Options
Nexplore
I'm having the Nexplore popups regularly and am ready to move them.
I see where other people have done this and it seems to be a lengthy process.
Can anyone help?
Thanks,
Ryan
I see where other people have done this and it seems to be a lengthy process.
Can anyone help?
Thanks,
Ryan
0
Comments
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
Download and Run RSIT
( They can also be found in the C:\RSIT folder )
Thanks for the quick reply. On Monday of this week, I started noticing the Nexplore pop-ups and it continued on into Tuesday when I researched the problem and posted on the message board.
Wednesday morning I ran a virus scan and it removed some stuff, and the pop-ups are no longer occurring (and my pc is running smoother).
I would like to think that this virus scan removed the infected files, but I'm smart enough to know that the bug could still be hiding around.
If the pop-ups continue, I will be back to this message board seeking help.
If you feel I should still run the RSIT and go through the whole process, then by all means I will... but I am failry content with the way my system has ran the past two days after the virus scan.
Thanks for any help you can offer!
Ryan
Logfile of random's system information tool 1.06 (written by random/random)
Run by alleryam2 at 2009-08-13 09:45:05
Microsoft Windows XP Professional Service Pack 2
System drive C: has 8 GB (41%) free of 20 GB
Total RAM: 1014 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:15 AM, on 8/13/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Passlogix\v-GO SSO\ssoshell.exe
C:\WINNT\Explorer.EXE
D:\inteq\advantage\Bin\ApiService.exe
D:\DOCUME~1\ALLERY~1\LOCALS~1\Temp\LogonApp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
C:\Program Files\BakerHughes\GlobalConnect\cvpnd.exe
C:\WINNT\System32\enstart.exe
C:\Program Files\BHI Global Connect\BHI Global Connect\e360SysTray.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINNT\stsystra.exe
C:\PROGRA~1\Novadigm\radtray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINNT\system32\PMService.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Passlogix\v-GO SSO\Helper\Moz\ssomozho.exe
C:\Program Files\Passlogix\v-GO SSO\Helper\SAP\ssosapho.exe
C:\Program Files\BHI Global Connect\BHI Global Connect\FLUtilsSvc.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Passlogix\v-GO SSO\Helper\IE\ssobho.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ETICKETBOT\Binn\sqlservr.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\Novadigm\radexecd.exe
C:\PROGRA~1\Novadigm\radsched.exe
C:\PROGRA~1\Novadigm\Radstgms.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\BHI Global Connect\BHI Global Connect\ServiceMgr.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\CA\Unicenter DSM\Bin\caf.exe
C:\Program Files\CA\Unicenter DSM\Bin\cfsmsmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\CA\Unicenter DSM\Bin\ccnfagent.exe
C:\Program Files\PCD32\client32.exe
C:\Program Files\CA\Unicenter DSM\Bin\cfnotsrvd.exe
C:\Program Files\CA\Unicenter DSM\Bin\ccsmagtd.exe
C:\Program Files\CA\Unicenter DSM\PMAgent\capmuamagt.exe
C:\Program Files\CA\Unicenter DSM\Bin\cfftplugin.exe
C:\Program Files\BakerHughes\GlobalConnect\vpngui.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
D:\Documents and Settings\alleryam2\Desktop\RSIT.exe
C:\Program Files\trend micro\alleryam2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://botweb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://botweb/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Baker Oil Tools
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,"C:\Program Files\Passlogix\v-GO SSO\ssoshell.exe" /background
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {d042dc33-27b3-4a50-ab63-172ec49c2877} - C:\WINNT\system32\vayojema.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Radia User Process] "C:\PROGRA~1\Novadigm\Radskman.exe" uid=$MACHINE,mname=RADIA,dname=SOFTWARE,ask=N,cat=M,context=U,local=Y,flushu=N,hreboot=N,ind=N,userfreq=0
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program Files\CA\Unicenter DSM\Bin\cfSysTray.exe"
O4 - HKLM\..\Run: [Dell QuickSet Radio Toggle] "c:\Program Files\Dell\QuickSet\WiFi_Radio_Toggle.lnk"
O4 - HKLM\..\Run: [e360SysTray] "C:\Program Files\BHI Global Connect\BHI Global Connect\e360SysTray.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINNT\system32\EZ_GPO_Tool.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [RUNRADTRAY] "C:\PROGRA~1\Novadigm\radtray.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [BHI Wireless C2 Profile Import] "C:\Program Files\Novadigm\RADREXXW.EXE" "C:\WINNT\ITTools\Intel_PROSet\C24allIMPORT.REX"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [tuleyizeno] Rundll32.exe "C:\WINNT\system32\bisawuza.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\Communicator.exe" (User 'Default user')
O4 - Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Startup: AutorunsDisabled
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: AutorunsDisabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://botweb/
O15 - Trusted Zone: http://lwweb.bakerhughes.com
O15 - Trusted Zone: http://lwweb1.bakerhughes.com
O15 - Trusted Zone: http://lwweb2.bakerhughes.com
O15 - Trusted Zone: http://webboardhou.bakerhughes.com
O15 - Trusted Zone: http://*.BakerHughesDirect
O15 - Trusted Zone: http://bhidgxweb02.BakerHughesDirect.com
O15 - Trusted Zone: http://www.BakerHughesDirect.com
O15 - Trusted Zone: http://*.bhicms
O15 - Trusted Zone: http://bhidfwrap01.ent.bhicorp.com
O15 - Trusted Zone: http://*.bhihdciis01
O15 - Trusted Zone: http://*.bravacel
O15 - Trusted Zone: http://*.bravahou
O15 - Trusted Zone: http://*.bsssyspro01
O15 - Trusted Zone: http://*.CAESAR
O15 - Trusted Zone: http://*.CelleWeb
O15 - Trusted Zone: http://*.cenclaweb01
O15 - Trusted Zone: http://*.DMSQUERY
O15 - Trusted Zone: http://*.dmsquerycel
O15 - Trusted Zone: http://*.dmsquerydev
O15 - Trusted Zone: http://*.dmsqueryhou
O15 - Trusted Zone: http://*.gt90
O15 - Trusted Zone: http://*.INSOURCECEL
O15 - Trusted Zone: http://*.inview
O15 - Trusted Zone: http://*.materials
O15 - Trusted Zone: http://*.wrap
O15 - Trusted Zone: http://*.wrapAP
O15 - Trusted Zone: http://*.wrapAP2
O15 - Trusted Zone: http://*.wrapEARC
O15 - Trusted Zone: http://*.wrapEARC2
O15 - Trusted Zone: http://*.wrapLA
O15 - Trusted Zone: http://*.wrapME
O15 - Trusted Zone: http://*.wrapME2
O15 - Trusted Zone: http://*.wrapNA
O15 - Trusted Zone: http://*.wrapteam
O15 - Trusted Zone: http://*.wraptest
O15 - Trusted Zone: http://lwweb.bakerhughes.com (HKLM)
O15 - Trusted Zone: http://lwweb1.bakerhughes.com (HKLM)
O15 - Trusted Zone: http://lwweb2.bakerhughes.com (HKLM)
O15 - Trusted Zone: http://webboardhou.bakerhughes.com (HKLM)
O15 - Trusted Zone: http://*.BakerHughesDirect (HKLM)
O15 - Trusted Zone: http://bhidgxweb02.BakerHughesDirect.com (HKLM)
O15 - Trusted Zone: http://www.BakerHughesDirect.com (HKLM)
O15 - Trusted Zone: http://*.bhihdciis01 (HKLM)
O15 - Trusted Zone: http://*.bsssyspro01 (HKLM)
O15 - Trusted Zone: http://*.CAESAR (HKLM)
O15 - Trusted Zone: http://*.cenclaweb01 (HKLM)
O15 - Trusted Zone: http://*.DMSQUERY (HKLM)
O15 - Trusted Zone: http://*.INSOURCECEL (HKLM)
O15 - Trusted Zone: http://*.inview (HKLM)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ent.bhicorp.com
O17 - HKLM\Software\..\Telephony: DomainName = ent.bhicorp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ent.bhicorp.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ent.bhicorp.com,unix.bhicorp.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ent.bhicorp.com,unix.bhicorp.com
O20 - AppInit_DLLs: C:\WINNT\system32\diteriga.dll c:\winnt\system32\yowefise.dll
O20 - Winlogon Notify: CAF - C:\Program Files\CA\Unicenter DSM\Bin\cfwlogon.dll
O20 - Winlogon Notify: FLWLEvents - C:\WINNT\system32\FiberlinkNetProv.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: ApiService - - D:\inteq\advantage\Bin\ApiService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Extend360 Enforcement Agent (BESClient) - BigFix Inc. - C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA Unicenter DSM r11 Common Application Framework. (caf) - CA - C:\Program Files\CA\Unicenter DSM\Bin\caf.exe
O23 - Service: Client32 - NetSupport Ltd - C:\Program Files\PCD32\client32.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\BakerHughes\GlobalConnect\cvpnd.exe
O23 - Service: sys host (enstart) - Unknown owner - C:\WINNT\System32\enstart.exe
O23 - Service: Energy Star(TM) EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINNT\system32\PMService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fiberlinkcomm Wireless Engine - Unknown owner - C:\Program Files\BHI Global Connect\BHI Global Connect\WENGINE2\BWEngine.exe
O23 - Service: Fiberlinkcomm WMonitor - Boingo Wireless, Inc. - C:\Program Files\BHI Global Connect\BHI Global Connect\WENGINE2\WMonitor.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: System Connect Util Service (FLUtilsSvc) - Fiberlink Communications Corp. - C:\Program Files\BHI Global Connect\BHI Global Connect\FLUtilsSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: HP Client Automation Notify Daemon (radexecd) - Hewlett-Packard - C:\PROGRA~1\Novadigm\radexecd.exe
O23 - Service: HP Client Automation Scheduler Daemon (radsched) - Hewlett-Packard - C:\PROGRA~1\Novadigm\radsched.exe
O23 - Service: HP Client Automation MSI Redirector (Radstgms) - Hewlett-Packard - C:\PROGRA~1\Novadigm\Radstgms.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\BHI Global Connect\BHI Global Connect\ServiceMgr.exe
--
End of file - 17515 bytes
======Scheduled tasks folder======
C:\WINNT\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-10 61816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-03-23 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll [2007-05-02 440056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2008-08-22 321120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d042dc33-27b3-4a50-ab63-172ec49c2877}]
C:\WINNT\system32\vayojema.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2008-08-22 321120]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Radia User Process"=C:\PROGRA~1\Novadigm\Radskman.exe [2008-12-17 270514]
"CAF_SystemTray"=C:\Program Files\CA\Unicenter DSM\Bin\cfSysTray.exe [2009-03-25 124168]
"Dell QuickSet Radio Toggle"=c:\Program Files\Dell\QuickSet\WiFi_Radio_Toggle.lnk [2007-10-25 1593]
"e360SysTray"=C:\Program Files\BHI Global Connect\BHI Global Connect\e360SysTray.exe [2007-06-12 162912]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-10-08 1101824]
"EPA_EZ_GPO_Tool"=C:\WINNT\system32\EZ_GPO_Tool.exe [2008-02-29 77824]
"SigmatelSysTrayApp"=C:\WINNT\stsystra.exe [2005-11-16 397312]
"RUNRADTRAY"=C:\PROGRA~1\Novadigm\radtray.exe [2008-06-12 475136]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2006-02-20 839680]
"BHI Wireless C2 Profile Import"=C:\Program Files\Novadigm\RADREXXW.EXE [2008-03-06 151726]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-08-22 620152]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-03-23 34672]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\udaterui.exe [2009-05-18 136512]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-01-27 111952]
"tuleyizeno"=C:\WINNT\system32\bisawuza.dll,s []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-02-13 564496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-02-13 2196240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2009-05-18 136512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-01-27 111952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^DING! (2).lnk]
C:\PROGRA~1\SOUTHW~1\Ding\Ding.exe [2006-06-22 462848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
C:\PROGRA~1\MICROS~4\80\Tools\Binn\sqlmangr.exe [2005-05-03 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"TME10RC"=2
"McTaskManager"=2
"McShield"=2
"McAfeeFramework"=2
"LVSrvLauncher"=2
"LVCOMSer"=2
"iPod Service"=3
"CourseWorks Database Backup Service"=2
"Apple Mobile Device"=2
D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
AutorunsDisabled
D:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINNT\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
AutorunsDisabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINNT\system32\diteriga.dll c:\winnt\system32\yowefise.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CAF]
C:\Program Files\CA\Unicenter DSM\Bin\cfwlogon.dll [2009-03-25 27400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\FLWLEvents]
C:\WINNT\system32\FiberlinkNetProv.dll [2007-06-12 299008]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2005-12-13 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINNT\system32\upnpui.dll [2004-08-04 239616]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
TivoliAP
"notification packages"=scecli
C:\WINNT\system32\diteriga.dll
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=0
"legalnoticecaption"=
"legalnoticetext"=
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoWindowsUpdate"=1
"NoSMMyPictures"=1
"NoStartMenuMyMusic"=1
"ForceStartMenuLogOff"=1
"NoSMConfigurePrograms"=1
"NoDesktopCleanupWizard"=1
"Intellimenus"=1
"NoAutoUpdate"=0
"DisallowRun"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\PROGRA~1\Novadigm\radexecd.exe"="C:\PROGRA~1\Novadigm\radexecd.exe:*:Enabled:HPCA Notify Daemon"
"C:\WINNT\explorer.exe"="C:\WINNT\explorer.exe:*:Enabled:Explorer"
"C:\WINNT\system32\winlogon.exe"="C:\WINNT\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\CA\Unicenter DSM\bin\cfUsrNtf.exe"="C:\Program Files\CA\Unicenter DSM\bin\cfUsrNtf.exe:*:Enabled:cfusrntf"
"C:\Program Files\PCD32\CLIENT32.EXE"="C:\Program Files\PCD32\CLIENT32.EXE:*:Enabled:PC-Duo Client"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Novadigm\radexecd.exe"="C:\Program Files\Novadigm\radexecd.exe:*:Enabled:radexecd"
"C:\WINNT\system32\winlogon.exe"="C:\WINNT\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINNT\explorer.exe"="C:\WINNT\explorer.exe:*:Enabled:Explorer"
"C:\Program Files\CA\Unicenter DSM\bin\cfUsrNtf.exe"="C:\Program Files\CA\Unicenter DSM\bin\cfUsrNtf.exe:*:Enabled:cfusrntf"
"C:\Program Files\Novadigm\raduishell.exe"="C:\Program Files\Novadigm\raduishell.exe:*:Enabled:raduishell"
"C:\Program Files\Novadigm\radtray.exe"="C:\Program Files\Novadigm\radtray.exe:*:Enabled:radtray"
"C:\Program Files\PCD32\CLIENT32.EXE"="C:\Program Files\PCD32\CLIENT32.EXE:*:Enabled:PC-Duo Client"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{093199ab-036e-11de-92e9-0015c53b8088}]
shell\AutoRun\command - qphdin.com
shell\open\command - qphdin.com
======List of files/folders created in the last 1 months======
2009-08-13 09:45:08 ----D---- C:\Program Files\trend micro
2009-08-13 09:45:05 ----D---- C:\rsit
2009-08-12 09:19:36 ----D---- C:\WINNT\SoftwareDistribution
2009-08-08 11:15:49 ----D---- C:\WINDOWS
2009-08-06 09:22:11 ----HDC---- C:\WINNT\$NtUninstallKB972260$
2009-08-05 18:52:37 ----D---- C:\Program Files\Microsoft Games
2009-07-20 09:04:50 ----HDC---- C:\WINNT\$NtUninstallKB973346$
2009-07-20 09:04:44 ----HDC---- C:\WINNT\$NtUninstallKB971633$
2009-07-20 09:04:30 ----HDC---- C:\WINNT\$NtUninstallKB961371$
2009-07-18 22:34:57 ----D---- C:\Program Files\iPod
2009-07-18 22:34:53 ----D---- C:\Program Files\iTunes
======List of files/folders modified in the last 1 months======
2009-08-13 09:45:08 ----RD---- C:\Program Files
2009-08-13 09:40:00 ----D---- C:\WINNT\Temp
2009-08-13 09:06:47 ----D---- C:\WINNT\ITTools
2009-08-13 09:06:46 ----D---- C:\Program Files\SOS Observation System
2009-08-13 08:46:07 ----D---- C:\WINNT\security
2009-08-13 08:31:17 ----D---- C:\WINNT
2009-08-13 07:43:55 ----D---- C:\WINNT\Prefetch
2009-08-13 07:16:22 ----D---- C:\WINNT\system32\CatRoot2
2009-08-13 07:05:30 ----D---- C:\quarantine
2009-08-13 07:02:07 ----A---- C:\logon_app_trace.txt
2009-08-12 23:13:27 ----A---- C:\WINNT\SchedLgU.Txt
2009-08-12 16:43:25 ----HD---- C:\WINNT\inf
2009-08-12 11:54:47 ----D---- C:\Program Files\PCD32
2009-08-12 11:54:47 ----D---- C:\Program Files\Novadigm
2009-08-12 08:43:26 ----D---- C:\WINNT\system32
2009-08-11 14:48:04 ----D---- D:\Documents and Settings\All Users\Application Data\FLEXnet
2009-08-11 12:54:33 ----SHD---- C:\WINNT\CSC
2009-08-10 12:09:22 ----D---- C:\mcafeelogs
2009-08-10 11:55:31 ----SHD---- C:\WINNT\Installer
2009-08-10 11:55:31 ----HD---- C:\Config.Msi
2009-08-10 11:34:31 ----D---- C:\WINNT\system32\drivers
2009-08-10 09:08:36 ----SD---- C:\WINNT\Downloaded Program Files
2009-08-10 09:04:27 ----RSHD---- C:\WINNT\system32\dllcache
2009-08-06 09:22:21 ----D---- C:\Program Files\Internet Explorer
2009-08-06 09:21:59 ----HD---- C:\WINNT\$hf_mig$
2009-08-05 18:59:56 ----RSD---- C:\WINNT\Fonts
2009-07-31 13:56:02 ----D---- D:\Documents and Settings\alleryam2\Application Data\Passlogix
2009-07-22 13:22:45 ----A---- C:\invalid.txt
2009-07-20 13:58:32 ----D---- C:\TEMP
2009-07-20 09:04:53 ----A---- C:\WINNT\imsins.BAK
2009-07-18 22:34:57 ----D---- C:\Program Files\Common Files\Apple
2009-07-18 11:20:31 ----A---- C:\WINNT\system32\shdocvw.dll
2009-07-18 11:20:31 ----A---- C:\WINNT\system32\mshtml.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINNT\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 enstart_;enstart_; \??\C:\WINNT\System32\enstart_.sys []
R1 faARM;faARM; \??\C:\WINNT\system32\drivers\faARM.sys []
R1 intelppm;Intel Processor Driver; C:\WINNT\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINNT\system32\drivers\mfetdik.sys [2009-01-27 52168]
R1 PCISys;PCISys; C:\WINNT\system32\drivers\PCISys.sys [2006-08-08 32823]
R1 TGrab;Tivoli Remote Control Text Grabber; C:\WINNT\system32\drivers\TGrab.sys [2005-06-07 8288]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINNT\system32\DRIVERS\AegisP.sys [2008-08-18 21361]
R2 irda;IrDA Protocol; C:\WINNT\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 KeyEx2;Tivoli Remote Control Keybord Filter; C:\WINNT\system32\drivers\KeyEx2.sys [2005-06-07 3746]
R2 mdmxsdk;mdmxsdk; C:\WINNT\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 MouEx2;Tivoli Remote Control Pointer Filter; C:\WINNT\system32\drivers\MouEx2.sys [2005-06-07 2898]
R2 s24trans;WLAN Transport; C:\WINNT\system32\DRIVERS\s24trans.sys [2007-08-27 12288]
R2 VNLMemReader;VNLMemReader; \??\C:\WINNT\system32\drivers\VNLMemReader.sys []
R2 VNLPciMap;VNLPciMap; \??\C:\WINNT\system32\drivers\VNLPciMap.sys []
R3 Afc;PPdus ASPI Shell; C:\WINNT\system32\drivers\Afc.sys [2005-02-22 11776]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINNT\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINNT\system32\DRIVERS\b57xp32.sys [2005-11-10 142720]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINNT\system32\Drivers\CVPNDRVA.sys []
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINNT\system32\DRIVERS\dne2000.sys [2004-11-03 146888]
R3 gdihook5;gdihook5; C:\WINNT\system32\DRIVERS\gdihook5.sys [2006-08-08 24633]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINNT\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINNT\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 hidusb;Microsoft HID Class Driver; C:\WINNT\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 HSF_DPV;HSF_DPV; C:\WINNT\system32\DRIVERS\HSX_DPV.sys [2005-12-01 936960]
R3 HSXHWAZL;HSXHWAZL; C:\WINNT\system32\DRIVERS\HSXHWAZL.sys [2005-12-01 192512]
R3 ialm;ialm; C:\WINNT\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINNT\system32\DRIVERS\LVPr2Mon.sys [2008-02-05 25624]
R3 mfeapfk;McAfee Inc.; C:\WINNT\system32\drivers\mfeapfk.sys [2009-01-27 65000]
R3 mfeavfk;McAfee Inc.; C:\WINNT\system32\drivers\mfeavfk.sys [2009-01-27 73512]
R3 mfebopk;McAfee Inc.; C:\WINNT\system32\drivers\mfebopk.sys [2009-01-27 34408]
R3 mfehidk;McAfee Inc.; C:\WINNT\system32\drivers\mfehidk.sys [2009-01-27 177864]
R3 mouhid;Mouse HID Driver; C:\WINNT\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINNT\system32\DRIVERS\NETw4x32.sys [2007-09-26 2236032]
R3 RadiaMsi;RadiaMsi; C:\WINNT\system32\DRIVERS\radiamsi.sys [2008-03-06 30120]
R3 Rasirda;WAN Miniport (IrDA); C:\WINNT\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINNT\system32\DRIVERS\smcirda.sys [2001-08-17 35913]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINNT\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 USBCCID;USB Smart Card reader; C:\WINNT\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 vsdatant;vsdatant; \??\C:\WINNT\system32\vsdatant.sys []
R3 winachsf;winachsf; C:\WINNT\system32\DRIVERS\HSX_CNXT.sys [2005-12-01 669696]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 VNL1394;VNL1394; \??\C:\WINNT\system32\drivers\VNL1394.sys []
S3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 BW2NDIS5;BW2NDIS5; C:\WINNT\System32\Drivers\BW2NDIS5.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINNT\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 FilterService;UVC Filter Service; C:\WINNT\system32\DRIVERS\lvuvcflt.sys [2008-02-05 23832]
S3 GoProto;GoProto Protocol Driver; C:\WINNT\system32\DRIVERS\goprot51.sys [2008-04-08 29184]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINNT\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINNT\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINNT\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 LVcKap;Logitech AEC Driver; C:\WINNT\system32\DRIVERS\LVcKap.sys [2008-02-05 689176]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINNT\system32\DRIVERS\lvrs.sys [2008-02-05 628760]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINNT\system32\drivers\LVUSBSta.sys [2008-02-05 41752]
S3 LVUVC;Logitech QuickCam S7500(UVC); C:\WINNT\system32\DRIVERS\lvuvc.sys [2008-02-05 4658456]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NETw3x32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit; C:\WINNT\system32\DRIVERS\NETw3x32.sys [2006-08-28 1708032]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINNT\System32\Drivers\PCASp50.sys [2005-11-21 20096]
S3 SLIP;BDA Slip De-Framer; C:\WINNT\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2004-04-09 612352]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINNT\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 TcUsb;TC USB Kernel Driver; C:\WINNT\System32\Drivers\tcusb.sys [2006-03-01 28800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINNT\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 a320raid;a320raid; C:\WINNT\System32\DRIVERS\a320raid.sys [2005-02-17 218112]
S4 aac;PERC 320/DC SCSI RAID Miniport Driver; C:\WINNT\System32\DRIVERS\aac.sys [2004-04-07 48140]
S4 fasttx2k;fasttx2k; C:\WINNT\System32\DRIVERS\fasttx2k.sys [2003-04-28 140544]
S4 iaStor;Intel AHCI Controller; C:\WINNT\System32\DRIVERS\iaStor.sys [2006-02-13 250368]
S4 sr;System Restore Filter Driver; C:\WINNT\system32\DRIVERS\sr.sys [2004-08-03 73472]
S4 Symmpi;Symmpi; C:\WINNT\System32\DRIVERS\symmpi.sys [2002-08-29 36096]
S4 vmscsi;vmscsi; C:\WINNT\system32\drivers\vmscsi.sys [2003-02-24 11029]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ApiService;ApiService; D:\inteq\advantage\Bin\ApiService.exe [2006-05-08 20480]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 caf;CA Unicenter DSM r11 Common Application Framework.; C:\Program Files\CA\Unicenter DSM\Bin\caf.exe [2009-03-25 193800]
R2 CA-MessageQueuing;CA Message Queuing Server; C:\Program Files\CA\SharedComponents\CAM\bin\cam.exe [2009-03-25 147456]
R2 Client32;Client32; C:\Program Files\PCD32\client32.exe [2006-08-08 16447]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\BakerHughes\GlobalConnect\cvpnd.exe [2005-06-10 1422336]
R2 enstart;sys host; C:\WINNT\System32\enstart.exe [2007-08-01 733184]
R2 EPA_GPO_PMService;Energy Star(TM) EZ GPO Power Management Configuration Tool; C:\WINNT\system32\PMService.exe [2008-02-29 81920]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-10-08 794624]
R2 FLUtilsSvc;System Connect Util Service; C:\Program Files\BHI Global Connect\BHI Global Connect\FLUtilsSvc.exe [2007-06-12 61440]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINNT\system32\svchost.exe [2004-08-04 14336]
R2 Irmon;Infrared Monitor; C:\WINNT\system32\svchost.exe [2004-08-04 14336]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-02-05 150040]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2009-05-18 103744]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2009-01-27 144704]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-01-27 54608]
R2 MSSQL$ETICKETBOT;MSSQL$ETICKETBOT; C:\Program Files\Microsoft SQL Server\MSSQL$ETICKETBOT\Binn\sqlservr.exe [2002-12-17 7520337]
R2 MSSQLSERVER;MSSQLSERVER; C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe [2008-12-18 9158656]
R2 radexecd;HP Client Automation Notify Daemon; C:\PROGRA~1\Novadigm\radexecd.exe [2008-07-07 258222]
R2 radsched;HP Client Automation Scheduler Daemon; C:\PROGRA~1\Novadigm\radsched.exe [2008-05-29 172206]
R2 Radstgms;HP Client Automation MSI Redirector; C:\PROGRA~1\Novadigm\Radstgms.exe [2008-12-17 315570]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-10-08 483328]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-10-08 1183744]
R2 ServiceMgr;Extend360 Agent; C:\Program Files\BHI Global Connect\BHI Global Connect\ServiceMgr.exe [2007-06-12 347232]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-08-22 654848]
R3 hpqcxs08;hpqcxs08; C:\WINNT\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINNT\System32\svchost.exe [2004-08-04 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINNT\System32\svchost.exe [2004-08-04 14336]
S2 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe [2005-05-03 323584]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 BESClient;Extend360 Enforcement Agent; C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe [2006-02-07 1703936]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fiberlinkcomm Wireless Engine;Fiberlinkcomm Wireless Engine; C:\Program Files\BHI Global Connect\BHI Global Connect\WENGINE2\BWEngine.exe [2007-04-12 827392]
S3 Fiberlinkcomm WMonitor;Fiberlinkcomm WMonitor; C:\Program Files\BHI Global Connect\BHI Global Connect\WENGINE2\WMonitor.exe [2007-04-12 73728]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2005-05-03 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-08-09 89136]
S3 SQLAgent$ETICKETBOT;SQLAgent$ETICKETBOT; C:\Program Files\Microsoft SQL Server\MSSQL$ETICKETBOT\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2004-08-04 14336]
S4 CourseWorks Database Backup Service;CourseWorks Database Backup Service; C:\Program Files\CrsWrks5\DatabaseBackupSvc.exe [2005-07-25 73728]
S4 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-02-05 186904]
S4 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2008-02-05 141848]
S4 TME10RC;Tivoli Remote Control Service; C:\WINNT\RCSERV.EXE [2005-06-07 47104]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
EOF
info.txt logfile of random's system information tool 1.06 2009-08-13 09:46:23
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Acrobat 8 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000003}
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Advantage System-->D:\inteq\ADVANT~1\UNWISE.EXE D:\inteq\ADVANT~1\INSTALL.LOG
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft VideoImpression 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66E0EB37-6024-4872-897A-8E83AF1C87CA}\Setup.exe" -l0x9
BHI Global Connect-->MsiExec.exe /X{FD1E0E6F-EF80-47FE-B7CD-B97AEBD67A56}
BHI Standard Signatures 2.2-->D:\Documents and Settings\alleryam2\BHI Standard Signatures\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BOT Fishing Calculations-->C:\WINNT\st6unst.exe -n "C:\Program Files\BOT Fishing Calulations\ST6UNST.LOG"
CA Unicenter DSM Agent + Asset Management Plugin-->MsiExec.exe /X{624FA386-3A39-4EBF-9CB9-C2B484D78B29}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cisco Systems VPN Client 4.6.04.0043-->MsiExec.exe /X{8A3A2363-2129-43FB-8DFC-F237DA58038C}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028p.inf
CourseWorks-->C:\Program Files\CrsWrks5\rmvCrsWrks.exe
Crystal Reports Runtime-->MsiExec.exe /X{2DDBE64F-6069-47CA-B846-1ACD3134C451}
DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
DISPLEX (TM) - Completion fluid displacement-->MsiExec.exe /I{697801D4-6CC7-442D-9414-7416FE6FE28F}
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Easy-WebPrint-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
ENT SAPGUI v7.10-->MsiExec.exe /I{9340964C-3576-4736-8424-683293FB5B5D}
ENT WinZip v11.2-->MsiExec.exe /X{5BC4988F-5938-47B3-B0E1-ADF4C1B08F8B}
Extend360 Enforcement Agent-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF7023BC-319B-4FE1-B569-C854A19F81F8}\Setup.exe" -l0x9 -removeonly
EZ GPO Power Management Config Tool-->MsiExec.exe /X{454A3979-307D-46FB-A819-4182DC6B4536}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix 2050 for SQL Server 2000 ENU (KB948110)-->"C:\WINNT\$SQLUninstallSQL2000-KB948110-v8.00.2050-x86-ENU$\spuninst\spuninst.exe"
Hotfix 2055 for SQL Server 2000 ENU (KB960082)-->"C:\WINNT\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$\spuninst\spuninst.exe"
HP Client Automation Application Manager Agent-->MsiExec.exe /X{C278EC14-06F7-4A97-B883-F6B33C7D661E}
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{706BB40A-4102-4c89-8107-DC68C4EBD19B}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
InQuest Swell PREdictor-->MsiExec.exe /I{D5CE98B2-CCD6-4384-9803-E025F26443E7}
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
KODAK Gallery Upload Software-->MsiExec.exe /I{B7F98125-4955-41E3-8A71-4CE11CE9C198}
Linksys EasyLink Advisor 1.5 (1010)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.70.1196\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.70" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{6444D9D9-CD6C-4464-B970-55C606C944DC}
Macromedia Shockwave Player-->C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
McAfee Agent-->MsiExec.exe /X{FB82DEF7-781F-4F45-9B6D-1B67DF304ADA}
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB886904)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M886904\M886904Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Communicator 2005-->MsiExec.exe /X{BE5AD430-9E0C-4243-AB3F-593835869855}
Microsoft Office Live Meeting 2005-->MsiExec.exe /I{5E8858EC-6B09-4939-99F2-5678073A0327}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2000-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\MSSQL\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\MSSQL\sqlsun.dll" -msql.mif i=MSSQLSERVER
Microsoft SQL Server Desktop Engine (ETICKETBOT)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Tool Web Package:WntIpcfg.exe-->MsiExec.exe /X{EA82FF50-E258-4DFE-839B-8F26A01A34A7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visio Standard 2002 SR-1 [English]-->MsiExec.exe /I{90540409-6D54-11D4-BEE3-00C04F990354}
Microsoft Visio Web Component Technology Preview-->MsiExec.exe /X{D519ED96-CC4A-473B-8D85-AD4D3C93F826}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
MotorSetUp-->MsiExec.exe /I{D1E88AAD-FA33-4AD0-8A36-5C39936AA274}
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
MSXML4.0 redistributable-->MsiExec.exe /I{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
National Oilwell Fishing Jar Placement Program-->MsiExec.exe /I{639D49B9-B9D1-40C0-9036-A9560ABF20C2}
NetIQ IntelliPolicy Client-->MsiExec.exe /X{13280B3E-EA97-491C-8C84-332479E5B7E0}
NetIQ IntelliPolicy Master Key {A0054417-3945-427E-8F5E-319D7EAC4966}-->MsiExec.exe /X{11DABBEB-A7FB-490F-8150-73DD69C6D372}
NitroSetup-->MsiExec.exe /I{02BE2454-A804-40B8-9827-F71ACC36D894}
OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
PC-Duo v9.10-->MsiExec.exe /I{CB3C7768-9650-47E3-968D-58DBF613E8DE}
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Prizm Viewer 7.1.2, no PDF-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1FEBC942-F466-46D5-B458-DEE443C42658}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
SAP GUI 7.10-->"C:\Program Files\SAP\SAPsetup\setup\NwSapSetup.exe" /uninstall /product="ECL710+GUI710TWEAK+BW350+KW710+GUI710ISHMED+SAPGUI710" /TitleComponent:"SAPGUI710" /IgnoreMissingProducts
SAPRptCat_Setup-->C:\WINNT\st6unst.exe -n "C:\Program Files\SAPRptCat_Setup\ST6UNST.LOG"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows XP (KB913433)-->C:\WINNT\system32\MacroMed\Flash\genuinst.exe C:\WINNT\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB923561)-->"C:\WINNT\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINNT\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINNT\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINNT\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINNT\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINNT\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINNT\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINNT\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINNT\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINNT\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINNT\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINNT\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINNT\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINNT\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINNT\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINNT\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINNT\$NtUninstallKB973346$\spuninst\spuninst.exe"
SOS Observation System-->MsiExec.exe /I{FE8F9949-A46A-4ADB-A71C-2ACE523A45E5}
Topaz e-Signatures SigPlus 3.61-->C:\WINNT\SigPlus\UNWISE.EXE C:\WINNT\SigPlus\SIGPLUS.LOG
v-GO SSO-->MsiExec.exe /I{0339D92B-5BCC-4482-B92D-68AA3157E211}
Wellbore Design System 2008-->MsiExec.exe /X{43CDCAC9-C8E6-4049-8C15-6637058FB82D}
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINNT\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 9 Series-->MsiExec.exe /I{D91EEFEB-965F-4975-9094-14808CC0D651}
Windows Messenger 5.1-->MsiExec.exe /I{C3A6819F-62D3-4750-AF1C-28206DDF2C2E}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
WinZip 11.2-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}
WinZip Command Line Support Add-On 2.3-->C:\Program Files\WinZip\wzuninst.exe wzcline C:\Program Files\WinZip\wzclun.dll
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
======Security center information======
AV: McAfee VirusScan Enterprise
======System event log======
Computer Name: BOTJ4R0HB1
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/zeus.bhi-net.com. No authentication protocol was available.
Record Number: 85961
Source Name: LSASRV
Time Written: 20090727133157.000000-300
Event Type: warning
User:
Computer Name: BOTJ4R0HB1
Event Code: 40960
Message: The Security System detected an attempted downgrade attack for
server DNS/zeus.bhi-net.com. The failure code from authentication protocol Kerberos
was "There are currently no logon servers available to service the logon request.
(0xc000005e)".
Record Number: 85960
Source Name: LSASRV
Time Written: 20090727133157.000000-300
Event Type: warning
User:
Computer Name: BOTJ4R0HB1
Event Code: 5719
Message: No Domain Controller is available for domain BHI-MASTER due to the following:
There are currently no logon servers available to service the logon request.
.
Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.
Record Number: 85959
Source Name: NETLOGON
Time Written: 20090727133053.000000-300
Event Type: error
User:
Computer Name: BOTJ4R0HB1
Event Code: 4
Message: Broadcom NetXtreme 57xx Gigabit Controller: The network link is down. Check to make sure the network cable is properly connected.
Record Number: 85958
Source Name: b57w2k
Time Written: 20090727133041.000000-300
Event Type: warning
User:
Computer Name: BOTJ4R0HB1
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 85948
Source Name: Tcpip
Time Written: 20090727105923.000000-300
Event Type: warning
User:
=====Application event log=====
Computer Name: BOTJ4R0HB1
Event Code: 15
Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.
Record Number: 42829
Source Name: AutoEnrollment
Time Written: 20090806100549.000000-300
Event Type: error
User:
Computer Name: BOTJ4R0HB1
Event Code: 19011
Message: SuperSocket info: (SpnRegister) : Error 1355.
Record Number: 42821
Source Name: MSSQLServer
Time Written: 20090806100525.000000-300
Event Type: warning
User:
Computer Name: BOTJ4R0HB1
Event Code: 19011
Message:
Record Number: 42811
Source Name: MSSQL$ETICKETBOT
Time Written: 20090806100518.000000-300
Event Type: warning
User:
Computer Name: BOTJ4R0HB1
Event Code: 1000
Message: Could not execute the following script ResetPass.cmd. The system cannot find the file specified.
.
Record Number: 42806
Source Name: UserInit
Time Written: 20090806100451.000000-300
Event Type: error
User:
Computer Name: BOTJ4R0HB1
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
Record Number: 42805
Source Name: Userenv
Time Written: 20090806100448.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM
======Environment variables======
"AUTOLOGON_REBOOT"=NO
"ComSpec"=%SystemRoot%\system32\cmd.exe
"DISABLE_RA"=NO
"DISABLE_RD"=NO
"DISABLE_SR"=NO
"drvdir"=C:\DRV
"FP_NO_HOST_CHECK"=NO
"LOG_HOTFIXES"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\CA\SharedComponents\CAWIN\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\CA\Unicenter DSM\bin;C:\PROGRA~1\CA\SHARED~1\CAM\bin;D:\inteq\advantage\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0e08
"SET_VARS"=NO
"SIZE_INIT"=1.5
"SIZE_MAX"=2
"SIZE_TYPE"=1
"TEMP"=%SystemRoot%\TEMP
"TIMEOUT"=5
"TMP"=%SystemRoot%\TEMP
"VM_SIZE"=NO
"windir"=%SystemRoot%
"XVER"=2.5.2
"MODEL"=D620
"MANU"=Dell
"TYPE"=Latitude
"NUMBER_OF_PROCESSORS"=2
"CAI_MSQ"=C:\Program Files\CA\SharedComponents\CAM
"CAI_CAFT"=C:\Program Files\CA\SharedComponents\CAM
"CAI_MSQ_NOWV"=y
"SYS_MISC"=D:\inteq\advantage\bin
"VSEDEFLOGDIR"=D:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=D:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
EOF
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
I'm having trouble getting the Malware link to open up. A pop-up opens, thinks, and then goes to a "Requested page can't be found..."
The firewall at work may be causing this, so I will attempt this tonight at home.
Thanks for the help,
Ryan
Note:
When the infected computer in question is a company machine in the workplace (or at home with access to a company network), and you are an employee.
We can't anticipate alterations or configurations that may have been made to a business machine, or how it will interact with the tools commonly used in the removal of malware.
The majority of the tools used in this forum are only free for Home Users and only tested on Home machines, they may well change settings that are required for a Company network.
Another consideration is that company information may show in the logs.
More than one machine could be at stake, possibly even the server. If sensitive material has been compromised by an infection, the company could be held liable.
To prevent any possible loss or corruption of company information, please inform your IT department or Supervisor when a workplace computer has been infected, immediately.
Can I simply uninstall and delete the RSIT executable?
Thanks for the help,
Ryan
All you need to do is delete the RSIT.exe file, it doesn't install.
I strongly recommend that you contact your IT department.