Hi Kahdah,
Thanks for the fast reply!
Here is my combofix log
ComboFix 08-03-01.3 - 200013323 2008-03-01 21:39:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1413 [GMT -5:00]
Running from: D:\Documents and Settings\200013323\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\absolute key logger.lnk
C:\WINDOWS\aconti.exe
C:\WINDOWS\aconti.ini
C:\WINDOWS\aconti.log
C:\WINDOWS\aconti.sdb
C:\WINDOWS\acontidialer.txt
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\default.htm
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\
000070.exe
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\acespy
C:\WINDOWS\system32\acespy\__acelog.ndx
C:\WINDOWS\system32\acespy\systune.exe
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\x64
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Possible infected sites -----
hxxp://80.93.48.74
hxxp://wsus.ad.ge.com
.
((((((((((((((((((((((((( Files Created from 2008-02-02 to 2008-03-02 )))))))))))))))))))))))))))))))
.
2008-03-01 18:19 . 2008-03-01 18:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-01 17:58 . 2008-03-01 17:58 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-03-01 16:28 . 2008-03-01 16:28 89,099 --a------ C:\WINDOWS\system32\mgmrwmrv.exe
2008-03-01 16:28 . 2008-03-01 16:28 4 --a------ C:\WINDOWS\system32\winfrun32.bin
2008-02-15 00:57 . 2008-02-15 17:47 <DIR> d-------- C:\CLIENTUS
2008-02-15 00:28 . 2008-02-15 00:51 <DIR> d-------- C:\CLIENTWS
2008-02-14 17:44 . 2008-02-14 17:44 26,155 --a------ C:\WINDOWS\system32\drivers\LKDE0.tmp
2008-02-13 10:30 . 2008-02-13 10:30 26,155 --a------ C:\WINDOWS\system32\drivers\LKD83.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 02:35 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-03-02 01:37 --------- d-----w C:\Program Files\Nortel Networks
2008-02-21 18:47 --------- d-----w D:\Documents and Settings\200013323\Application Data\Sametime
2008-02-21 03:40 30,267 ----a-w C:\WINDOWS\system32\drivers\safeboot.sys
2008-02-21 03:40 --------- d-----w C:\Program Files\SafeBoot
2008-02-16 13:53 --------- d-----w D:\Documents and Settings\200013323\Application Data\U3
2008-01-31 13:56 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD26A.tmp
2008-01-31 01:55 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD265.tmp
2008-01-30 13:55 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD18D.tmp
2008-01-30 01:55 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD188.tmp
2008-01-29 13:54 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD11E.tmp
2008-01-29 01:54 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD118.tmp
2008-01-28 13:53 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD82.tmp
2008-01-25 19:58 --------- d-----w D:\Documents and Settings\200013323\Application Data\Move Networks
2008-01-25 10:11 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD383.tmp
2008-01-24 22:11 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD37E.tmp
2008-01-24 10:11 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD2F3.tmp
2008-01-23 22:10 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD294.tmp
2008-01-23 10:10 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD210.tmp
2008-01-22 22:10 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD1B1.tmp
2008-01-22 21:27 --------- d-----w C:\Program Files\MTBWIN
2008-01-21 21:05 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD11F.tmp
2008-01-19 21:10 26,155 ----a-w C:\WINDOWS\system32\drivers\LKDE4.tmp
2008-01-18 14:46 --------- d-----w C:\Program Files\MSECache
2008-01-18 11:30 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD1DC.tmp
2008-01-17 23:29 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD1D7.tmp
2008-01-17 11:29 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD147.tmp
2008-01-16 23:29 26,155 ----a-w C:\WINDOWS\system32\drivers\LKDE7.tmp
2008-01-15 15:27 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD97.tmp
2008-01-14 14:06 --------- d-----w C:\Program Files\Java
2008-01-14 13:18 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD87.tmp
2008-01-11 07:37 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD48D.tmp
2008-01-10 19:37 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD47F.tmp
2008-01-10 07:37 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD31E.tmp
2008-01-09 19:36 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD30E.tmp
2008-01-09 07:36 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD1AC.tmp
2008-01-08 19:35 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD19E.tmp
2008-01-08 07:35 26,155 ----a-w C:\WINDOWS\system32\drivers\LKDBF.tmp
2008-01-07 19:35 26,155 ----a-w C:\WINDOWS\system32\drivers\LKDB6.tmp
2008-01-04 18:41 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD439.tmp
2008-01-04 06:40 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD37C.tmp
2008-01-03 18:40 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD340.tmp
2008-01-03 06:39 26,155 ----a-w C:\WINDOWS\system32\drivers\LKD2D7.tmp
2008-01-02 18:39 26,155 ----a-w C:\WINDOWS\system32\drivers\LKDF9.tmp
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 01:07 3,059,200 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 13:07 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
1999-06-17 22:12 652,332 ----a-w C:\WINDOWS\inf\DRVIDX.BIN
1999-06-17 22:12 195,530 ----a-w C:\WINDOWS\inf\DRVDATA.BIN
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8560380C-8653-4521-8262-7F6A4D3D4B0F}]
2007-05-17 15:53 1216512 --a------ C:\Program Files\Kintana Toolbar\kintana.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-16 18:50 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-16 18:50 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-16 18:50 138008]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 16:26 303104 C:\WINDOWS\stsystra.exe]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-13 10:33 155648]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 21:32 208952]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 07:00 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-29 07:00 455168]
"UAMAgent"="" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 16:14 53408]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-06-15 00:40 124656]
"Sxplog"="C:\SxpInst\sxpstub.exe" [2005-10-24 13:44 20480]
"SDJobCheck"="triggusr.exe" []
"SBMGRNT.EXE"="C:\PROGRA~1\SafeBoot\SBMGRNT.exe" [2007-09-05 10:02 49212]
"CA-AMAgent"="C:\Program Files\CA\Unicenter Asset Management\Agents\amagent.exe" [2003-03-07 04:04 45056]
"VerifyStartMenu"="C:\Netmanag.97\NMGOINN.DLL" [1998-06-18 07:00 537600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-25 09:32 286720]
"OdTray.exe"="C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2007-06-20 17:32 1028160]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"PMA"="C:\Netmanag.97\PMALOAD.EXE" [1998-06-18 07:00 72128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"SB_NoDispScrSavPage"= 0 (0x0)
"DisableTaskMgr"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispScrSavPage"= 0 (0x0)
"SB_NoDispScrSavPage"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"= 0 (0x0)
"Btn_Forward"= 0 (0x0)
"Btn_Stop"= 0 (0x0)
"Btn_Refresh"= 0 (0x0)
"Btn_Home"= 0 (0x0)
"Btn_Search"= 0 (0x0)
"Btn_History"= 0 (0x0)
"Btn_Favorites"= 0 (0x0)
"Btn_Media"= 0 (0x0)
"Btn_Folders"= 0 (0x0)
"Btn_Fullscreen"= 0 (0x0)
"Btn_Tools"= 0 (0x0)
"Btn_MailNews"= 0 (0x0)
"Btn_Size"= 0 (0x0)
"Btn_Print"= 0 (0x0)
"Btn_Edit"= 0 (0x0)
"Btn_Discussions"= 0 (0x0)
"Btn_Cut"= 0 (0x0)
"Btn_Copy"= 0 (0x0)
"Btn_Paste"= 0 (0x0)
"Btn_Encoding"= 0 (0x0)
"Btn_PrintPreview"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoLogoff"= 0 (0x0)
"EnforceShellExtensionSecurity"= 0 (0x0)
"NoDeletePrinter"= 0 (0x0)
"NoAddPrinter"= 0 (0x0)
"NoPrinterTabs"= 0 (0x0)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient]
odyEvent.dll 2007-11-09 05:44 122949 C:\WINDOWS\system32\odyEvent.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2109546190-1859003067-1489575960-18672\Scripts\Logon\
0\
0]
"Script"=\\nam.corp.ge.com\SysVol\nam.corp.ge.com\Policies\Scripts\WSUS_production.vbe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2109546190-1859003067-1489575960-89795\Scripts\Logon\
0\
0]
"Script"=\\nam.corp.ge.com\SysVol\nam.corp.ge.com\Policies\Scripts\WSUS_production.vbe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5556:TCP"= 5556:TCP:SafeBoot
R0 aarich;aarich;C:\WINDOWS\system32\DRIVERS\aarich.sys [2005-05-17 17:12]
R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2008-02-20 22:40]
R0 SBAlg;SBAlg;C:\WINDOWS\system32\drivers\SBAlg.sys [2007-09-05 10:02]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-09-05 10:02]
R1 SBFlop;SBFlop;C:\WINDOWS\system32\drivers\SBFlop.sys [2007-09-05 10:02]
R1 SbPrcCtl;SbPrcCtl;C:\WINDOWS\system32\drivers\SbPrcCtl.sys [2007-09-05 10:02]
R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2007-06-14 17:12]
R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;C:\Program Files\SafeBoot\SBMGRNT.EXE [2007-09-05 10:02]
R2 VPatch;ISS Buffer Overflow Exploit Prevention;C:\Program Files\ISS\Proventia Desktop\vpatch.exe [2006-06-07 15:03]
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2003-10-23 14:55]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2003-10-23 14:55]
R3 jnprna;Juniper Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\jnprna.sys [2007-06-14 14:25]
R3 MakoNT;MakoNT;C:\WINDOWS\system32\drivers\MakoNT.sys [2006-06-07 14:41]
R3 rap;rap;C:\WINDOWS\system32\drivers\RapDrv.sys [2007-09-10 09:13]
R4 black;black;C:\WINDOWS\system32\drivers\BlackCat.sys [2007-09-10 09:13]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2003-10-23 14:55]
S3 EacService;Juniper TNC Endpoint Assessment;C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [2007-06-20 18:06]
S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\Nortel Networks\Extranet_serv.exe" [2003-10-23 14:45]
S3 O2SCBUS;O2Micro SmartCardBus Reader;C:\WINDOWS\system32\DRIVERS\ozscr.sys [2004-07-09 12:47]
S3 odysseyIM4;Odyssey Network Driver Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys [2006-08-17 08:51]
S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache;C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 18:34]
S4 a320raid;a320raid;C:\WINDOWS\system32\DRIVERS\a320raid.sys [2005-02-17 19:05]
S4 aac;PERC 320/DC SCSI RAID Miniport Driver;C:\WINDOWS\system32\DRIVERS\aac.sys [2004-04-07 13:14]
S4 vmscsi;vmscsi;C:\WINDOWS\system32\drivers\vmscsi.sys [2003-02-24 09:02]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{25a16bc0-383e-11db-a006-000bdbda9c73}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx C:\WINDOWS\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder
"2007-11-17 04:40:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-01 21:41:08
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-01 21:41:40
ComboFix-quarantined-files.txt 2008-03-02 02:41:32
.
2008-02-21 14:29:01 --- E O F ---
Here is my Hijack this file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43, on 2008-03-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DellTPad\HidFind.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\SxpInst\sxplog32.exe
C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\CA\SharedComponents\CAM\bin\caftf.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://corp.home.ge.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://corp.setpac.ge.com/pac.pacR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=cin01.proxy.corporate.ge.com:80;https=cin01.proxy.corporate.ge.com:80;ftp=c
in01.proxy.corporate.ge.com:80
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O1 - Hosts: 135.108.57.19 geect
O1 - Hosts: 135.108.57.19 geacqt
O1 - Hosts: 135.108.57.19 geecd
O1 - Hosts: 135.108.57.19 geacqd
O1 - Hosts: 135.108.57.19 newgetpct
O1 - Hosts: 135.108.57.179 geecors
O1 - Hosts: 135.108.57.179 gepayrollors
O1 - Hosts: 135.108.57.92 cvgge15
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: XBTB01629 - {8560380C-8653-4521-8262-7F6A4D3D4B0F} - C:\Program Files\Kintana Toolbar\kintana.dll
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: SupportCentral - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\system32\SCTOOL~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [CA-AMAgent] "C:\Program Files\CA\Unicenter Asset Management\Agents\amagent.exe"
O4 - HKLM\..\Run: [VerifyStartMenu] RunDLL32 C:\Netmanag.97\NMGOINN.DLL,VerifyStartMenu
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\RunServices: [PMA] C:\Netmanag.97\PMALOAD.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://corp.home.ge.com
O15 - Trusted Zone: *.ge.com
O15 - Trusted Zone: *.ge.com (HKLM)
O15 - Trusted Zone: *.gebrandcentral.com (HKLM)
O15 - Trusted Zone: *.gedigitalmedia.com (HKLM)
O15 - Trusted Zone: *.gemediacentral.com (HKLM)
O15 - Trusted Zone: *.genewscenter.com (HKLM)
O15 - Trusted Zone: *.geolympiccentral.com (HKLM)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) -
http://lads.myspace....ploader1005.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1200319556015O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) -
http://americascomm0...STJNILoader.cabO16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) -
http://games.myspace...ronGameHost.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nam.corp.ge.com
O17 - HKLM\Software\..\Telephony: DomainName = nam.corp.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nam.corp.ge.com
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Unicenter Message Queuing Server (CA-MessageQueuing) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper TNC Endpoint Assessment (EacService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Juniper OAC Service (odClientService) - Juniper Networks, Inc. - C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe
--
End of file - 12036 bytes