Well I actually never even mentioned having it until I saw him and told him that I wanted to run the fix tool. I wanted to fix it myself...and by fix it myself I mean get someone to teach me how to do it myself hehe. I was obsessing over the
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
When I see red I freeze up....it was the last color I learned...I was 17 years old by then...... but anyway these are the logs from DSS
Deckard's System Scanner v20071014.68
Run by jcollins on 2008-07-24 10:55:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
108: 2008-07-24 14:55:32 UTC - RP1010 - Deckard's System Scanner Restore Point
107: 2008-07-24 14:48:43 UTC - RP1009 - Last known good configuration
106: 2008-07-23 18:54:13 UTC - RP1008 - Spybot-S&D Spyware removal
105: 2008-07-23 18:52:32 UTC - RP1007 - Spybot-S&D Spyware removal
104: 2008-07-23 16:47:49 UTC - RP1006 - Spybot-S&D Spyware removal
-- First Restore Point --
1: 2008-07-24 14:48:35 UTC - RP903 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as jcollins.exe) --------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:11 AM, on 7/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
C:\SxpInst\sxplog32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\jcollins\winlogon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Documents and Settings\jcollins\Application Data\U3\00001853E47122BA\LaunchPad.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\AL500\CIRC\BIN\CIRC.EXE
C:\WINDOWS\mrofinu.exe
L:\Antiviruses\dss.exe
C:\DOCUME~1\jcollins\Desktop\jcollins.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.qc.edu/LibraryR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dell.com/O2 - BHO: (no name) - {0B5DCB75-B2FF-4BD3-A494-28A6166D2D97} - C:\WINDOWS\system32\opNHwtrq.dll (file missing)
O2 - BHO: {d98de9c2-d5ba-5f4b-9224-82fcb53a6af2} - {2fa6a35b-cf28-4229-b4f5-ab5d2c9ed89d} - C:\WINDOWS\system32\wwwywq.dll
O2 - BHO: Watch for Browser Events - {516E2306-7ADF-47EC-AEA8-ACB6B51899F1} - C:\PROGRA~1\MACROE~1\iCapture.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312} - C:\WINDOWS\system32\xXpPhfET.dll (file missing)
O2 - BHO: (no name) - {6D20ED34-7104-42BB-86A5-16B4B6E6F2F8} - C:\WINDOWS\system32\ktokcvkc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {DE52CDC9-2638-4718-8988-13455EE267A7} - C:\Documents and Settings\jcollins\Local Settings\Temporary Internet Files\Content.IE5\C1QR692L\3077ahntdksr[1].dll
O2 - BHO: (no name) - {E1F93182-D570-4483-BA6D-07492EDDD294} - C:\WINDOWS\system32\xxYOExWN.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [NGClient] C:\Program Files\Symantec\Ghost\ngctw32.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Sxplog] C:\SxpInst\sxpstub.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SurveyorSession] C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\jcollins\winlogon.exe
O4 - HKLM\..\Run: [aca0ba75] rundll32.exe "C:\WINDOWS\system32\pastnmts.dll",b
O4 - HKLM\..\Run: [BMaf9389e9] Rundll32.exe "C:\WINDOWS\system32\miswfdup.dll",s
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1188.exe 61A847B5BBF72813339330466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF
968951185EFC412806867680AEDE604D64C2661373F819EBDCD66A47
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [µTorrent] "C:\Documents and Settings\Joseph Collins\Desktop\utorrent.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Windows Service] C:\Documents and Settings\jcollins\service.exe
O4 - HKCU\..\Policies\Explorer\Run: [1] \\admin-vault1\users\maphome.vbs
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ALEPH 500 - Version 16 Version Check.lnk = C:\AL500\ALEPHCOM\BIN\VERSION.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell....iler/SysPro.CABO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CABO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by101fd.bay10...es/MsnPUpld.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1126648675387O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} -
http://149.4.45.240//activex/AMC.cabO16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) -
http://u3.sandisk.co...LPInstaller.CABO16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
http://a19.g.akamai....302/Coupons.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) -
https://mail.qc.cuny.edu/dwa7W.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = qc.ads
O17 - HKLM\Software\..\Telephony: DomainName = qc.ads
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = qc.ads
O20 - Winlogon Notify: ssqRHWOE - C:\WINDOWS\SYSTEM32\ssqRHWOE.dll
O20 - Winlogon Notify: xXpPhfET - xXpPhfET.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Symantec Ghost Client Agent (NGClient) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Verdiem Surveyor Client (SurveyorSD) - Verdiem Corp. - C:\Program Files\Verdiem\SurveyorSD\Bin\SurveyorSD.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 12429 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 GhMon (GhostMountMonitor - Boot Phase Driver) - c:\windows\system32\drivers\ghmon.sys <Not Verified; Symantec Corporation; Ghost Enterprise client>
R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver>
R1 Tosrfcom (Bluetooth RFCOMM from TOSHIBA) - c:\windows\system32\drivers\tosrfcom.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFCOMM Driver>
R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
R3 tosporte (Bluetooth Port Driver from Toshiba) - c:\windows\system32\drivers\tosporte.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Bluetooth Port Emulation Driver>
R3 Tosrfbd (Bluetooth RFBUS from TOSHIBA) - c:\windows\system32\drivers\tosrfbd.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth BUS Driver(WindowsXP,Windows2000)>
R3 Tosrfbnp (Bluetooth RFBNEP from TOSHIBA) - c:\windows\system32\drivers\tosrfbnp.sys <Not Verified; TOSHIBA Corporation; Bluetooth RFBNEP Driver from TOSHIBA>
R3 Tosrfhid (Bluetooth RFHID from TOSHIBA) - c:\windows\system32\drivers\tosrfhid.sys <Not Verified; TOSHIBA Corporation.; Bluetooth HID Driver from TOSHIBA>
R3 Tosrfusb (Bluetooth USB Controller) - c:\windows\system32\drivers\tosrfusb.sys <Not Verified; TOSHIBA CORPORATION; Bluetooth USB Miniport Driver(Windows2000,WindowsXP)>
S0 GhPostConfig (GhostPostConfig - Boot Phase Driver) - c:\windows\system32\drivers\ghpcw2k.sys <Not Verified; Symantec Corporation; Ghost Enterprise client>
S2 GhPostConfig_Auto (GhostPostConfig - Auto Phase Driver) - c:\windows\system32\drivers\ghpcw2k.sys <Not Verified; Symantec Corporation; Ghost Enterprise client>
S3 toshidpt (TOSHIBA Bluetooth HID port driver) - c:\windows\system32\drivers\toshidpt.sys <Not Verified; TOSHIBA Corporation.; TOSHIBA Bluetooth HID Mini Port Driver>
S3 tosrfnds (Bluetooth Personal Area Network from TOSHIBA) - c:\windows\system32\drivers\tosrfnds.sys <Not Verified; TOSHIBA Corporation.; Bluetooth BNEP Driver from TOSHIBA>
S3 TosRfSnd (Bluetooth Audio Device (WDM) from TOSHIBA) - c:\windows\system32\drivers\tosrfsnd.sys <Not Verified; TOSHIBA Corporation; Bluetooth Audio Driver>
S3 USBIO (USBIO Driver (usbio.sys)) - c:\windows\system32\drivers\usbio.sys <Not Verified; Thesycon GmbH, Germany; Universal USB Device Driver>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Iap - "c:\program files\dell\openmanage\client\iap.exe" <Not Verified; Dell Inc; OpenManage Client Instrumentation>
R2 Multi-user Cleanup Service - "c:\program files\lotus\notes\ntmulti.exe" <Not Verified; IBM Corp; IBM Lotus Notes/Domino>
R2 SDService (Unicenter Software Delivery) - "c:\program files\ca\unicenter software delivery\bin\sdserv.exe" <Not Verified; Computer Associates International, Inc.; Unicenter Software Delivery>
R2 SurveyorSD (Verdiem Surveyor Client) - "c:\program files\verdiem\surveyorsd\bin\surveyorsd.exe" <Not Verified; Verdiem Corp.; Surveyor>
S3 WmcCds (Windows Media Connect (WMC)) - c:\program files\windows media connect\mswmccds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
S3 WmcCdsLs (Windows Media Connect (WMC) Helper) - c:\program files\windows media connect\mswmcls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth Personal Area Network from TOSHIBA
Device ID: BLUETOOTH\0004&0007\0000
Manufacturer: Toshiba
Name: Bluetooth Personal Area Network from TOSHIBA
PNP Device ID: BLUETOOTH\0004&0007\0000
Service: tosrfnds
-- Scheduled Tasks -------------------------------------------------------------
2008-07-24 10:23:59 446 --ah----- C:\WINDOWS\Tasks\Surveyor Send Logs Task 1.job
2008-07-19 08:17:00 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-06-24 and 2008-07-24 -----------------------------
2008-07-24 10:46:10 44544 -ra------ C:\WINDOWS\mrofinu1188.exe
2008-07-24 10:45:59 32768 --a------ C:\WINDOWS\system32\ssqRHWOE.dll
2008-07-24 10:45:59 32768 --a------ C:\WINDOWS\system32\rqRhhEUk.dll
2008-07-24 10:45:50 73 --a------ C:\WINDOWS\7631.bat
2008-07-23 15:38:38 0 d-------- C:\Documents and Settings\jcollins\Application Data\Talkback
2008-07-23 15:29:18 96768 --a------ C:\WINDOWS\system32\wwwywq.dll
2008-07-23 15:29:10 96768 --a------ C:\WINDOWS\system32\xkttokxk.dll
2008-07-23 15:29:08 118784 --a------ C:\WINDOWS\system32\ktokcvkc.dll
2008-07-23 15:26:20 81408 --a------ C:\WINDOWS\system32\pastnmts.dll
2008-07-23 15:24:09 118784 --a------ C:\WINDOWS\system32\gfxowjfk.dll
2008-07-23 15:21:21 118784 --a------ C:\WINDOWS\system32\bhrbgwpj.dll
2008-07-23 15:21:03 118784 --a------ C:\WINDOWS\system32\vkctnuyi.dll
2008-07-23 15:20:58 118784 --a------ C:\WINDOWS\system32\lywdkpkx.dll
2008-07-23 15:19:34 31744 --a------ C:\WINDOWS\system32\fccdaywX.dll
2008-07-23 15:19:34 31744 --a------ C:\WINDOWS\system32\fccbARKE.dll
2008-07-23 15:19:28 73 --a------ C:\WINDOWS\4957.bat
2008-07-23 15:18:09 90112 --a------ C:\WINDOWS\system32\hhtjiccw.dll
2008-07-23 10:23:17 0 d-------- C:\!KillBox
2008-07-23 10:14:19 118784 --a------ C:\WINDOWS\system32\teunjxxj.dll
2008-07-23 10:14:01 118784 --a------ C:\WINDOWS\system32\txqsvdbc.dll
2008-07-23 10:13:44 118784 --a------ C:\WINDOWS\system32\tllqpaen.dll
2008-07-23 10:13:27 118784 --a------ C:\WINDOWS\system32\padwodtb.dll
2008-07-23 10:13:08 118784 --a------ C:\WINDOWS\system32\puycbbxu.dll
2008-07-23 10:12:51 118784 --a------ C:\WINDOWS\system32\vhchugbg.dll
2008-07-23 10:12:34 118784 --a------ C:\WINDOWS\system32\lwmotcxt.dll
2008-07-23 10:12:16 118784 --a------ C:\WINDOWS\system32\kqptghcm.dll
2008-07-23 10:11:57 118784 --a------ C:\WINDOWS\system32\vpvwfolv.dll
2008-07-23 10:11:39 118784 --a------ C:\WINDOWS\system32\vjquympi.dll
2008-07-23 10:11:20 118784 --a------ C:\WINDOWS\system32\vwmalrsb.dll
2008-07-23 10:10:57 118784 --a------ C:\WINDOWS\system32\pinmxkgh.dll
2008-07-23 10:10:37 118784 --a------ C:\WINDOWS\system32\omhaaskk.dll
2008-07-23 10:07:37 118784 --a------ C:\WINDOWS\system32\ldyydchl.dll
2008-07-22 21:17:54 77 --a------ C:\Documents and Settings\jcollins\4495.bat
2008-07-22 21:17:50 73 --a------ C:\WINDOWS\4569.bat
2008-07-22 21:09:12 73 --a------ C:\WINDOWS\6056.bat
2008-07-22 20:39:58 31744 --a------ C:\WINDOWS\system32\fccYSJAP.dll
2008-07-22 20:39:58 31744 --a------ C:\WINDOWS\system32\cbXrOEVn.dll
2008-07-22 20:39:53 73 --a------ C:\WINDOWS\9228.bat
2008-07-22 20:09:44 73 --a------ C:\WINDOWS\9886.bat
2008-07-22 20:09:34 0 d-------- C:\WINDOWS\system32\kBin02
2008-07-22 20:09:31 31744 --a------ C:\WINDOWS\system32\urqQgfFY.dll
2008-07-22 20:09:31 31744 --a------ C:\WINDOWS\system32\khfCvvWN.dll
2008-07-22 14:16:23 82432 -----n--- C:\WINDOWS\system32\nbwjfbks.dll
2008-07-22 14:13:44 96256 --a------ C:\WINDOWS\system32\modoeg.dll
2008-07-22 14:13:32 96256 --a------ C:\WINDOWS\system32\gbnnfgti.dll
2008-07-22 14:13:23 91136 --a------ C:\WINDOWS\system32\miswfdup.dll
2008-07-21 16:23:29 0 d-------- C:\Program Files\Sun
2008-07-21 16:06:09 77 --a------ C:\Documents and Settings\jcollins\4373.bat
2008-07-21 16:06:08 73 --a------ C:\WINDOWS\5588.bat
2008-07-21 15:28:40 73 --a------ C:\WINDOWS\8617.bat
2008-07-21 15:28:35 77 --a------ C:\Documents and Settings\jcollins\7774.bat
2008-07-21 14:20:03 95232 --a------ C:\WINDOWS\system32\xewlgd.dll
2008-07-21 14:19:56 95232 --a------ C:\WINDOWS\system32\udojpovm.dll
2008-07-21 14:16:56 118784 --a------ C:\WINDOWS\system32\qcmkcpgb.dll
2008-07-21 14:14:08 79360 --a------ C:\WINDOWS\system32\qsnqeikr.dll
2008-07-21 14:13:44 118784 --a------ C:\WINDOWS\system32\uuaaqvkq.dll
2008-07-21 14:11:42 90112 --a------ C:\WINDOWS\system32\bgqqwcpg.dll
2008-07-21 14:10:44 843303 --ahs---- C:\WINDOWS\system32\NWxEOYxx.ini2
2008-07-21 14:10:41 245760 --a------ C:\WINDOWS\system32\xxYOExWN.dll
2008-07-21 14:07:24 0 d-------- C:\WINDOWS\system32\carH18
2008-07-21 14:07:20 32256 --a------ C:\WINDOWS\system32\vTLBtULB.dll
2008-07-21 14:07:19 32256 --a------ C:\WINDOWS\system32\wvUoMebY.dll
2008-07-21 14:07:16 73 --a------ C:\WINDOWS\5867.bat
2008-07-17 17:04:36 73 --a------ C:\WINDOWS\8868.bat
2008-07-17 14:06:07 0 d-------- C:\VundoFix Backups
2008-07-17 13:21:44 73 --a------ C:\WINDOWS\4149.bat
2008-07-17 13:21:41 121344 --a------ C:\WINDOWS\task32.exe
2008-07-17 13:20:54 0 d-------- C:\WINDOWS\system32\aumsDK18
2008-07-17 13:20:51 32256 --a------ C:\WINDOWS\system32\khffCrss.dll
2008-07-17 13:20:50 32256 --a------ C:\WINDOWS\system32\ssqrQJcy.dll
2008-07-17 13:20:47 145408 ---hs---- C:\Documents and Settings\jcollins\service.exe
2008-07-16 18:06:03 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-15 19:35:35 1944 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg
2008-07-15 19:22:23 850635 --ahs---- C:\WINDOWS\system32\qrtwHNpo.ini2
2008-07-15 19:20:56 0 d-------- C:\ProgramData
2008-07-15 19:17:49 0 dr-h----- C:\Documents and Settings\jcollins\Application Data\SecuROM
2008-07-15 18:53:10 0 d-------- C:\Documents and Settings\jcollins\Application Data\WinRAR
2008-07-14 18:15:45 0 d-------- C:\Documents and Settings\jcollins\Application Data\SPORE Creature Creator
2008-07-14 18:12:10 0 d--h----- C:\WINDOWS\msdownld.tmp
2008-07-14 18:12:03 0 d-------- C:\WINDOWS\Logs
2008-06-27 18:38:32 53248 ---hs---- C:\Documents and Settings\jcollins\winlogon.exe
-- Find3M Report ---------------------------------------------------------------
2008-07-24 10:45:07 0 d-------- C:\Documents and Settings\jcollins\Application Data\U3
2008-07-24 10:24:13 0 d-------- C:\Program Files\Symantec AntiVirus
2008-07-23 12:40:56 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-22 21:27:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-21 21:25:42 0 d-------- C:\Program Files\utorrent
2008-07-21 16:22:56 0 d-------- C:\Program Files\Java
2008-07-21 15:38:55 0 d-------- C:\Documents and Settings\jcollins\Application Data\uTorrent
2008-07-16 18:07:47 0 d-------- C:\Program Files\Lavasoft
2008-07-16 12:01:21 0 d-------- C:\Program Files\Axis Communications
2008-07-15 21:38:53 0 d-------- C:\Documents and Settings\jcollins\Application Data\LimeWire
2008-07-10 16:53:25 0 d-------- C:\Program Files\Motorola Phone Tools
2008-07-10 16:41:33 0 d-------- C:\Program Files\Avanquest update
2008-06-30 13:55:58 0 d-------- C:\Program Files\iTunes
2008-06-30 13:55:57 0 d-------- C:\Program Files\Apple Software Update
2008-06-12 14:54:44 0 d-------- C:\Documents and Settings\jcollins\Application Data\Adobe
2008-06-06 16:57:52 0 d-------- C:\Program Files\iPod
2008-06-06 16:55:41 0 d-------- C:\Program Files\QuickTime
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B5DCB75-B2FF-4BD3-A494-28A6166D2D97}]
C:\WINDOWS\system32\opNHwtrq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2fa6a35b-cf28-4229-b4f5-ab5d2c9ed89d}]
07/23/2008 03:29 PM 96768 --a------ C:\WINDOWS\system32\wwwywq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312}]
C:\WINDOWS\system32\xXpPhfET.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D20ED34-7104-42BB-86A5-16B4B6E6F2F8}]
07/23/2008 03:29 PM 118784 --a------ C:\WINDOWS\system32\ktokcvkc.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DE52CDC9-2638-4718-8988-13455EE267A7}]
07/24/2008 10:53 AM 91648 --a------ C:\Documents and Settings\jcollins\Local Settings\Temporary Internet Files\Content.IE5\C1QR692L\3077ahntdksr[1].dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1F93182-D570-4483-BA6D-07492EDDD294}]
07/21/2008 02:10 PM 245760 --a------ C:\WINDOWS\system32\xxYOExWN.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [04/06/2005 03:22 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [04/06/2005 03:19 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [04/06/2005 03:23 AM]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/14/2004 08:42 PM]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [02/23/2005 05:19 PM]
"NGClient"="C:\Program Files\Symantec\Ghost\ngctw32.exe" [10/03/2003 11:11 AM]
"mmtask"="c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" [10/06/2003 10:05 AM]
"Sxplog"="C:\SxpInst\sxpstub.exe" [10/28/2003 08:15 PM]
"SDJobCheck"="triggusr.exe" [11/15/2003 01:40 PM C:\Program Files\CA\Unicenter Software Delivery\BIN\triggusr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 06:00 AM]
"SurveyorSession"="C:\Program Files\Verdiem\SurveyorSD\bin\SurveyorSession.exe" [10/25/2005 12:18 PM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/04/2005 12:42 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/15/2005 01:28 PM]
"DiscWizardMonitor.exe"="C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe" [08/08/2007 05:47 PM]
"AcronisTimounterMonitor"="C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe" [08/08/2007 06:00 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe" [08/08/2007 05:51 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM]
"Windows Logon Applicationedc"="C:\Documents and Settings\jcollins\winlogon.exe" [06/27/2008 06:38 PM]
"aca0ba75"="C:\WINDOWS\system32\pastnmts.dll" [07/23/2008 03:26 PM]
"BMaf9389e9"="C:\WINDOWS\system32\miswfdup.dll" [07/22/2008 02:13 PM]
"runner1"="C:\WINDOWS\mrofinu1188.exe" [07/23/2008 03:54 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"µTorrent"="C:\Documents and Settings\Joseph Collins\Desktop\utorrent.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/28/2008 11:37 PM]
"Windows Service"="C:\Documents and Settings\jcollins\service.exe" [07/17/2008 01:20 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [12/14/2004 4:44:06 AM]
ALEPH 500 - Version 16 Version Check.lnk - C:\AL500\ALEPHCOM\BIN\VERSION.EXE [2/07/2006 6:50:46 PM]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2/10/2005 4:11:08 PM]
LaunchU3.exe.lnk - C:\WINDOWS\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_2cd672ae.exe [2/20/2007 11:36:01 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=1 (0x1)
"disableregistrytools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"1"=\\admin-vault1\users\maphome.vbs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5F11D5D5-3FB2-4ADD-84AD-D69BC9A5D312}"= C:\WINDOWS\system32\xXpPhfET.dll [ ]
"{094133C8-1D3D-4785-8A56-531CC89612EF}"= C:\WINDOWS\system32\ssqRHWOE.dll [07/24/2008 10:45 AM 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqRHWOE]
ssqRHWOE.dll 07/24/2008 10:45 AM 32768 C:\WINDOWS\system32\ssqRHWOE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xXpPhfET]
xXpPhfET.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxYOExWN
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a86645e-e9d6-11db-adc1-500020f400dc}]
AutoRun\command- E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9cc0082-1309-11dd-ade1-00123f56a0a1}]
AutoRun\command- K:\LaunchU3.exe -a
-- End of Deckard's System Scanner: finished at 2008-07-24 10:59:57 ------------
And here is the Extra
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English
CPU 0: Intel® Pentium® 4 CPU 3.20GHz
CPU 1: Intel® Pentium® 4 CPU 3.20GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2038.07 MiB / 1419.67 MiB
Pagefile Memory (total/avail): 3930.48 MiB / 3399.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.5 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 74.5 GiB total, 20.94 GiB free.
D: is CDROM (No Media)
J: is Fixed (FAT32) - 232.83 GiB total, 207.03 GiB free.
K: is CDROM (CDFS)
L: is Removable (FAT32)
N: is Network (NTFS)
P: is Network (NTFS)
\\.\PHYSICALDRIVE0 - ST380013AS - 74.5 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.5 GiB - C:
\\.\PHYSICALDRIVE2 - SanDisk U3 Cruzer Micro USB Device - 3.81 GiB - 1 partition
\PARTITION0 - Unknown - 3.81 GiB - L:
\\.\PHYSICALDRIVE1 - ST325062 3A USB Device - 232.88 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 232.88 GiB - J:
-- Security Center -------------------------------------------------------------
AUOptions is set to notify before install.
Windows Internal Firewall is disabled.
FirstRunDisabled is set.
AV: Symantec AntiVirus Corporate Edition v10.0.2.2000 (Symantec Corporation)
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe"="C:\\Program Files\\Motorola Phone Tools\\mPhonetools.exe:*:Enabled:mobile Phone Software"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"="C:\\Program Files\\Electronic Arts\\EADM\\Core.exe:*:Enabled:EA Download Manager"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Documents and Settings\\Joseph Collins\\Application Data\\U3\\0000155BF860D7DD\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe"="C:\\Documents and Settings\\Joseph Collins\\Application Data\\U3\\0000155BF860D7DD\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\utorrent\\utorrent.exe"="C:\\Program Files\\utorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Documents and Settings\\Joseph Collins\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\Joseph Collins\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\jcollins\Application Data
ASMROOT=C:\Program Files\CA\Unicenter Software Delivery\SD
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=LIB-RO302-AR
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\jcollins
HOMESHARE=\\Admin-Vault1\users
LOGONSERVER=\\ADMIN-DC1
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\CA\Dcs\DMScripting;C:\Program Files\CA\DCS\CAWIN;C:\Program Files\CA\Unicenter Software Delivery\BIN;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0403
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\jcollins\LOCALS~1\Temp
TMP=C:\DOCUME~1\jcollins\LOCALS~1\Temp
USERDNSDOMAIN=QC.ADS
USERDOMAIN=QC
USERNAME=jcollins
USERPROFILE=C:\Documents and Settings\jcollins
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
jcollins
(admin)surveyor
(new local, admin)ccsadmin
(new local, admin, net ready)Joseph Collins
(admin)Administrator
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
Action Replay Code Manager --> "C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Action Replay GBX --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Datel\ActionReplayGBX\Uninst.isu"
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
Broadcom Advanced Control Suite --> MsiExec.exe /I{058B32E2-6310-4359-B2D4-1988390C3B83}
CA Unicenter Software Delivery --> "C:\Program Files\CA\Unicenter Software Delivery\BIN\sdgoaway.exe"
Dell Digital Jukebox Driver --> C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell File Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EDA9289-CCA7-11D7-8466-00D0B726B56E}\Setup.exe" -l0x9 /remove
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Exact Audio Copy PSP Edition 1.0 --> C:\Program Files\Exact Audio Copy PSP Edition\uninst.exe
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
GPL MPEG-1/2 DirectShow Decoder Filter --> MsiExec.exe /I{870815CA-6B60-47B6-88DD-A67F42D2F03E}
HHD Software Free Hex Editor 3.12 --> "C:\Program Files\HHD Software\Hex Editor 3.x\Uninstaller.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "F:\MALWARE MURDERERS\HijackThis.exe" /uninstall
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hummingbird HostExplorer V9.0 --> MsiExec.exe /I{6262C7DC-C901-463B-9AE2-99D849A8E64D}
Intel® Graphics Media Accelerator Driver --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire PRO 4.17.1 --> "F:\LimewirePRO\LimeWirePRO\uninstall.exe"
LiveUpdate 2.6 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Lizardtech DjVu Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x9
Lotus Notes 7.0.2 --> MsiExec.exe /I{3DFB275E-92F1-4D4A-A546-C5475917FA41}
Macro Express 3 --> C:\PROGRA~1\MACROE~1\UNWISE.EXE C:\PROGRA~1\MACROE~1\INSTALL.LOG
Match-Up! --> MsiExec.exe /I{439800C9-FD42-4EA3-94D2-063DF0926873}
Max Media Creator --> "C:\Program Files\Max Media Creator\unins000.exe"
MaxDrive PS2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Datel\MaxDrive PS2\Uninst.isu"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Motorola Driver Installation 3.2.0 --> MsiExec.exe /I{D6A1E429-CCE1-4140-A615-710B806D12BA}
Motorola Phone Tools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MUSICMATCH® Jukebox --> C:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
NICI (Shared) U.S./Worldwide (128 bit) (2.6.6-1) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}\Setup.exe" -uninst
OCLC Connexion client --> MsiExec.exe /I{4BF1F33A-9E29-41FC-B59C-D3B571494978}
OMCI --> MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
OpenOffice.org Installer 1.0 --> MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PowerDVD 5.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PS3 Video 9 2.25 --> C:\Program Files\Red Kawa\Video Converter\uninstaller.exe
PSP Max Media Manager --> "C:\Program Files\Datel\PSP Max Media Manager\unins000.exe"
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Seagate DiscWizard --> MsiExec.exe /X{81A60A13-224D-4637-8203-3EAC03B121A4}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Shoddy Battle --> C:\WINDOWS\system32\javaws.exe -uninstall -prompt "
http://shoddybattle....ddybattle.jnlp"SPORE™ Creature Creator Trial Edition --> "C:\Program Files\InstallShield Installation Information\{ECEE0279-785F-4CB3-9F28-E69813234BF8}\setup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Surveyor Client --> MsiExec.exe /X{9C8565D2-AE20-4CB5-94CB-1B5CED42A7F9}
Symantec AntiVirus --> MsiExec.exe /I{46B63F23-2B4A-4525-A827-688026BE5E40}
Symantec Ghost Console Client --> MsiExec.exe /I{BEAB52AB-833E-4F86-083E-8752BBB00015}
TOSHIBA Bluetooth Stack for Windows by CSR and Apache --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
U3Launcher --> MsiExec.exe /I{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Connect --> msiexec.exe /I {F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Connect --> MsiExec.exe /I{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}
Yahoo! Widgets --> C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
ZapNotes --> C:\PROGRA~1\ZapNotes\UNWISE.EXE C:\PROGRA~1\ZapNotes\INSTALL.LOG
-- Application Event Log -------------------------------------------------------
Event Record #/Type91024 / Error
Event Submitted/Written: 07/24/2008 10:19:19 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 126637809.
Event Record #/Type91023 / Error
Event Submitted/Written: 07/24/2008 10:19:13 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Event Record #/Type91022 / Error
Event Submitted/Written: 07/24/2008 06:43:08 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Trojan.Vundo in File: C:\WINDOWS\system32\vylskrsm.dll by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.
Event Record #/Type91021 / Error
Event Submitted/Written: 07/24/2008 06:43:06 AM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Trojan.Vundo in File: C:\WINDOWS\system32\vylskrsm.dll by: Scheduled scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged.
Event Record #/Type91020 / Error
Event Submitted/Written: 07/24/2008 06:42:47 AM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Threat: Trojan.Vundo in File: C:\WINDOWS\system32\ukxonltc.dll by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type7744 / Warning
Event Submitted/Written: 07/24/2008 08:04:29 AM
Event ID/Source: 24 / W32Time
Event Description:
Time Provider NtpClient: No valid response has been received from domain controller admin-dc2.qc.ads
after 8 attempts to contact it. This domain controller will be
discarded as a time source and NtpClient will attempt to discover a
new domain controller from which to synchronize.
Event Record #/Type7743 / Warning
Event Submitted/Written: 07/24/2008 04:26:48 AM
Event ID/Source: 24 / W32Time
Event Description:
Time Provide
Sign In
Create Account
