Thanks for all your help so far!
Find AWF report by noahdfear ©2006
Version 1.40
The current date is: Mon 02/11/2008
The current time is: 22:46:17.64
bak folders found
~~~~~~~~~~~
Directory of C:\PROGRA~1\AIM\BAK
12/08/2004 05:50 PM 67,160 aim.exe
1 File(s) 67,160 bytes
Directory of C:\PROGRA~1\APOINT2K\BAK
06/18/2003 01:44 AM 151,552 Apoint.exe
1 File(s) 151,552 bytes
Directory of C:\PROGRA~1\EZBUTTON\BAK
01/02/2005 11:21 PM 417,792 EzButton.EXE
1 File(s) 417,792 bytes
Directory of C:\PROGRA~1\ITUNES\BAK
10/30/2006 09:36 AM 256,576 iTunesHelper.exe
1 File(s) 256,576 bytes
Directory of C:\PROGRA~1\LTMOH\BAK
04/28/2003 02:08 AM 184,320 Ltmoh.exe
1 File(s) 184,320 bytes
Directory of C:\PROGRA~1\PCOUNTER\BAK
08/05/2002 01:43 PM 67,584 WBALANCE.EXE
1 File(s) 67,584 bytes
Directory of C:\PROGRA~1\QUICKT~1\BAK
10/25/2006 06:58 PM 282,624 qttask.exe
1 File(s) 282,624 bytes
Directory of C:\PROGRA~1\STORAG~1\BAK
0 File(s) 0 bytes
Directory of C:\PROGRA~1\SYMANT~1\BAK
06/23/2005 06:27 PM 85,696 VPTray.exe
1 File(s) 85,696 bytes
Directory of C:\WINDOWS\SYSTEM32\BAK
05/17/2004 01:27 PM 32,859 dpmw32.exe
11/01/2004 07:59 PM 126,976 hkcmd.exe
11/01/2004 09:03 PM 155,648 igfxtray.exe
07/09/2001 10:50 AM 155,648 NeroCheck.exe
01/17/2005 10:33 AM 40,960 zentray.exe
5 File(s) 512,091 bytes
Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK
06/02/2005 08:21 AM 48,752 ccApp.exe
1 File(s) 48,752 bytes
Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK
07/15/2004 12:07 AM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes
Directory of C:\PROGRA~1\MUSICM~1\MUSICM~2\BAK
03/30/2004 09:12 PM 118,784 mm_tray.exe
03/30/2004 09:12 PM 53,248 mmtask.exe
2 File(s) 172,032 bytes
Directory of C:\PROGRA~1\COMMON~1\REAL\UPDATE~1\BAK
06/30/2005 12:15 PM 151,552 realsched.exe
1 File(s) 151,552 bytes
Directory of C:\PROGRA~1\INTEL\WIRELESS\BIN\BAK
10/15/2004 10:31 AM 356,352 EOUWiz.exe
10/15/2004 10:27 AM 385,024 ifrmewrk.exe
2 File(s) 741,376 bytes
Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK
06/03/2005 02:52 AM 36,975 jusched.exe
1 File(s) 36,975 bytes
Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK
03/04/2004 03:00 AM 98,304 E_FATI9AA.EXE
02/01/2005 10:00 PM 98,304 E_FATIADA.EXE
2 File(s) 196,608 bytes
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
67160 Jan 21 2005 "C:\Misc\AIM\v5.9\aim.exe"
67160 Dec 8 2004 "C:\Program Files\AIM\bak\aim.exe"
151552 Jun 18 2003 "C:\Program Files\Apoint2K\bak\Apoint.exe"
151552 Jun 18 2003 "C:\Misc\Drivers\TouchPad\Alps\5.3.204.5\Apoint.exe"
417792 Jan 2 2005 "C:\Program Files\EzButton\bak\EzButton.EXE"
417792 Jan 2 2005 "C:\Misc\Drivers\Easy Button\V1.000\EzButton.exe"
256576 Oct 30 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Nov 14 2006 "C:\WINDOWS\Installer\{446DBFFA-4088-48E3-8932-74316BA4CAE4}\iTunesIco.exe"
108096 Nov 14 2006 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.0.2.16\iTunesSetupAdmin.exe"
184320 Apr 28 2003 "C:\Program Files\ltmoh\bak\Ltmoh.exe"
184320 Apr 28 2003 "C:\Misc\Drivers\Modem\Agere AC97\V2.1.46\LtMoh.exe"
67584 Aug 5 2002 "C:\Program Files\PCounter\bak\WBALANCE.EXE"
282624 Oct 25 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
85696 Jun 23 2005 "C:\Program Files\Symantec AntiVirus\VPTray.exe"
85696 Jun 23 2005 "C:\Program Files\Symantec AntiVirus\bak\VPTray.exe"
32859 May 17 2004 "C:\WINDOWS\system32\bak\dpmw32.exe"
32859 May 17 2004 "C:\Misc\Novell\Client32\Build20051209_v0602_ClientOnly_C\redir\dpmw32.exe"
32859 May 17 2004 "C:\Misc\Novell\Client32\v0503\redir\dpmw32.exe"
126976 Nov 1 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
126976 Nov 1 2004 "C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\hkcmd.exe"
126976 Nov 1 2004 "C:\Misc\Drivers\Video\Intel\14.9.0.3943\Win2000\hkcmd.exe"
155648 Nov 1 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Nov 1 2004 "C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\igfxtray.exe"
155648 Nov 1 2004 "C:\Misc\Drivers\Video\Intel\14.9.0.3943\Win2000\igfxtray.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
40960 Jan 17 2005 "C:\WINDOWS\system32\bak\zentray.exe"
48752 Jun 2 2005 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
48752 Jun 2 2005 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
32768 Jul 15 2004 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
53248 Mar 30 2004 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mmtask.exe"
53248 Mar 30 2004 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe"
118784 Mar 30 2004 "C:\Program Files\MUSICMATCH\MUSICMATCH Update\MMJB\mm_tray.exe"
118784 Mar 30 2004 "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\bak\mm_tray.exe"
151552 Jun 30 2005 "C:\Program Files\Common Files\Real\Update_OB\bak\realsched.exe"
356352 Oct 15 2004 "C:\Program Files\Intel\Wireless\Bin\bak\EOUWiz.exe"
385024 Oct 15 2004 "C:\Program Files\Intel\Wireless\Bin\bak\ifrmewrk.exe"
36975 Jun 3 2005 "C:\Program Files\Java\jre1.5.0_04\bin\bak\jusched.exe"
98304 Mar 4 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx460035df\E_FATI9AA.EXE"
98304 Feb 1 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx4800f6be\E_FATIADA.EXE"
98304 Mar 4 2004 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATI9AA.EXE"
98304 Feb 1 2005 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_FATIADA.EXE"
end of report
ComboFix 08-02-12.1 - karasalg 2008-02-11 22:24:14.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.143 [GMT -5:00]
Running from: C:\Documents and Settings\karasalg\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\karasalg\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Common\VistaBoot.sdll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305001C.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownLoadHist.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MTSDownloadSites.txt
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VETScriptInterpreter.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPVideo2.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_VIEWPOINT_MANAGER_SERVICE
-------\Viewpoint Manager Service
((((((((((((((((((((((((( Files Created from 2008-01-12 to 2008-02-12 )))))))))))))))))))))))))))))))
.
2008-02-11 20:48 . 2004-08-03 23:56 388,608 --a------ C:\kmd.exe
2008-02-04 23:48 . 2008-02-04 23:54 <DIR> d-------- C:\Program Files\AIM6
2008-01-21 21:54 . 2008-01-21 21:54 <DIR> d-------- C:\Program Files\WordBiz
2008-01-19 01:22 . 2007-12-03 02:10 644,400 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-01-19 01:21 . 2008-01-29 20:13 <DIR> d-------- C:\Program Files\Google
2008-01-19 01:20 . 2008-01-19 01:20 34,130,184 --a------ C:\Program Files\GoogleSketchUpWEN.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 03:37 --------- d-----w C:\Program Files\CUAgent
2008-02-12 03:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-02-12 01:11 488,144 ----a-w C:\Program Files\HJTsetup
2008-02-08 02:04 --------- d-----w C:\Documents and Settings\karasalg\Application Data\Ruckus Network
2008-02-05 04:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-05 04:48 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-05 04:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-19 06:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-16 23:52 --------- d--h--w C:\Documents and Settings\karasalg\Application Data\Move Networks
2007-12-18 19:06 --------- d-----w C:\Program Files\Apple Software Update
2007-12-18 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2005-11-03 21:46 1,453,909 ----a-w C:\Program Files\MyTunes1_2.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-29 20:13 171448]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 11:15 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-08-30 00:48 69632 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 00:38 88361 C:\WINDOWS\AGRSMMSG.exe]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 10:37 28672 C:\WINDOWS\system32\nwtray.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 11:31 29696 C:\WINDOWS\KHALMNPR.Exe]
"StrgSync.exe"="C:\Program Files\StorageSync\StrgSync.exe" [2005-10-07 22:01 3032576]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
Application Explorer.lnk - C:\Program Files\Novell\ZENworks\NalView.exe [2005-01-24 04:04:14 35840]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-09-08 15:12:31 581632]
Post-itr Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe [2004-10-15 14:26:54 2080768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoDevMgrUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Program Files\Novell\ZENworks\NalShell.dll [2005-01-25 16:18 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 10:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll 2005-01-10 12:36 24576 C:\WINDOWS\system32\novell\xtnotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0
R1 nipplpt;Novell iCapture Lpt Redirector;C:\WINDOWS\system32\drivers\nipplpt.sys [2004-01-07 09:03]
R2 BlankScr;HBDevice;C:\WINDOWS\system32\drivers\BlankScr.sys [2005-01-17 11:23]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2004-11-22 12:07]
R2 RSX;Restart Service X;C:\WINDOWS\system32\srvany.exe [1999-12-21 06:59]
R2 urtclientservice;URT Client Service;C:\WINDOWS\system32\urtclsvc.exe [2004-03-31 18:01]
R2 XTAgent;Novell XTier Agent Services;C:\WINDOWS\System32\Novell\XTAgent.exe [2005-01-10 12:36]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 14:20:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-11 22:37:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\RSX.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-02-11 22:42:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-12 03:42:18
ComboFix2.txt 2008-02-12 02:20:24
Logfile of HijackThis v1.99.1
Scan saved at 10:50:55 PM, on 2/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\WINDOWS\system32\srvany.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\RSX.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\urtclsvc.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\karasalg\Desktop\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) -
http://quickplace.udayton.edu/qp2.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/download/ipixx.cabO16 - DPF: {205FF73B-CA67-11D5-99DD-444553540012} (CInstall Class) -
http://www.funnytaf....ler/Install.cabO16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://web-student-...du/iNotes6W.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1120154725453O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
http://go.divx.com/p...owserPlugin.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1120154971062O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) -
http://upload.facebo...otoUploader.cabO16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) -
http://mvnet.xlontec...2ie06101001.cabO17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = udayton.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = udayton.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = udayton.edu
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: NetIdentity Notification - C:\WINDOWS\system32\Novell\XtNotify.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Restart Service X (RSX) - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: URT Client Service (urtclientservice) - Unknown owner - C:\WINDOWS\system32\urtclsvc.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe