system32\IESData04.dll
2008-12-14 15:32:10 ----A---- C:\WINDOWS\system32\IESCore04.dll
2008-12-14 15:32:09 ----D---- C:\Program Files\Common Files\IES
2008-12-14 15:31:56 ----A---- C:\WINDOWS\system32\sowin1.dll
2008-12-14 15:31:55 ----A---- C:\WINDOWS\system32\simage1.dll
2008-12-14 15:31:39 ----A---- C:\WINDOWS\system32\coin2.dll
2008-12-14 15:31:38 ----A---- C:\WINDOWS\system32\vc6-re200l.dll
2008-12-14 15:31:36 ----A---- C:\WINDOWS\system32\sfl204as.dll
2008-12-14 15:31:27 ----A---- C:\WINDOWS\system32\og904as.dll
2008-12-14 15:31:23 ----D---- C:\Program Files\IES
2008-12-14 15:31:23 ----A---- C:\WINDOWS\system32\libmmd.dll
2008-12-14 15:31:21 ----A---- C:\WINDOWS\system32\libIEPCF90MD.dll
2008-12-14 15:31:19 ----A---- C:\WINDOWS\system32\libF90MD.dll
2008-12-14 15:31:15 ----A---- C:\WINDOWS\system32\Ter32.dll
2008-12-14 15:31:14 ----A---- C:\WINDOWS\system32\RWUXThemeS.dll
2008-12-14 15:31:13 ----A---- C:\WINDOWS\system32\Pgmr120.dll
2008-12-14 15:31:07 ----A---- C:\WINDOWS\system32\Pegrp32a.dll
2008-12-14 15:30:58 ----A---- C:\WINDOWS\system32\OT804as.dll
2008-12-14 15:26:11 ----D---- C:\Program Files\MSECache
2008-12-14 15:25:44 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-12-14 15:17:49 ----D---- C:\Program Files\The Weather Channel FW
2008-12-14 14:52:07 ----SHD---- C:\Config.Msi
2008-12-14 14:40:46 ----D---- C:\Documents and Settings\fricka\Application Data\acccore
2008-12-14 14:40:33 ----D---- C:\Program Files\Common Files\Software Update Utility
2008-12-14 14:40:30 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2008-12-14 14:40:29 ----D---- C:\Program Files\AIM Toolbar
2008-12-14 14:40:25 ----D---- C:\Program Files\Viewpoint
2008-12-14 14:40:25 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-14 14:40:24 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-14 14:40:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-12-14 14:40:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-14 14:40:06 ----D---- C:\Program Files\Common Files\AOL
2008-12-14 14:39:59 ----D---- C:\Program Files\AIM6
2008-12-14 14:00:55 ----ASH---- C:\Documents and Settings\fricka\Application Data\desktop.ini
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Macromedia
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\InstallShield
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Identities
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\hpqLog
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Help
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Design Science
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Autodesk
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Apple Computer
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Adobe
2008-12-14 14:00:48 ----SD---- C:\Documents and Settings\fricka\Application Data\Microsoft
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Windows Search
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Windows Desktop Search
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Sun
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\SampleView
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Roxio
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\National Instruments
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Mozilla
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\MathWorks
2008-12-14 14:00:38 ----D---- C:\WINDOWS\SchCache
2008-12-14 12:21:38 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2008-12-29 13:51:22 ----D---- C:\WINDOWS\Temp
2008-12-29 13:50:46 ----D---- C:\Program Files\Mozilla Firefox
2008-12-29 13:49:52 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-29 13:49:48 ----D---- C:\WINDOWS
2008-12-29 13:49:48 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2008-12-29 13:49:48 ----A---- C:\WINDOWS\pxisys.ini
2008-12-29 13:49:48 ----A---- C:\WINDOWS\pxiesys.ini
2008-12-29 13:49:46 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-29 13:49:46 ----A---- C:\WINDOWS\system32\rpcnet.dll
2008-12-29 13:49:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-29 13:49:01 ----D---- C:\WINDOWS\system32
2008-12-29 13:48:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-29 13:47:50 ----RD---- C:\Program Files
2008-12-29 13:03:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-29 13:02:14 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2008-12-29 13:00:42 ----D---- C:\WINDOWS\system32\config
2008-12-29 13:00:25 ----D---- C:\WINDOWS\system32\wbem
2008-12-29 13:00:24 ----D---- C:\WINDOWS\Registration
2008-12-29 13:00:13 ----HD---- C:\WINDOWS\inf
2008-12-29 12:48:50 ----D---- C:\Program Files\Trend Micro
2008-12-29 12:28:03 ----D---- C:\WINDOWS\system32\Restore
2008-12-29 09:45:15 ----D---- C:\WINDOWS\Prefetch
2008-12-29 09:45:05 ----SHD---- C:\System Volume Information
2008-12-24 15:22:43 ----SHD---- C:\WINDOWS\CSC
2008-12-24 15:05:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-24 11:06:27 ----D---- C:\WINDOWS\Help
2008-12-24 11:06:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-24 11:03:38 ----SHD---- C:\WINDOWS\Installer
2008-12-24 11:00:10 ----SD---- C:\WINDOWS\Tasks
2008-12-22 20:43:31 ----RASH---- C:\boot.ini
2008-12-22 20:43:31 ----A---- C:\WINDOWS\win.ini
2008-12-22 20:43:31 ----A---- C:\WINDOWS\system.ini
2008-12-19 08:11:53 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 08:11:45 ----D---- C:\WINDOWS\ie7updates
2008-12-19 08:11:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 15:41:54 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-12-16 21:50:45 ----D---- C:\WINDOWS\system32\Macromed
2008-12-15 08:14:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-15 08:13:46 ----D---- C:\Program Files\Messenger
2008-12-15 08:12:52 ----D---- C:\Program Files\Internet Explorer
2008-12-15 08:07:54 ----RSD---- C:\WINDOWS\assembly
2008-12-15 08:05:40 ----D---- C:\WINDOWS\WinSxS
2008-12-14 22:44:58 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-14 15:32:09 ----D---- C:\Program Files\Common Files
2008-12-14 15:30:51 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 14:34:07 ----SHD---- C:\RECYCLER
2008-12-14 14:01:21 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-14 14:00:45 ----D---- C:\Documents and Settings
2008-12-14 13:59:16 ----D---- C:\WINDOWS\Debug
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-26 5808]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-08-05 72072]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-10-23 4096]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 niarbk;niarbk; C:\WINDOWS\system32\drivers\niarbk.dll [2007-04-16 37376]
R2 nibffrk;nibffrk; C:\WINDOWS\system32\drivers\nibffrk.dll [2007-04-16 21504]
R2 Nidaq32k;Nidaq32k; C:\WINDOWS\system32\drivers\Nidaq32k.sys [2007-04-16 674304]
R2 nidmmk;NI DMM and Data Logger Kernel Driver; C:\WINDOWS\system32\drivers\nidmmk.dll [2007-04-16 50688]
R2 nimdsk;nimdsk; C:\WINDOWS\system32\drivers\nimdsk.dll [2007-04-16 30208]
R2 nipxirmk;nipxirmk; \??\C:\WINDOWS\system32\drivers\nipxirmkl.sys []
R2 nistck;nistck; C:\WINDOWS\system32\drivers\nistck.dll [2007-04-16 111616]
R2 NiViPxiK;NI-VISA PXI Driver; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [2008-01-10 11360]
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-03-01 289792]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-12-10 879624]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-12-10 74688]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-02-07 242320]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-10-16 989312]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-10-16 211200]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-04-04 41216]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2008-03-13 2530176]
R3 nidimk;nidimk; \??\C:\WINDOWS\system32\drivers\nidimkl.sys []
R3 nimdbgk;nimdbgk; \??\C:\WINDOWS\system32\drivers\nimdbgkl.sys []
R3 nimru2k;nimru2k; \??\C:\WINDOWS\system32\drivers\nimru2kl.sys []
R3 nimstsk;nimstsk; \??\C:\WINDOWS\system32\drivers\nimstskl.sys []
R3 nimxdfk;nimxdfk; \??\C:\WINDOWS\system32\drivers\nimxdfkl.sys []
R3 niorbk;niorbk; \??\C:\WINDOWS\system32\drivers\niorbkl.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-03-19 6547488]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-19 47616]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-08-05 335888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-10-16 731136]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008]
S3 lvalarmk;lvalarmk; \??\C:\WINDOWS\system32\drivers\lvalarmk.sys []
S3 ni1006k;NI PXI-1006 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1006k.sys []
S3 ni1045k;NI PXI-1045 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1045kl.sys []
S3 ni1065k;NI PXIe-1065 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1065k.sys []
S3 ni488lock;NI-488.2 Locking Service; \??\C:\WINDOWS\system32\drivers\ni488lock.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nicdrk;nicdrk; \??\C:\WINDOWS\system32\drivers\nicdrkl.sys []
S3 nicsrk;nicsrk; \??\C:\WINDOWS\system32\drivers\nicsrkl.sys []
S3 nidmxfk;nidmxfk; \??\C:\WINDOWS\system32\drivers\nidmxfkl.sys []
S3 nidsark;nidsark; \??\C:\WINDOWS\system32\drivers\nidsarkl.sys []
S3 nidwgk;nidwgk; \??\C:\WINDOWS\system32\drivers\nidwgkl.sys []
S3 niemrk;niemrk; \??\C:\WINDOWS\system32\drivers\niemrkl.sys []
S3 niesrk;niesrk; \??\C:\WINDOWS\system32\drivers\niesrkl.sys []
S3 nifslk;nifslk; \??\C:\WINDOWS\system32\drivers\nifslkl.sys []
S3 nigplk;nigplk; \??\C:\WINDOWS\system32\drivers\nigplkl.sys []
S3 nihsdrk;nihsdrk; \??\C:\WINDOWS\system32\drivers\nihsdrkl.sys []
S3 nimsdrk;nimsdrk; \??\C:\WINDOWS\system32\drivers\nimsdrkl.sys []
S3 nimslk;nimslk; \??\C:\WINDOWS\system32\drivers\nimslk.dll []
S3 nimsrlk;nimsrlk; \??\C:\WINDOWS\system32\drivers\nimsrlk.dll []
S3 nimxpk;nimxpk; \??\C:\WINDOWS\system32\drivers\nimxpkl.sys []
S3 ninshsdk;ninshsdk; \??\C:\WINDOWS\system32\drivers\ninshsdkl.sys []
S3 nipalfwedl;nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [2007-12-12 11904]
S3 nipalusbedl;nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [2007-12-12 11896]
S3 nipsdk;nipsdk; \??\C:\WINDOWS\system32\drivers\nipsdkl.sys []
S3 nipxigpk;NI PXI Generic Chassis Pilot; \??\C:\WINDOWS\system32\drivers\nipxigpk.sys []
S3 nirfsa2k;nirfsa2k; \??\C:\WINDOWS\system32\drivers\nirfsa2kl.sys []
S3 niscdk;niscdk; \??\C:\WINDOWS\system32\drivers\niscdkl.sys []
S3 nisdigk;nisdigk; \??\C:\WINDOWS\system32\drivers\nisdigkl.sys []
S3 nisftk;nisftk; \??\C:\WINDOWS\system32\drivers\nisftkl.sys []
S3 nisldk;nisldk; \??\C:\WINDOWS\system32\drivers\nisldkl.sys []
S3 nispdk;nispdk; \??\C:\WINDOWS\system32\drivers\nispdkl.sys []
S3 nisrcdk;nisrcdk; \??\C:\WINDOWS\system32\drivers\nisrcdkl.sys []
S3 nissrk;nissrk; \??\C:\WINDOWS\system32\drivers\nissrkl.sys []
S3 nistc2k;nistc2k; \??\C:\WINDOWS\system32\drivers\nistc2kl.sys []
S3 nistcrk;nistcrk; \??\C:\WINDOWS\system32\drivers\nistcrkl.sys []
S3 niswdk;niswdk; \??\C:\WINDOWS\system32\drivers\niswdkl.sys []
S3 nitiork;nitiork; \??\C:\WINDOWS\system32\drivers\nitiorkl.sys []
S3 nitnr2k;nitnr2k; \??\C:\WINDOWS\system32\drivers\nitnr2kl.sys []
S3 niufurk;niufurk; \??\C:\WINDOWS\system32\drivers\niufurkl.sys []
S3 NiViFWK;NI-VISA FireWire Driver; C:\WINDOWS\System32\drivers\NiViFWKl.sys [2007-07-19 11384]
S3 NiViPciK;NI-VISA PCI Driver; C:\WINDOWS\System32\drivers\NiViPciKl.sys [2008-01-10 11360]
S3 niwfrk;niwfrk; \??\C:\WINDOWS\system32\drivers\niwfrkl.sys []
S3 nixsrk;nixsrk; \??\C:\WINDOWS\system32\drivers\nixsrkl.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 usb6xxxk;usb6xxxk; \??\C:\WINDOWS\system32\drivers\usb6xxxkl.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-12-06 264800]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-27 221184]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2007-12-05 144688]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2007-11-27 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2007-11-27 40488]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2007-11-27 50736]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2007-08-03 12696]
R2 ni488enumsvc;NI-488.2 Enumeration Service; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 nidevldu;NI Device Loader; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2007-11-27 213552]
R2 nipxirmu;NI PXI Resource Manager; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2007-07-19 48704]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2007-12-06 609384]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-03-19 155716]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2008-08-06 47104]
R2 SWIHPWMI;SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-08-05 906536]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-08-18 85096]
S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2007-02-12 902760]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-04-30 172131]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2007-10-31 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S3 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2008-08-05 984360]
S3 TmPfw;OfficeScan NT Firewall; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [2008-08-05 488768]
S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-08-05 652552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2007-05-09 98304]
-----------------EOF-----------------
collegegirl
2008-12-29, 21:57
And the info log from RSIT!!
info.txt logfile of random's system information tool 1.05 2008-12-29 13:52:43
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DA0D0AE-39E4-4F89-8810-58D05967E9A0}
-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {04EE44BC-E5F4-4732-9D75-B2011EAEF409}
-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {8EDBB784-F7C7-4954-ACC2-0D3C5F9645E3}
-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->MsiExec.exe /I{B61B6668-A674-4A06-8405-51944D5CCDDD}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Agilent Intuilink-->MsiExec.exe /I{F1963EE1-2CB5-4032-97FF-842D4B8B622A}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AIM Toolbar-->"C:\Program Files\AIM Toolbar\uninstall.exe"
Apple Mobile Device Support-->MsiExec.exe /I{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Application Installer 4.00.B14-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70CEFEBA-F757-4DBE-8A21-027C326137CE}\SETUP.EXE" -l0x9
AutoCAD 2008 - English-->C:\Program Files\AutoCAD 2008\Setup\Setup.exe /P {5783F2D7-6001-0409-0002-0060B0CE6BBA} /M ACAD
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
BIOS Configuration for HP ProtectTools-->MsiExec.exe /X{C74D0FA0-1D49-464F-A707-B427EE3385C1}
Credential Manager for HP ProtectTools-->MsiExec.exe /X{BE41F3D2-FC73-4C3E-A2C2-5D2B08A5B2D0}
DataStudio-->"C:\Program Files\InstallShield Installation Information\{ED6F9373-DE63-4E95-B751-B7D750A26382}\setup.exe" -runfromtemp -l0x0409 -removeonly
DataStudio-->MsiExec.exe /I{ED6F9373-DE63-4E95-B751-B7D750A26382}
DataStudioV198r3-LicenseKeys-->MsiExec.exe /I{2EF6470F-2A12-469B-9A3E-5E66B3FB2754}
Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HI-TECH C51-lite V9.60PL0-->"C:\Program Files\HI-TECH Software\HC51\lite\9.60\resources\setup.exe"
HI-TECH PICC lite V9.60PL0-->"C:\Program Files\HI-TECH Software\PICC\lite\9.60\resources\setup.exe"
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP 3D DriveGuard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{429E92A4-159F-4AEC-85A1-D693E1E4274D}\setup.exe" -l0x9 UNINSTALL
HP Broadband Wireless Modules-->MsiExec.exe /X{773D6C77-4A5A-45C4-B4DE-3B6DAB4785BC}
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP ProtectTools Security Manager-->MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.40 B2-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 -removeonly uninst
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HP User Guide Bluetooth Addendum 0062-->MsiExec.exe /I{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}
HP User Guides 0061-->MsiExec.exe /I{ADA35685-E6DC-42F2-807E-312AD0D18AA6}
HP Wireless Assistant-->MsiExec.exe /I{D32067CD-7409-4792-BFA0-1469BCD8F0C8}
HP WWAN Setup Utility-->MsiExec.exe /X{8F67CD1C-DF0B-400D-B611-A01A7C8D46B5}
Intel(R) Network Connections Drivers-->Prounstl.exe
InterVideo WinDVD 8-->C:\Program Files\InstallShield Installation Information\{20471B27-D702-4FE8-8DEC-0702CC8C0A85}\setup.exe -runfromtemp -l0x0409
IVI Shared Components-->CleanupUtility.exe /fromARP
IVI VISA COM Standard Components-->C:\PROGRA~1\VISA-COM\IVI_VI~1.EXE /fromARP
IVI VISA COM Standard Components-->MsiExec.exe /I{D2533218-3B3D-46C6-ABAA-898EB2908589}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Linksys EasyLink Advisor 1.6 (0032)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathType6-->MsiExec.exe /I{6BC27BC5-4DC2-4AB0-B324-70E8265251FA}
MATLAB R2008a-->C:\MATLAB\R2008a\uninstall\uninstall.exe C:\MATLAB\R2008a\
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Project 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {C1877F6E-C1C8-486D-A697-86431029690C}
Microsoft Office Project 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-00B4-0409-0000-0000000FF1CE} /uninstall {75EC8FFC-B913-4991-B3A1-22576D2FC45D}
Microsoft Office Project MUI (English) 2007-->MsiExec.exe /X{90120000-00B4-0409-0000-0000000FF1CE}
Microsoft Office Project Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJPRO /dll OSETUP.DLL
Microsoft Office Project Professional 2007-->MsiExec.exe /X{90120000-003B-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}
Microsoft Office Visio 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-0054-0409-0000-0000000FF1CE} /uninstall {EA35370F-586C-45E1-AC6C-A4E275C6B762}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPRO /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{90120000-0051-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
National Instruments Software-->"C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
PDF Complete-->C:\Program Files\PDF Complete\pdfiutil.exe /UGUI
PDFCreator-->MsiExec.exe /I{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}
PowerArchiver-->MsiExec.exe /I{B92D093C-523F-49F7-BBB0-8E486F552EBF}
PSpice Student 9.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\OrCAD_Demo\DeIsL1.isu"
PuTTY version 0.60-->"C:\Program Files\PuTTY-SSH\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Revit Architecture 2008-->MsiExec.exe /X{4A11206C-4377-49E8-911E-B11548658FF3}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /I{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Project 2007 (KB949046)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {B14B8A2C-6EB4-4FB6-B589-F6A5ABEC5B00}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Visio 2007 (KB947590)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {199018BD-578E-44BD-A28F-7F944931CABD}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795\UIU32m.exe -U -IhpqZ3795.INF
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x9 -removeonly
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Weather Channel Desktop 6-->C:\Program Files\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe
Trend Micro OfficeScan Client-->"C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-003B-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0051-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VA55LicenseKey-->MsiExec.exe /I{0AE8F9EE-FF60-4DE7-8E6E-844471F219B9}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VisualAnalysis 5.5 Edu-->C:\Program Files\InstallShield Installation Information\{ADC5CFE0-C247-4F7E-9D13-C3D3426973C4}\setup.exe -runfromtemp -l0x0009 -removeonly
Windows Driver Package - Intel (NETw4x32) net (03/13/2008 11.5.1.15)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4x32_21C0199BF50662EE493A66C790D8938F76DE5E41\netw4x32.inf
Windows Driver Package - Intel (w29n51) net (12/19/2007 9.0.4.39)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.inf
Windows Driver Package - Intel net (03/13/2008 11.5.1.15)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst32.EXE /u C:\WINDOWS\system32\DRVSTORE\netw4k32_C857013C12E9C9273689AE0C204C2E76D45D888E\netw4k32.inf
Windows Driver Package - PASCO Scientific (PASCO) USB (01/17/2004 1.9.0.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\DpInst.exe /u C:\WINDOWS\system32\DRVSTORE\pssensor_AB977CA22EF595E0C55853EB3FBFFFD950ACC82C\pssensor.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinSCP 4.1.5-->"C:\Program Files\WinSCP\unins000.exe"
Wookie-->MsiExec.exe /I{EEFCFE8B-6D9D-41EA-866C-759EDF8BE3EE}
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
======Security center information======
AV: Trend Micro OfficeScan Antivirus
AV: Trend Micro OfficeScan Antivirus
AV: Trend Micro OfficeScan Antivirus
AV: Trend Micro OfficeScan Antivirus
AV: Trend Micro OfficeScan Antivirus
AV: Trend Micro OfficeScan Antivirus
AV: Trend Micro OfficeScan Antivirus
FW: Trend Micro Personal Firewall
System event log
Computer Name: MSOE-0123456789
Event Code: 7036
Message: The SSDP Discovery Service service entered the running state.
Record Number: 2548
Source Name: Service Control Manager
Time Written: 20080820192752.000000-300
Event Type: information
User:
Computer Name: MSOE-0123456789
Event Code: 7035
Message: The SSDP Discovery Service service was successfully sent a start control.
Record Number: 2547
Source Name: Service Control Manager
Time Written: 20080820192752.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: MSOE-0123456789
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 2546
Source Name: Windows Update Agent
Time Written: 20080820192747.000000-300
Event Type: error
User:
Computer Name: MSOE-0123456789
Event Code: 7036
Message: The service entered the Intel(R) Wireless WiFi Link 4965AGN state.
Record Number: 2545
Source Name: NETw4x32
Time Written: 20080820192719.000000-300
Event Type: information
User:
Computer Name: MSOE-0123456789
Event Code: 7036
Message: The Computer Browser service entered the stopped state.
Record Number: 2544
Source Name: Service Control Manager
Time Written: 20080820192706.000000-300
Event Type: information
User:
Application event log
Computer Name: MSOE-0123456789
Event Code: 11707
Message: Product: NI Measurements eXtensions for PAL 1.8.0 -- Installation operation completed successfully.
Record Number: 1640
Source Name: MsiInstaller
Time Written: 20080818145604.000000-300
Event Type: information
User:
Computer Name: MSOE-0123456789
Event Code: 11707
Message: Product: NI-MXLC 1.1.0f0 -- Installation operation completed successfully.
Record Number: 1639
Source Name: MsiInstaller
Time Written: 20080818145600.000000-300
Event Type: information
User:
Computer Name: MSOE-0123456789
Event Code: 11707
Message: Product: NI-MXDF 1.9.0f0 -- Installation operation completed successfully.
Record Number: 1638
Source Name: MsiInstaller
Time Written: 20080818145554.000000-300
Event Type: information
User:
Computer Name: MSOE-0123456789
Event Code: 11707
Message: Product: NI-MRU 2.9.0f0 -- Installation operation completed successfully.
Record Number: 1637
Source Name: MsiInstaller
Time Written: 20080818145549.000000-300
Event Type: information
User:
Computer Name: MSOE-0123456789
Event Code: 11707
Message: Product: NI MIO Device Drivers 1.14.1 -- Installation operation completed successfully.
Record Number: 1636
Source Name: MsiInstaller
Time Written: 20080818145544.000000-300
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;C:\Program Files\Hewlett-Packard\IAM\bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\IVI\bin;C:\VXIPNP\WinNT\Bin;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ATI Technologies\Fire GL 3D Studio Max;C:\Program Files\cvsnt;C:\VXIPNP\winnt\agvisa;C:\MATLAB\R2008a\bin;C:\MATLAB\R2008a\bin\win32;C:\Program Files\Common Files\Autodesk Shared;d\IAM\bin;nStudio\5.5\ConflictSolver;%%%%%%%%SystemRoot%%%%%%%%\system32\nls\ENGLISH;C:\Program Files\eInstruction\CPS PowerPoint Add-in;%%%%%%%%%%%%%%%%SystemRoot%%%%%%%%%%%%%%%%\system32\nls\ENGLISH;C:\Program Files\Novell\ZENworks;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Primavera\Expedition;C:\Program Files\Sybase\SQL Anywhere 7\win32;C:\Program Files\Sybase\Shared\win32;C:\Program Files\Sybase\Shared\Sybase Central 4.0\java;C:\Program Files\InstallShield\AdminStudio\5.5\ConflictSolver;C:\WINDOWS\system32\nls;C:\WINDOWS\system32\nls\ENGLISH;C:\ProeWFv2\bin;C:\ProeMech\bin;C:\Program Files\VISA\winnt\bin;C:\Program Files\VISA\winnt\agvisa
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=BNB
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"KMP_DUPLICATE_LIB_OK"=TRUE
"MKL_SERIAL"=YES
"VXIPNPPATH"=C:\VXIPNP\
"NIDAQmxSwitchDir"=C:\Program Files\National Instruments\NI-DAQ\Switch\
"NIIVIPATH"=C:\Program Files\IVI\
-----------------EOF-----------------
Thanks!!!
Looks better :)
Download ERUNT from Derfisch (http://www.derfisch.de/lars/erunt-setup.exe) or MVPS (http://dundats.mvps.org/Files/erunt-setup.exe) and save it to your desktop.
Please follow Step 4 onwards of the Installing & Using ERUNT (http://www.silentrunners.org/sr_eruntuse.html) to back up your registry. Skip Step 19 for now.
Please download the OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe).
Save it to your desktop.
Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:files
C:\WINDOWS\system32\ujwqujht.ini
C:\WINDOWS\system32\nisuevms.ini
C:\WINDOWS\system32\19347ed8-.txt
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6518BF3-7C38-48A8-ADFA-3EA48526F99F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA3CDA4F-9828-4C6D-9CFC-03526CEF7C01}]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
:commands
[EmptyTemp]
[reboot]
Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Re-run rsit.
Post:
- a fresh rsit log (only log.txt will appear)
- otmoveit3 log
collegegirl
2008-12-29, 22:20
Here is the Otmoveit log
========== FILES ==========
C:\WINDOWS\system32\ujwqujht.ini moved successfully.
C:\WINDOWS\system32\nisuevms.ini moved successfully.
C:\WINDOWS\system32\19347ed8-.txt moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6518BF3-7C38-48A8-ADFA-3EA48526F99F}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA3CDA4F-9828-4C6D-9CFC-03526CEF7C01}\\ deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\fricka\LOCALS~1\Temp\etilqs_zGuJO6pTa0TkU2njbBOw scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12292008_141323
Files moved on Reboot...
File C:\DOCUME~1\fricka\LOCALS~1\Temp\etilqs_zGuJO6pTa0TkU2njbBOw not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\fricka\Local Settings\Application Data\Mozilla\Firefox\Profiles\x1ajrmmv.default\XUL.mfl moved successfully.
and the RSIT log
Logfile of random's system information tool 1.05 (written by random/random)
Run by fricka at 2008-12-29 14:19:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (62%) free of 55 GB
Total RAM: 2047 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:03 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\fricka\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\fricka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Trend OfficeScan ImageSetup] "C:\Documents and Settings\All Users\Desktop\ImgSetup.exe" "/001f297b5af0" -HideWindow
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.msoe.edu
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230138355390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230138348968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msoe.edu
O17 - HKLM\Software\..\Telephony: DomainName = msoe.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msoe.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11611 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-07-07 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-03-19 13524992]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-03-19 86016]
"nwiz"=nwiz.exe /installquiet /nodetect []
"MsmqIntCert"=regsvr32 /s mqrt.dll []
"niDevMon"=C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe [2007-12-23 106064]
"Trend OfficeScan ImageSetup"=C:\Documents and Settings\All Users\Desktop\ImgSetup.exe /001f297b5af0 -HideWindow []
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2008-08-05 709928]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AccelerometerSysTrayApplet]
C:\WINDOWS\system32\AccelerometerSt.exe [2007-01-24 124928]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-10 116040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-05-03 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6]
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2008-10-06 793712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2005-02-17 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWWANGSAssistant]
c:\SWSetup\HPQWWAN\HPWWanGSAssistant.exe /TrayMode []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-04-19 484904]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files\PDF Complete\pdfsty.exe [2007-05-08 331552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-11-06 177456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-07-07 2156368]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1040384]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IO Control.lnk]
C:\WINDOWS\Installer\{F1963EE1-2CB5-4032-97FF-842D4B8B622A}\Icon_iprocsvr.exe [2008-08-18 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PASPortal.lnk]
C:\WINDOWS\Installer\{ED6F9373-DE63-4E95-B751-B7D750A26382}\NewShortcut1.exe [2008-08-07 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-04-30 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2007-02-06 74240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=SbHpNp
ASWLNPkg
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"F:\Updates for Images-July08\Absolute-DL\ctmweb.exe"="F:\Updates for Images-July08\Absolute-DL\ctmweb.exe:*:Enabled:ctmweb.exe"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Updates for Images-July08\Absolute-DL\ctmweb.exe"="F:\Updates for Images-July08\Absolute-DL\ctmweb.exe:*:Enabled:ctmweb Computrace Installation/Management Application"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9b28426-5865-11dd-bfac-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
======File associations======
.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2008-12-29 14:13:23 ----D---- C:\_OTMoveIt
2008-12-29 14:12:03 ----D---- C:\Program Files\ERUNT
2008-12-29 13:52:33 ----D---- C:\rsit
2008-12-29 13:06:51 ----D---- C:\Documents and Settings\fricka\Application Data\Malwarebytes
2008-12-29 13:06:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-29 13:06:45 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 13:00:17 ----D---- C:\ComboFix
2008-12-29 12:54:16 ----D---- C:\ComboFix(3)
2008-12-29 12:37:56 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-29 12:17:40 ----D---- C:\ComboFix(2)
2008-12-29 09:45:01 ----D---- C:\WINDOWS\ERDNT
2008-12-29 09:45:01 ----D---- C:\Qoobox
2008-12-29 09:45:00 ----A---- C:\WINDOWS\system32\CF5482.exe
2008-12-23 22:20:53 ----D---- C:\Program Files\Alwil Software
2008-12-22 20:50:33 ----D---- C:\Program Files\HijackThis
2008-12-22 20:50:22 ----D---- C:\VundoFix Backups
2008-12-22 20:50:22 ----A---- C:\VundoFix.txt
2008-12-22 20:49:53 ----D---- C:\Documents and Settings\fricka\Application Data\U3
2008-12-21 19:42:25 ----A---- C:\WINDOWS\wininit.ini
2008-12-21 19:20:12 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-21 19:20:12 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 08:14:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-15 08:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-15 08:13:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-15 08:13:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-15 08:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-15 08:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-15 08:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-15 08:09:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-15 08:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-15 08:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-15 08:07:18 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-15 08:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-15 08:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-15 08:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-15 08:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-15 08:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-15 08:05:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-15 08:04:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-15 08:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-15 08:04:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-12-14 23:11:50 ----D---- C:\Program Files\Linksys EasyLink Advisor
2008-12-14 22:43:19 ----HD---- C:\Documents and Settings\fricka\Application Data\GTek
2008-12-14 22:42:59 ----AHD---- C:\Documents and Settings\All Users\Application Data\GTek
2008-12-14 15:55:08 ----D---- C:\WINDOWS\Sun
2008-12-14 15:32:20 ----A---- C:\WINDOWS\system32\IESEngineering04.dll
2008-12-14 15:32:13 ----A---- C:\WINDOWS\system32\IESData04.dll
2008-12-14 15:32:10 ----A---- C:\WINDOWS\system32\IESCore04.dll
2008-12-14 15:32:09 ----D---- C:\Program Files\Common Files\IES
2008-12-14 15:31:56 ----A---- C:\WINDOWS\system32\sowin1.dll
2008-12-14 15:31:55 ----A---- C:\WINDOWS\system32\simage1.dll
2008-12-14 15:31:39 ----A---- C:\WINDOWS\system32\coin2.dll
2008-12-14 15:31:38 ----A---- C:\WINDOWS\system32\vc6-re200l.dll
2008-12-14 15:31:36 ----A---- C:\WINDOWS\system32\sfl204as.dll
2008-12-14 15:31:27 ----A---- C:\WINDOWS\system32\og904as.dll
2008-12-14 15:31:23 ----D---- C:\Program Files\IES
2008-12-14 15:31:23 ----A---- C:\WINDOWS\system32\libmmd.dll
2008-12-14 15:31:21 ----A---- C:\WINDOWS\system32\libIEPCF90MD.dll
2008-12-14 15:31:19 ----A---- C:\WINDOWS\system32\libF90MD.dll
2008-12-14 15:31:15 ----A---- C:\WINDOWS\system32\Ter32.dll
2008-12-14 15:31:14 ----A---- C:\WINDOWS\system32\RWUXThemeS.dll
2008-12-14 15:31:13 ----A---- C:\WINDOWS\system32\Pgmr120.dll
2008-12-14 15:31:07 ----A---- C:\WINDOWS\system32\Pegrp32a.dll
2008-12-14 15:30:58 ----A---- C:\WINDOWS\system32\OT804as.dll
2008-12-14 15:26:11 ----D---- C:\Program Files\MSECache
2008-12-14 15:25:44 ----D---- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-12-14 15:17:49 ----D---- C:\Program Files\The Weather Channel FW
2008-12-14 14:52:07 ----SHD---- C:\Config.Msi
2008-12-14 14:40:46 ----D---- C:\Documents and Settings\fricka\Application Data\acccore
2008-12-14 14:40:33 ----D---- C:\Program Files\Common Files\Software Update Utility
2008-12-14 14:40:30 ----D---- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
2008-12-14 14:40:29 ----D---- C:\Program Files\AIM Toolbar
2008-12-14 14:40:25 ----D---- C:\Program Files\Viewpoint
2008-12-14 14:40:25 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-12-14 14:40:24 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2008-12-14 14:40:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-12-14 14:40:19 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2008-12-14 14:40:06 ----D---- C:\Program Files\Common Files\AOL
2008-12-14 14:39:59 ----D---- C:\Program Files\AIM6
2008-12-14 14:00:55 ----ASH---- C:\Documents and Settings\fricka\Application Data\desktop.ini
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Macromedia
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\InstallShield
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Identities
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\hpqLog
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Help
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Design Science
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Autodesk
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Apple Computer
2008-12-14 14:00:49 ----D---- C:\Documents and Settings\fricka\Application Data\Adobe
2008-12-14 14:00:48 ----SD---- C:\Documents and Settings\fricka\Application Data\Microsoft
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Windows Search
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Windows Desktop Search
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Sun
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\SampleView
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Roxio
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\National Instruments
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\Mozilla
2008-12-14 14:00:48 ----D---- C:\Documents and Settings\fricka\Application Data\MathWorks
2008-12-14 14:00:38 ----D---- C:\WINDOWS\SchCache
2008-12-14 12:21:38 ----D---- C:\WINDOWS\Minidump
======List of files/folders modified in the last 1 months======
2008-12-29 14:18:51 ----D---- C:\WINDOWS\Temp
2008-12-29 14:17:29 ----D---- C:\Program Files\Mozilla Firefox
2008-12-29 14:17:21 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-29 14:17:17 ----D---- C:\WINDOWS
2008-12-29 14:17:17 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2008-12-29 14:17:17 ----A---- C:\WINDOWS\pxisys.ini
2008-12-29 14:17:17 ----A---- C:\WINDOWS\pxiesys.ini
2008-12-29 14:17:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-29 14:17:15 ----A---- C:\WINDOWS\system32\rpcnet.dll
2008-12-29 14:15:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-29 14:13:23 ----D---- C:\WINDOWS\system32
2008-12-29 14:12:03 ----RD---- C:\Program Files
2008-12-29 13:49:01 ----D---- C:\WINDOWS\system32\drivers
2008-12-29 13:03:01 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-29 13:02:14 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2008-12-29 13:00:42 ----D---- C:\WINDOWS\system32\config
2008-12-29 13:00:25 ----D---- C:\WINDOWS\system32\wbem
2008-12-29 13:00:24 ----D---- C:\WINDOWS\Registration
2008-12-29 13:00:13 ----HD---- C:\WINDOWS\inf
2008-12-29 12:48:50 ----D---- C:\Program Files\Trend Micro
2008-12-29 12:28:03 ----D---- C:\WINDOWS\system32\Restore
2008-12-29 09:45:15 ----D---- C:\WINDOWS\Prefetch
2008-12-29 09:45:05 ----SHD---- C:\System Volume Information
2008-12-24 15:22:43 ----SHD---- C:\WINDOWS\CSC
2008-12-24 15:05:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-24 11:06:27 ----D---- C:\WINDOWS\Help
2008-12-24 11:06:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-24 11:03:38 ----SHD---- C:\WINDOWS\Installer
2008-12-24 11:00:10 ----SD---- C:\WINDOWS\Tasks
2008-12-22 20:43:31 ----RASH---- C:\boot.ini
2008-12-22 20:43:31 ----A---- C:\WINDOWS\win.ini
2008-12-22 20:43:31 ----A---- C:\WINDOWS\system.ini
2008-12-19 08:11:53 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 08:11:45 ----D---- C:\WINDOWS\ie7updates
2008-12-19 08:11:37 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-18 15:41:54 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2008-12-16 21:50:45 ----D---- C:\WINDOWS\system32\Macromed
2008-12-15 08:14:01 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-15 08:13:46 ----D---- C:\Program Files\Messenger
2008-12-15 08:12:52 ----D---- C:\Program Files\Internet Explorer
2008-12-15 08:07:54 ----RSD---- C:\WINDOWS\assembly
2008-12-15 08:05:40 ----D---- C:\WINDOWS\WinSxS
2008-12-14 22:44:58 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-14 15:32:09 ----D---- C:\Program Files\Common Files
2008-12-14 15:30:51 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-14 14:34:07 ----SHD---- C:\RECYCLER
2008-12-14 14:01:21 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-14 14:00:45 ----D---- C:\Documents and Settings
2008-12-14 13:59:16 ----D---- C:\WINDOWS\Debug
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-26 5808]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-08-05 72072]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-10-23 4096]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 niarbk;niarbk; C:\WINDOWS\system32\drivers\niarbk.dll [2007-04-16 37376]
R2 nibffrk;nibffrk; C:\WINDOWS\system32\drivers\nibffrk.dll [2007-04-16 21504]
R2 Nidaq32k;Nidaq32k; C:\WINDOWS\system32\drivers\Nidaq32k.sys [2007-04-16 674304]
R2 nidmmk;NI DMM and Data Logger Kernel Driver; C:\WINDOWS\system32\drivers\nidmmk.dll [2007-04-16 50688]
R2 nimdsk;nimdsk; C:\WINDOWS\system32\drivers\nimdsk.dll [2007-04-16 30208]
R2 nipxirmk;nipxirmk; \??\C:\WINDOWS\system32\drivers\nipxirmkl.sys []
R2 nistck;nistck; C:\WINDOWS\system32\drivers\nistck.dll [2007-04-16 111616]
R2 NiViPxiK;NI-VISA PXI Driver; C:\WINDOWS\System32\drivers\NiViPxiKl.sys [2008-01-10 11360]
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-03-01 289792]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-12-10 879624]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-12-10 74688]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-02-07 242320]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-10-16 989312]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-10-16 211200]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-04-04 41216]
R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\system32\drivers\mqac.sys []
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2008-03-13 2530176]
R3 nidimk;nidimk; \??\C:\WINDOWS\system32\drivers\nidimkl.sys []
R3 nimdbgk;nimdbgk; \??\C:\WINDOWS\system32\drivers\nimdbgkl.sys []
R3 nimru2k;nimru2k; \??\C:\WINDOWS\system32\drivers\nimru2kl.sys []
R3 nimstsk;nimstsk; \??\C:\WINDOWS\system32\drivers\nimstskl.sys []
R3 nimxdfk;nimxdfk; \??\C:\WINDOWS\system32\drivers\nimxdfkl.sys []
R3 niorbk;niorbk; \??\C:\WINDOWS\system32\drivers\niorbkl.sys []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-03-19 6547488]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-19 47616]
R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\system32\drivers\RMCast.sys []
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-28 224672]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-08-05 335888]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-10-16 731136]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008]
S3 lvalarmk;lvalarmk; \??\C:\WINDOWS\system32\drivers\lvalarmk.sys []
S3 ni1006k;NI PXI-1006 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1006k.sys []
S3 ni1045k;NI PXI-1045 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1045kl.sys []
S3 ni1065k;NI PXIe-1065 Chassis Pilot; \??\C:\WINDOWS\system32\drivers\ni1065k.sys []
S3 ni488lock;NI-488.2 Locking Service; \??\C:\WINDOWS\system32\drivers\ni488lock.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nicdrk;nicdrk; \??\C:\WINDOWS\system32\drivers\nicdrkl.sys []
S3 nicsrk;nicsrk; \??\C:\WINDOWS\system32\drivers\nicsrkl.sys []
S3 nidmxfk;nidmxfk; \??\C:\WINDOWS\system32\drivers\nidmxfkl.sys []
S3 nidsark;nidsark; \??\C:\WINDOWS\system32\drivers\nidsarkl.sys []
S3 nidwgk;nidwgk; \??\C:\WINDOWS\system32\drivers\nidwgkl.sys []
S3 niemrk;niemrk; \??\C:\WINDOWS\system32\drivers\niemrkl.sys []
S3 niesrk;niesrk; \??\C:\WINDOWS\system32\drivers\niesrkl.sys []
S3 nifslk;nifslk; \??\C:\WINDOWS\system32\drivers\nifslkl.sys []
S3 nigplk;nigplk; \??\C:\WINDOWS\system32\drivers\nigplkl.sys []
S3 nihsdrk;nihsdrk; \??\C:\WINDOWS\system32\drivers\nihsdrkl.sys []
S3 nimsdrk;nimsdrk; \??\C:\WINDOWS\system32\drivers\nimsdrkl.sys []
S3 nimslk;nimslk; \??\C:\WINDOWS\system32\drivers\nimslk.dll []
S3 nimsrlk;nimsrlk; \??\C:\WINDOWS\system32\drivers\nimsrlk.dll []
S3 nimxpk;nimxpk; \??\C:\WINDOWS\system32\drivers\nimxpkl.sys []
S3 ninshsdk;ninshsdk; \??\C:\WINDOWS\system32\drivers\ninshsdkl.sys []
S3 nipalfwedl;nipalfwedl; C:\WINDOWS\System32\drivers\nipalfwedl.sys [2007-12-12 11904]
S3 nipalusbedl;nipalusbedl; C:\WINDOWS\System32\drivers\nipalusbedl.sys [2007-12-12 11896]
S3 nipsdk;nipsdk; \??\C:\WINDOWS\system32\drivers\nipsdkl.sys []
S3 nipxigpk;NI PXI Generic Chassis Pilot; \??\C:\WINDOWS\system32\drivers\nipxigpk.sys []
S3 nirfsa2k;nirfsa2k; \??\C:\WINDOWS\system32\drivers\nirfsa2kl.sys []
S3 niscdk;niscdk; \??\C:\WINDOWS\system32\drivers\niscdkl.sys []
S3 nisdigk;nisdigk; \??\C:\WINDOWS\system32\drivers\nisdigkl.sys []
S3 nisftk;nisftk; \??\C:\WINDOWS\system32\drivers\nisftkl.sys []
S3 nisldk;nisldk; \??\C:\WINDOWS\system32\drivers\nisldkl.sys []
S3 nispdk;nispdk; \??\C:\WINDOWS\system32\drivers\nispdkl.sys []
S3 nisrcdk;nisrcdk; \??\C:\WINDOWS\system32\drivers\nisrcdkl.sys []
S3 nissrk;nissrk; \??\C:\WINDOWS\system32\drivers\nissrkl.sys []
S3 nistc2k;nistc2k; \??\C:\WINDOWS\system32\drivers\nistc2kl.sys []
S3 nistcrk;nistcrk; \??\C:\WINDOWS\system32\drivers\nistcrkl.sys []
S3 niswdk;niswdk; \??\C:\WINDOWS\system32\drivers\niswdkl.sys []
S3 nitiork;nitiork; \??\C:\WINDOWS\system32\drivers\nitiorkl.sys []
S3 nitnr2k;nitnr2k; \??\C:\WINDOWS\system32\drivers\nitnr2kl.sys []
S3 niufurk;niufurk; \??\C:\WINDOWS\system32\drivers\niufurkl.sys []
S3 NiViFWK;NI-VISA FireWire Driver; C:\WINDOWS\System32\drivers\NiViFWKl.sys [2007-07-19 11384]
S3 NiViPciK;NI-VISA PCI Driver; C:\WINDOWS\System32\drivers\NiViPciKl.sys [2008-01-10 11360]
S3 niwfrk;niwfrk; \??\C:\WINDOWS\system32\drivers\niwfrkl.sys []
S3 nixsrk;nixsrk; \??\C:\WINDOWS\system32\drivers\nixsrkl.sys []
S3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
S3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
S3 usb6xxxk;usb6xxxk; \??\C:\WINDOWS\system32\drivers\usb6xxxkl.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-10 116040]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-12-06 264800]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-27 221184]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2007-12-05 144688]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-04-19 75304]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2007-11-27 695136]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2007-11-27 40488]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2007-11-27 50736]
R2 MSMQ;Message Queuing; C:\WINDOWS\system32\mqsvc.exe [2008-04-13 4608]
R2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\system32\mqtgsvc.exe [2008-04-13 117248]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2007-08-03 12696]
R2 ni488enumsvc;NI-488.2 Enumeration Service; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 nidevldu;NI Device Loader; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2007-11-27 213552]
R2 nipxirmu;NI PXI Resource Manager; C:\WINDOWS\system32\nipalsm.exe [2007-02-16 12696]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2007-07-19 48704]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2007-12-06 609384]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-03-19 155716]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 Rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2008-08-06 47104]
R2 SWIHPWMI;SWIHPWMI; C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 292384]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-08-05 906536]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-08-18 85096]
S3 Autodesk Network Licensing Service;Autodesk Network Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe [2007-02-12 902760]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-04-30 172131]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2007-10-31 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S3 tmlisten;OfficeScan NT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2008-08-05 984360]
S3 TmPfw;OfficeScan NT Firewall; C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [2008-08-05 488768]
S3 TmProxy;OfficeScan NT Proxy Service; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-08-05 652552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2007-05-09 98304]
-----------------EOF-----------------
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select ''Run as administrator'' to perform this scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
If you need a tutorial, see here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif)
collegegirl
2008-12-30, 00:42
The online scan gave these results
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, December 29, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, December 29, 2008 17:52:38
Records in database: 1529114
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Files scanned: 203752
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:30:56
File name / Threat name / Threats count
C:\Documents and Settings\fricka\Local Settings\Temporary Internet Files\Content.IE5\74NQ96VT\apstpldr.dll[1].htm Infected: Trojan.Win32.Monder.aehd 1
The selected area was scanned.
and this is the hijack this report
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:31 PM, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nipalsm.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rpcnet.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\College Girl.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=laptop
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [niDevMon] C:\Program Files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe
O4 - HKLM\..\Run: [Trend OfficeScan ImageSetup] "C:\Documents and Settings\All Users\Desktop\ImgSetup.exe" "/001f297b5af0" -HideWindow
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O15 - Trusted Zone: http://*.msoe.edu
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://activity.msoe.edu:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230138355390
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230138348968
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = msoe.edu
O17 - HKLM\Software\..\Telephony: DomainName = msoe.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = msoe.edu
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: NI-488.2 Enumeration Service (ni488enumsvc) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Device Loader (nidevldu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI PXI Resource Manager (nipxirmu) - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments Corporation - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 11532 bytes
Please download ATF Cleaner by Atribune (http://www.atribune.org/ccount/click.php?id=1) and save
it to desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit to close ATF-Cleaner.
Still problems?
collegegirl
2008-12-30, 15:52
Hi again!!! Once again thanks for all your help...
I ran spybot search & destory to double check that the laptop was clean but it
found 2 entries of Vitrumonde.genric...
so once again.. I still need help..
Please then post next spybot report :)
collegegirl
2008-12-30, 16:20
Okay.. I think I ran spybot too close to the ATF-cleaner... because I restarted the laptop and ran spybot again... and YAY!!!! :) there were no viruses!!! :laugh:
Thanks for all your help with getting my laptop clean, I was freaking out over not being able to do my break homework... LOL
Could you recommend a really good anti-virus protection so this doesn't happen again!!!
Thanks once again!!
~College Girl
Great :)
There is nothing wrong with your antivirus.
Thing is that malware changes and evolves so rapidly that antivirus vendors can't keep up with it. So prevention is the key here. See below for preventing tips and other instructions:
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Please download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.
***Please close any instances of Internet Explorer before continuing!***
Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.
Then download and install Java Runtime Environment (JRE) 6 Update 11 (http://java.sun.com/javase/downloads/index.jsp).
Now lets uninstall ComboFix:
Click START then RUN
Now type Combofix /u in the runbox and click OK
Next we remove all used tools.
Please download OTCleanIt (http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe) and save it to desktop.
Double-click OTCleanIt.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.
Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and re-enable system restore here:
Windows XP System Restore Guide (http://www.bleepingcomputer.com/forums/tutorial56.html)
Re-enable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Update your AntiVirus Software and keep your other programs up-to-date Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com (http://www.windowsupdate.com) regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:
Malwarebytes' Anti-Malware Setup Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1644)
Malwarebytes' Anti-Malware Scanning Guide (http://www.bfccomputers.com/forum/index.php?showtopic=1645)
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm) <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. See also a hosts file tutorial here (http://malwareremoval.com/forum/viewtopic.php?t=22187)
Winpatrol (http://www.winpatrol.com/) <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software (http://www.winpatrol.com/features.html)
Stand Up and Be Counted ---> Malware Complaints (http://www.malwarecomplaints.info/index.php) <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place (http://forums.spybot.info/showthread.php?t=279)
Happy surfing and stay clean! :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.