Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google and Yahoo search redirect to Finditand.com AND flash player plu

Started by Joe.K , Oct 29 2008 10:02 PM

  • Please log in to reply

#1
Joe.K
Posted 29 October 2008 - 10:02 PM

Joe.K

    New Member

  • Member
  • Pip
  • 1 posts
Same issues as several others have, also caused by a Facebook email. In addition to the browser redirection, to finditand.com among other sites, videos on Youtube or other sites that utilize the Flash Player plugin play for about 20-30 sec. and then stop and do not continue to load/play. Have run several different types of anti-spy and virus programs with no result. Help please...this is a nasty one.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:41 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\InFocus\LiteShow II\TLA\ifclsmrsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe
C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\UltimateZip 2.7\uzqkst.exe
C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManager.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\jknepell\LOCALS~1\Temp\Temporary Directory 3 for HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ifscentral
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ifscentral/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8484
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: 200.1.10.63 wv-eng-02
O1 - Hosts: 200.1.220.20 euroserv
O1 - Hosts: 200.1.230.10 asiaserv
O1 - Hosts: 144.193.32.36 term-02-047
O1 - Hosts: 144.193.32.37 term-03-047
O1 - Hosts: 200.1.10.112 devapp.infocuscorp.com
O1 - Hosts: 200.1.10.112 devdev
O1 - Hosts: 200.1.10.111 devdb
O1 - Hosts: 200.1.10.113 testdb
O1 - Hosts: 200.1.10.114 testapp
O1 - Hosts: 200.1.10.114 testapp.infocuscorp.com
O1 - Hosts: 200.1.10.116 prodapp1.infocuscorp.com
O1 - Hosts: 200.1.10.116 prodapp1
O1 - Hosts: 200.1.10.115 proddb
O1 - Hosts: 200.1.10.117 prodapp2.infocuscorp.com
O1 - Hosts: 200.1.10.117 prodapp2
O1 - Hosts: 200.1.10.61 wv-dc-am01
O1 - Hosts: 200.1.10.69 wv-dc-am02
O1 - Hosts: 200.1.10.55 wv-fs-01
O1 - Hosts: 200.1.10.32 wv-iis-02
O1 - Hosts: 200.1.10.95 wv-mail-01
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [GoBoingo] C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk
O4 - HKLM\..\Run: [MSCRM] "C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /activateaddin
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MSCRMStartup] "C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe"
O4 - HKCU\..\Run: [(RemoteRegistry) ] "C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe" /set
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe (User 'Default user')
O4 - .DEFAULT User Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: InFocus DisplayLink Manager Startup.lnk = C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup[1].exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ifscentral
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1196293286200
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1196293409421
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://prodapp1.info...tor/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = am.infocus.int
O17 - HKLM\Software\..\Telephony: DomainName = am.infocus.int
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = am.infocus.int
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = am.infocus.int,emea.infocus.int,ultradomain1.infocus.int,infocus.int,infocuscorp
.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = am.infocus.int
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = am.infocus.int,emea.infocus.int,ultradomain1.infocus.int,infocus.int,infocuscorp
.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = am.infocus.int,emea.infocus.int,ultradomain1.infocus.int,infocus.int,infocuscorp
.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InFocus Mirror Driver Service - Unknown owner - C:\Program Files\InFocus\LiteShow II\TLA\ifclsmrsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Symantec Ghost Client Agent (NGCLIENT) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13236 bytes



Logfile of random's system information tool 1.04 (written by random/random)
Run by jknepell at 2008-10-29 22:03:41
Microsoft Windows XP Professional Service Pack 2
System drive C: has 222 GB (93%) free of 238 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:48 PM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\InFocus\LiteShow II\TLA\ifclsmrsvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Ghost\ngctw32.exe
C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Symantec\Ghost\ngtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Boingo\GoBoingo\GoBoingo.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe
C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\UltimateZip 2.7\uzqkst.exe
C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManager.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\jknepell\Desktop\RSIT.exe
C:\Program Files\trend micro\jknepell.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ifscentral
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ifscentral/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8484
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O1 - Hosts: 200.1.10.63 wv-eng-02
O1 - Hosts: 200.1.220.20 euroserv
O1 - Hosts: 200.1.230.10 asiaserv
O1 - Hosts: 144.193.32.36 term-02-047
O1 - Hosts: 144.193.32.37 term-03-047
O1 - Hosts: 200.1.10.112 devapp.infocuscorp.com
O1 - Hosts: 200.1.10.112 devdev
O1 - Hosts: 200.1.10.111 devdb
O1 - Hosts: 200.1.10.113 testdb
O1 - Hosts: 200.1.10.114 testapp
O1 - Hosts: 200.1.10.114 testapp.infocuscorp.com
O1 - Hosts: 200.1.10.116 prodapp1.infocuscorp.com
O1 - Hosts: 200.1.10.116 prodapp1
O1 - Hosts: 200.1.10.115 proddb
O1 - Hosts: 200.1.10.117 prodapp2.infocuscorp.com
O1 - Hosts: 200.1.10.117 prodapp2
O1 - Hosts: 200.1.10.61 wv-dc-am01
O1 - Hosts: 200.1.10.69 wv-dc-am02
O1 - Hosts: 200.1.10.55 wv-fs-01
O1 - Hosts: 200.1.10.32 wv-iis-02
O1 - Hosts: 200.1.10.95 wv-mail-01
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [GoBoingo] C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk
O4 - HKLM\..\Run: [MSCRM] "C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe" /activateaddin
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [MSCRMStartup] "C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe"
O4 - HKCU\..\Run: [(RemoteRegistry) ] "C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe" /set
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MalwareRemovalBot] C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - S-1-5-18 Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe (User 'Default user')
O4 - .DEFAULT User Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: UltimateZip Quick Start.lnk = C:\Program Files\UltimateZip 2.7\uzqkst.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: InFocus DisplayLink Manager Startup.lnk = C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup[1].exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra 'Tools' menuitem: ProxyPal - {B0127AF2-316C-4f1d-BF35-3DE43971EEC5} - C:\WINDOWS\system32\proxypal.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ifscentral
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1196293286200
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1196293409421
O16 - DPF: {CAFECAFE-0013-0001-0021-ABCDEFABCDEF} (JInitiator 1.3.1.21) - http://prodapp1.info...tor/oajinit.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = am.infocus.int
O17 - HKLM\Software\..\Telephony: DomainName = am.infocus.int
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = am.infocus.int
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = am.infocus.int,emea.infocus.int,ultradomain1.infocus.int,infocus.int,infocuscorp
.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = am.infocus.int
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = am.infocus.int,emea.infocus.int,ultradomain1.infocus.int,infocus.int,infocuscorp
.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = am.infocus.int,emea.infocus.int,ultradomain1.infocus.int,infocus.int,infocuscorp
.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DisplayLink Service (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InFocus Mirror Driver Service - Unknown owner - C:\Program Files\InFocus\LiteShow II\TLA\ifclsmrsvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Symantec Ghost Client Agent (NGCLIENT) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngctw32.exe
O23 - Service: Remote Registry (RemoteRegistry) - Unknown owner - C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13208 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MalwareRemovalBot Scheduled Scan.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-08-02 124232]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-05-23 192512]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2007-01-24 124928]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-05-02 163840]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-15 102400]
"NGTray"=C:\Program Files\Symantec\Ghost\ngtray.exe [2007-04-19 181896]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-01-29 30248]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-01-29 46632]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-02-01 255528]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-23 663552]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"GoBoingo"=C:\Program Files\Boingo\GoBoingo\GoBoingo.lnk [2008-10-29 2155]
"MSCRM"=C:\Program Files\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe [2007-12-07 62488]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-16 1611480]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\HOMERunner.exe [2008-09-26 206184]
"MSCRMStartup"=C:\Program Files\Microsoft Dynamics CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe [2007-12-07 107544]
"(RemoteRegistry) "=C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe [2008-10-28 9472]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"MalwareRemovalBot"=C:\Program Files\MalwareRemovalBot\MalwareRemovalBot.exe [2008-10-28 19382272]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
InFocus DisplayLink Manager Startup.lnk - C:\Program Files\InFocus\DisplayLink Manager\InFocusDisplayLinkManagerSetup[1].exe

C:\Documents and Settings\jknepell\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
UltimateZip Quick Start.lnk - C:\Program Files\UltimateZip 2.7\uzqkst.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-03-27 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-08-02 83272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Symantec\Ghost\ngctw32.exe"="C:\Program Files\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent"
"C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe"="C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe:*:Enabled:TINYPROXY"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Symantec\Ghost\ngctw32.exe"="C:\Program Files\Symantec\Ghost\ngctw32.exe:*:Enabled:Symantec Ghost Client Agent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6bb1e4fa-8356-11dd-bc7d-00059a3c7800}]
shell\AutoRun\command - E:\AutoRun.exe InFocusDisplayLinkManagerSetup.exe


======List of files/folders created in the last 1 months======

2008-10-29 22:03:41 ----D---- C:\Program Files\trend micro
2008-10-28 21:06:53 ----D---- C:\rsit
2008-10-28 21:03:03 ----D---- C:\Program Files\Tren Micro HiJackThis
2008-10-28 20:56:59 ----D---- C:\WINDOWS\ERDNT
2008-10-28 20:56:27 ----D---- C:\Program Files\ERUNT
2008-10-28 20:39:36 ----D---- C:\Documents and Settings\jknepell\Application Data\MalwareRemovalBot
2008-10-28 20:39:31 ----D---- C:\Program Files\MalwareRemovalBot
2008-10-28 15:51:01 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-28 12:08:08 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-28 12:08:08 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-28 12:02:58 ----D---- C:\Program Files\Windows Defender
2008-10-28 11:01:02 ----D---- C:\Program Files\Mozilla Firefox
2008-10-28 10:52:41 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-28 10:52:14 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-28 08:47:44 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2008-10-28 08:47:15 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-27 12:54:57 ----H---- C:\WINDOWS\bolivar23.exe
2008-10-21 22:10:09 ----D---- C:\Documents and Settings\jknepell\Application Data\Move Networks
2008-10-20 17:24:56 ----D---- C:\Program Files\Microsoft Dynamics CRM
2008-10-20 17:22:06 ----D---- C:\WINDOWS\system32\XPSViewer
2008-10-20 17:21:46 ----D---- C:\Program Files\Reference Assemblies
2008-10-20 17:21:28 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-10-20 17:21:11 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-10-20 17:20:46 ----D---- C:\Program Files\Microsoft
2008-10-16 10:01:59 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 10:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 10:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 10:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-16 10:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-16 10:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-10-15 01:31:25 ----A---- C:\WINDOWS\IE4 Error Log.txt
2008-10-06 21:24:11 ----D---- C:\Documents and Settings\All Users\Application Data\TomTom
2008-10-06 21:23:37 ----D---- C:\Documents and Settings\jknepell\Application Data\Mozilla
2008-10-06 21:23:36 ----D---- C:\Documents and Settings\jknepell\Application Data\TomTom
2008-10-06 21:23:24 ----D---- C:\Program Files\TomTom HOME 2
2008-10-06 21:09:27 ----D---- C:\Program Files\TomTom DesktopSuite
2008-10-01 12:03:26 ----D---- C:\Documents and Settings\jknepell\Application Data\ScanSoft

======List of files/folders modified in the last 1 months======

2008-10-29 22:03:48 ----D---- C:\WINDOWS\Prefetch
2008-10-29 22:03:41 ----RD---- C:\Program Files
2008-10-29 22:03:36 ----D---- C:\WINDOWS\Temp
2008-10-29 14:51:11 ----HD---- C:\WINDOWS\inf
2008-10-29 12:11:29 ----D---- C:\WINDOWS\system32
2008-10-29 12:11:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-29 12:10:23 ----SD---- C:\WINDOWS\Tasks
2008-10-29 12:09:17 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-29 12:07:23 ----D---- C:\Program Files\Symantec AntiVirus
2008-10-29 12:07:21 ----D---- C:\WINDOWS\system32\drivers
2008-10-28 21:22:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-28 20:56:59 ----D---- C:\WINDOWS
2008-10-28 20:39:33 ----SHD---- C:\WINDOWS\Installer
2008-10-28 15:50:55 ----D---- C:\Program Files\Windows Media Player
2008-10-28 15:50:55 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-28 15:50:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-28 15:50:47 ----D---- C:\WINDOWS\security
2008-10-28 15:50:32 ----D---- C:\WINDOWS\system32\Macromed
2008-10-28 15:48:45 ----D---- C:\WINDOWS\system32\Restore
2008-10-28 12:02:58 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-28 12:01:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-28 10:53:20 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-28 10:52:19 ----D---- C:\WINDOWS\Help
2008-10-28 10:31:31 ----A---- C:\WINDOWS\win.ini
2008-10-28 10:31:11 ----SHD---- C:\WINDOWS\CSC
2008-10-28 09:43:27 ----D---- C:\WINDOWS\Microsoft.NET
2008-10-28 08:47:47 ----A---- C:\WINDOWS\imsins.BAK
2008-10-28 08:47:43 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-28 08:47:41 ----RSD---- C:\WINDOWS\assembly
2008-10-24 12:52:35 ----SD---- C:\Documents and Settings\jknepell\Application Data\Microsoft
2008-10-21 14:07:55 ----D---- C:\WINDOWS\system32\config
2008-10-20 17:23:58 ----D---- C:\Program Files\MSBuild
2008-10-20 17:22:06 ----D---- C:\WINDOWS\system32\en-us
2008-10-20 17:22:04 ----RSD---- C:\WINDOWS\Fonts
2008-10-20 17:21:37 ----D---- C:\WINDOWS\system32\spool
2008-10-20 17:20:52 ----D---- C:\WINDOWS\WinSxS
2008-10-20 17:20:52 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-20 16:49:05 ----A---- C:\WINDOWS\ODBC.INI
2008-10-16 10:02:16 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-10-16 10:01:17 ----D---- C:\Program Files\Internet Explorer
2008-10-15 10:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-09 14:27:30 ----A---- C:\DVDPATH.TXT

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-03-01 289792]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-07 93952]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-03-28 2847744]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-11-14 84992]
R3 ATSWPDRV;(****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-04-10 140808]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-02-14 47907]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DisplayLinkGA;DisplayLinkGA; C:\WINDOWS\system32\DRIVERS\DisplayLinkGAport.sys [2008-07-23 20736]
R3 DisplayLinkmirror;DisplayLinkmirror; C:\WINDOWS\system32\DRIVERS\DisplayLinkmirrorport.sys [2008-07-23 18816]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-12-11 242320]
R3 EuMusDesignVirtualAudioCableWdm;PC2TV Audio; C:\WINDOWS\system32\DRIVERS\PC2TVAudio.sys [2007-04-04 38528]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-10-16 989312]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-10-16 211200]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-04-18 41216]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081015.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081015.003\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 PC2TV;PC2TV_Display_Driver; C:\WINDOWS\system32\DRIVERS\PC2TV.sys [2007-04-12 25344]
R3 PC2TVMirror;PC2TVMirror_Display_Driver; C:\WINDOWS\system32\DRIVERS\PC2TVMirror.sys [2007-04-12 25344]
R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys [2008-04-14 20096]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-15 213696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-10-16 731136]
S3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys []
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\WINDOWS\System32\Drivers\BrSerIf.sys [2006-12-12 52224]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\WINDOWS\System32\Drivers\BrUsbSer.sys [2006-09-03 11904]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 DisplayLinkUsbPort;DisplayLink USB Device; C:\WINDOWS\system32\DRIVERS\DisplayLinkUsbPort.sys [2008-07-23 20992]
S3 HdAudAddService;ATI Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 ifclsmr;ifclsmr; C:\WINDOWS\system32\DRIVERS\ifclsmr.sys []
S3 NETw4x32;Intel® Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-03-27 512000]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-08-04 1445912]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-08-02 30024]
R2 DisplayLinkService;DisplayLink Service; C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe [2008-07-23 443752]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 InFocus Mirror Driver Service;InFocus Mirror Driver Service; C:\Program Files\InFocus\LiteShow II\TLA\ifclsmrsvc.exe [2008-09-08 53248]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NGCLIENT;Symantec Ghost Client Agent; C:\Program Files\Symantec\Ghost\ngctw32.exe [2007-04-19 632456]
R2 Remote Registry (RemoteRegistry) ;Remote Registry (RemoteRegistry) ; C:\Program Files\TomTom DesktopSuite\bin\odbccu32.exe [2008-10-28 9472]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-08-02 173392]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-08-02 1267024]
R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2004-03-05 192573]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

Edited by Joe.K, 29 October 2008 - 10:07 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP