< EmptyTemp >
File delete failed. C:\WINDOWS\temp\ON633A.EXE scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_728.dat scheduled to be deleted on reboot.
Temp folders emptied.
IE temp folders emptied.
File/Folder C:\Program Files\Java\jre1.5.0_11 not found.
C:\Program Files\Java\jre1.5.0_06\lib\zi\Pacific moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\Indian moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\Europe moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\Etc moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\Australia moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\Atlantic moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\Asia moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\Antarctica moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\North_Dakota moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Kentucky moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Indiana moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\America\Argentina moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\America moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi\Africa moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\zi moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\security moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\management moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\javaws moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\images\cursors moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\images moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\im moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\i386 moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\fonts moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\ext moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\cmm moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\audio moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib\applet moved successfully.
C:\Program Files\Java\jre1.5.0_06\lib moved successfully.
C:\Program Files\Java\jre1.5.0_06\bin\client moved successfully.
C:\Program Files\Java\jre1.5.0_06\bin moved successfully.
C:\Program Files\Java\jre1.5.0_06 moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05012008_082336
Files moved on Reboot...
File C:\WINDOWS\temp\ON633A.EXE not found!
File C:\WINDOWS\temp\Perflib_Perfdata_728.dat not found!
File/Folder C:\WINDOWS\temp\ON633A.EXE not found.
File/Folder C:\WINDOWS\temp\Perflib_Perfdata_728.dat not found.
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05012008_130333
2Wire Wireless Manager
Actiontec Gateway
Adobe Flash Player ActiveX
Adobe Reader 7.0
CCleaner (remove only)
Dell ResourceCD
Easy CD Creator 5 Basic
ESET Online Scanner
High Definition Audio Driver Package - KB835221
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 6
Lotus Notes 6.5.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Office Outlook 2003
Microsoft Office Professional Edition 2003
Microsoft SQL Server 2000
Microsoft Windows Journal Viewer
Mocha W32 Telnet
Mocha W32 TN3270
Mocha W32 TN5250
Netflix Movie Viewer
NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)
NMAS Challenge Response Method
NMAS Client
Novell Client for Windows
OSCE_MSI_NT_CLIENT
PowerDVD 5.1
PrimoPDF
QuickConnect
Qwest QuickCare 2.0
reg changes
Roxio CDEngine
Trend Micro OfficeScan Client
TurboTax Deluxe Deduction Maximizer 2006
TurboTax ItsDeductible 2006
WexTech AnswerWorks
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Zen Asset Management
ZENworks Desktop Management Agent
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:27 PM, on 5/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
c:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\oracle\ora92\bin\omtsreco.exe
c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
c:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\LGFAE3.EXE
c:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dpmw32.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\2Wire Wireless Manager\2Wire.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Novell\ZENworks\NalAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ENVDRR\Desktop\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://eweb.cabq.gov
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eweb.cabq.gov
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://eweb.cabq.gov
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by DFAS/ISD (ZENWORKS)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\system32\dpmw32.exe
O4 - HKLM\..\Run: [ZENRC Tray Icon] c:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [2Wire Wireless Manager] "C:\Program Files\2Wire Wireless Manager\2Wire.exe" -a
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NalView.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - c:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://eweb.cabq.gov
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = coa.cabq.lcl,cabq.lcl,cabq.gov
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = coa.cabq.lcl,cabq.lcl,cabq.gov
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - c:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - c:\Program Files\Novell\ZENworks\wm.exe
--
End of file - 6809 bytes
Thanks
Damon