Here are the logs you requested:
I have noticed that the "windows NT logon application" in no longer attempting to access the internet. I still can't connect to the internet, but it may be something to do with something I've blocked with my firewall or something to do with my network setup. As I said in my orriginal post, we've recently changed our network setup and I have not been able to get it working properly.
SDFix
SDFix: Version 1.230 Run by User on Tue 30/09/2008 at 01:02 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Rootkit Found :
C:\WINDOWS\system32\drivers\QQJ68.sys - Rootkit Pandex/Cutwail - Protect.sys
Name :
aspimgr
QQJ68
Path :
C:\WINDOWS\system32\aspimgr.exe
System32\Drivers\Qqj68.sys
aspimgr - Deleted
QQJ68 - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Service QQJ68 - Deleted
Checking Files :
Trojan Files Found:
C:\WINDOWS\db32.txt - Deleted
C:\WINDOWS\s32.txt - Deleted
C:\WINDOWS\system32\form.txt - Deleted
C:\WINDOWS\system32\info.txt - Deleted
C:\WINDOWS\ws386.ini - Deleted
C:\WINDOWS\system32\drivers\QQJ68.sys - Deleted
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-30 13:10:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\GPLSecrets\\iGOR\\iGOR.exe"="C:\\Program Files\\GPLSecrets\\iGOR\\iGOR.exe:*:Enabled:iGOR"
"C:\\Codemasters\\Toca2\\Game\\TC2.exe"="C:\\Codemasters\\Toca2\\Game\\TC2.exe:*:Enabled:TC2"
"C:\\Program Files\\Codemasters\\Colin McRae Rally 2\\CMR2Network.exe"="C:\\Program Files\\Codemasters\\Colin McRae Rally 2\\CMR2Network.exe:*:Enabled:Colin McRae Rally 2"
"C:\\SIMS\\RACER\\racer.exe"="C:\\SIMS\\RACER\\racer.exe:*:Enabled:racer"
"C:\\Program Files\\GetTiffany\\gettiffany.exe"="C:\\Program Files\\GetTiffany\\gettiffany.exe:*:Enabled:Macromedia Projector"
"C:\\Documents and Settings\\User\\Desktop\\Games\\New Folder(2)\\Racer\\racer053b4\\racer053b4\\racer.exe"="C:\\Documents and Settings\\User\\Desktop\\Games\\New Folder(2)\\Racer\\racer053b4\\racer053b4\\racer.exe:*:Enabled:racer"
"C:\\Program Files\\TrackMania United\\TmUnited.exe"="C:\\Program Files\\TrackMania United\\TmUnited.exe:*:Enabled:TmUnited"
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"="C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe:*:Disabled:BattlefrontII"
"C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"="C:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe:*:Enabled:LaunchPad"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars(TM): Empire at War(TM)"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Thu 25 Sep 2008 6,482 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti4.tmp"
Wed 13 Jun 2007 428 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\7.tmp"
Fri 15 Dec 2006 56,918 A.SH. --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\8.tmp"
Wed 4 Aug 2004 89,800 A.SHR --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\mmc32.EXE"
Fri 15 Dec 2006 56,918 A.SH. --- "C:\Program Files\Trend Micro\Internet Security\Quarantine\sys.exe"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02de7e010b102d1b002eae730ee9a91d\BIT41.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\048af993ae2ed4d75a64004cdace7dc7\BIT19.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\06d2317625f446848180d6fbbd0965a3\BIT4E.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\09b697f708f0d361a93919ddce864231\BIT45.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\09cec975ca432e3755e6de59a832bc9d\BIT57.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0af245ae5d19789b0a9df918b46ae856\BIT46.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0c5ae7f0a55aa3945b0049c32bd1f87e\BIT48.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0e5cbd9014c23c871efde5edc54963ac\BIT13.tmp"
Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0f8a5d0d09e527fa35dec9e085d4b802\BIT5.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\12bfcf41210f13b546425dc688958c13\BIT17.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\148de0326d477275a5caa143d99b91fe\BIT5B.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\167324100dbbfff75585b0b52411ea08\BIT59.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1e7d841a89d2047c5e06dcf3809e93b8\BIT20.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\23a7f75712f8cbc729856cbf376e24df\BIT7.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29ca2472a894ab6b663960e3e9519fb8\BIT51.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2a8a398b93f073a8e89edb6f535b568c\BITD.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2e71ac0cc308cf93e5bb5cae2473c5ea\BIT5D.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2ff17bce83d84a37f6d73168ac4cd5a3\BIT5A.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\301e8514ea830e4e6c8f8d5bd3e3578c\BIT1B.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\31dc453374675c778860dee387a4ac67\BIT1D.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32666cc549704fa2341b5add57cbf961\BIT53.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\349aa22f286a5433bf7cf22bcf689410\BIT6.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\36e4585faf6df3e4c5a94b70b19dd46a\BIT44.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\376020e6ae0e8e568362e33e4d21fe59\BIT10.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\39926d2492b9b2a731a4507a2714de25\BITE.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\410ff09308a833491dba7686f0aee2eb\BIT6.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\418f0868ac07e2fcc433b25de22247d2\BITC.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\438bc24c7cb2c143ad5de7462443c8e4\BIT4C.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\44a219e05bf8aab61a32f76e1613f631\BIT5C.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4a1d113346e5353c4f7b24c8452c3900\BIT27.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4dcd4446b998d375e5b0734125a6a3ea\BIT16.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\506f198aa4bc7a22b8d48638220cf911\BIT3A.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5742cba01317789c563b69d023836e16\BIT42.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\577671533ce9b937c7e6ff17bc14b41b\BIT36.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\57a460cd944ff5b92133e289b4b4ec17\BIT55.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\57adc2a1d64537edaf7508721d7d5870\BIT15.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\57ce0f23a4145429f2afdb89a4f0d9a5\BIT52.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\59de2970273834fc3112b341c718d3a6\BIT7.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\625936674aa3ed7187e76cc3b42efd1a\BIT3D.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\64038029e289ee76631f2fd73dae42b1\BIT3C.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\69db34482d17350eadd9e2b536a72326\BIT38.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6d16d7dcb46eecf1378bd3f61cf15d6f\BIT21.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e3d4f16fcb31d8ebf357cea7961963c\BIT8.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6f38067488e1e6a205cb7f733b0863a2\BIT2F.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7020bb12542a498a9f77988616f5dbdd\BIT2A.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\710f51dd3626cdbe0db29e955d0d0654\BIT11.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\753241eccbfd8f924ab29df2bd7093bd\BIT1F.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\76352185be1dd408499b19e4fe3680b7\BIT2C.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bb95e6cd6e6da9c9a1f7a9f8d9df9d6\BIT43.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7ccb49ea6694b408ed174cd0bb9e10b4\BIT35.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8184670e6f0913c70f6199314bbe72c1\BITF.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84a6d88cd9a3ca6afc46cea3a5254645\BIT33.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8a6aa52f985fb83cff0989edfe78337c\BIT2D.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8fd02a4dc1f75ba1200dd84cd416b476\BIT49.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\940cf3f254a012802b402b39c626b0d6\BIT4D.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\943ef6abcb273fde47b6a2755ef8a8bf\BITB.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9a37091241a1b4b01e29705cd74fb749\BIT39.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a246fdeb20cdb52c2bd3a259bc386b32\BIT50.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a834f63554cc630060e378689935b487\BIT29.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a97c414dc028b7257c4812e79060155f\BIT4A.tmp"
Mon 18 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ab9217b6e5750f9481b4ee261d21b730\BITE.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ae82eb975f11bf1a31f12ad33dfc983e\BIT34.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\aeb6b427eecbf9dc32a3f6568c381f19\BIT3B.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b5020c6226805fa7d3bb70d59bb8717c\BIT1A.tmp"
Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b857106b57491ac2a650851d43af1c92\BIT6.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bde84a03924f04406c03980f653f79f9\BITA.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bf911d48d497aec0c0033b7a4b86edcd\BIT2B.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c2ecf6c2da65d5d64f88e8d402b203fe\BIT40.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c3a6a32dc0ed6789e34aedf049c0350f\BIT26.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c7f52460ddc6afc70d96c7e9ec1e6c76\BIT12.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8a7094560050652641194b3024cbeee\BIT47.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d9fe85597d5c252bd0aabfad1c37b4cd\BIT4B.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\da2a6520674c2ce56388c742dcf6473d\BIT18.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ddca07bcb620825c51d9aca7c4b07ddf\BIT24.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dddd4fd58f8653a905accd82045c29f3\BIT22.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\df69c3389005015895736dd7f0459197\BIT3F.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\dfd2d38348a762e3f31116c9a23cee05\BIT58.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e442506fa65395c8749a7dfe2ec2aba7\BIT37.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e4bf8f006502f9204098963abd7010cf\BIT4F.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e4d24020b8a9e7e135c013fa09117017\BIT56.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e528462852a5c8b08a2d48f605cb2421\BIT23.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e634183047ffd8531f334ebd18ada957\BIT28.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ec29241af73a2eb59968a59226f3f5be\BIT2E.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ecd3bd81d1f40941618ee492951e9ba4\BIT54.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ece62508423308aa059800cc94f26df4\BIT3E.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ef8392c749b24d44edd78a38c5331f91\BIT25.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f8d41a82e9484aa824fe75defe58d513\BIT1E.tmp"
Tue 19 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f9cf27d79d98fda951d39177957a21e8\BIT9.tmp"
Thu 17 May 2007 7,126,016 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0105.tmp"
Tue 15 Aug 2006 53,248 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0215.tmp"
Thu 17 May 2007 7,122,944 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0455.tmp"
Mon 30 May 2005 26,112 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0691.tmp"
Tue 2 Aug 2005 72,192 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0701.tmp"
Thu 18 May 2006 44,032 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0715.tmp"
Tue 2 Aug 2005 16,896 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0836.tmp"
Thu 18 May 2006 51,712 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0957.tmp"
Tue 15 Aug 2006 51,200 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL0991.tmp"
Tue 8 Aug 2006 32,256 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1065.tmp"
Thu 17 May 2007 36,864 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1253.tmp"
Mon 16 Oct 2006 36,864 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1397.tmp"
Tue 6 Sep 2005 19,456 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1483.tmp"
Thu 17 May 2007 37,376 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1550.tmp"
Tue 8 Aug 2006 37,376 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1575.tmp"
Tue 6 Sep 2005 49,664 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1735.tmp"
Tue 2 Aug 2005 60,928 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1812.tmp"
Tue 2 Aug 2005 73,728 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1951.tmp"
Tue 22 May 2007 15,192,064 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL1978.tmp"
Tue 22 May 2007 15,194,112 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2076.tmp"
Tue 22 May 2007 15,312,384 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2099.tmp"
Tue 2 Aug 2005 33,280 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2132.tmp"
Tue 22 May 2007 15,315,456 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2467.tmp"
Tue 22 May 2007 15,191,552 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL2825.tmp"
Tue 2 Aug 2005 51,200 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3048.tmp"
Tue 15 Aug 2006 49,664 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3096.tmp"
Tue 15 Aug 2006 50,688 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3410.tmp"
Tue 22 May 2007 15,317,504 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3584.tmp"
Tue 2 Aug 2005 20,480 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3627.tmp"
Thu 17 May 2007 40,448 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL3830.tmp"
Tue 8 Aug 2006 33,792 ...H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Word\~WRL4077.tmp"
Thu 24 Jul 2008 3,015 ...HR --- "C:\Documents and Settings\User\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 26 May 2006 4,198,912 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2006\Chem218\~WRL0807.tmp"
Fri 26 May 2006 4,199,936 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2006\Chem218\~WRL0834.tmp"
Fri 26 May 2006 4,200,960 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2006\Chem218\~WRL1952.tmp"
Thu 25 May 2006 4,191,744 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2006\Chem218\~WRL2039.tmp"
Fri 26 May 2006 4,198,912 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2006\Chem218\~WRL2475.tmp"
Fri 26 May 2006 4,200,448 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2006\Chem218\~WRL3041.tmp"
Wed 27 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b322861a5bd076059a815861126a2a03\download\BIT9.tmp"
Fri 29 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b6bef673c2e4e242a39946c4931e8a98\download\BIT8.tmp"
Thu 17 May 2007 15,174,144 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL0034.tmp"
Tue 22 May 2007 15,311,872 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL0714.tmp"
Tue 22 May 2007 15,311,872 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL1029.tmp"
Tue 22 May 2007 15,300,608 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL1065.tmp"
Tue 22 May 2007 15,193,088 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL1259.tmp"
Thu 17 May 2007 72,704 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL1297.tmp"
Thu 17 May 2007 7,121,920 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL1722.tmp"
Tue 22 May 2007 15,311,360 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL1787.tmp"
Tue 22 May 2007 15,261,184 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL2237.tmp"
Thu 17 May 2007 73,728 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL2315.tmp"
Tue 22 May 2007 15,311,872 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL3230.tmp"
Thu 17 May 2007 7,128,064 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL3460.tmp"
Tue 22 May 2007 15,191,040 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL3652.tmp"
Tue 22 May 2007 15,300,608 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL3729.tmp"
Tue 22 May 2007 15,309,824 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL3873.tmp"
Tue 22 May 2007 15,311,360 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL4067.tmp"
Thu 17 May 2007 15,173,632 ...H. --- "C:\Documents and Settings\User\My Documents\Uni Autumn 2007\Environmental\Pracs\~WRL4070.tmp"
Finished!Combifix
ComboFix 08-09-28.03 - User 2008-09-30 13:24:36.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1036 [GMT 10:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mdm.exe
C:\WINDOWS\system32\tmp30.tmp
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-30 )))))))))))))))))))))))))))))))
.
2008-09-30 12:59 . 2008-09-30 12:59 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-30 12:56 . 2008-09-30 13:12 <DIR> d-------- C:\SDFix
2008-09-16 20:38 . 2008-09-16 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-02 14:06 . 2008-09-02 14:06 <DIR> d-------- C:\ie-spyad_zo
2008-09-02 14:04 . 2008-09-02 14:04 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-31 22:26 . 2004-08-04 22:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-08-31 22:25 . 2004-08-04 22:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-08-31 22:24 . 2008-08-31 22:24 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-31 22:24 . 2008-08-31 22:24 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-31 22:24 . 2008-08-31 22:24 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-31 22:24 . 2008-08-31 22:24 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-31 22:24 . 2008-08-31 22:24 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-31 22:08 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-08-31 22:08 . 2008-05-02 22:46 121,529 --a------ C:\WINDOWS\system32\nvcpl.chm
2008-08-31 22:08 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-08-31 22:08 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-08-31 21:59 . 2004-08-04 22:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-08-31 21:59 . 2004-08-04 22:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-08-31 21:59 . 2004-08-04 22:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-08-31 21:59 . 2004-08-04 22:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-08-31 21:27 . 2008-08-31 21:27 <DIR> d-------- C:\WINDOWS\LocalSSL
2008-08-31 17:52 . 2008-08-31 17:52 <DIR> d-------- C:\Program Files\Thrixxx
2008-08-26 16:28 . 2008-09-09 21:02 632 --a------ C:\WINDOWS\CoD.INI
2008-08-14 13:44 . 2008-08-31 21:25 <DIR> d-------- C:\WINDOWS\kdefense
2008-08-14 13:44 . 2008-08-14 13:44 846,336 --a------ C:\WINDOWS\system32\kdfinj.dll
2008-08-14 13:44 . 2008-09-25 19:03 722,472 --a------ C:\WINDOWS\system32\kdfmgr.exe
2008-08-14 13:44 . 2008-09-25 19:03 192,512 --a------ C:\WINDOWS\system32\kdfvmgr.exe
2008-08-14 13:44 . 2008-09-25 19:03 77,824 --a------ C:\WINDOWS\system32\kdfapi.dll
2008-08-14 13:44 . 2008-09-25 19:02 53,248 --a------ C:\WINDOWS\system32\Kdfhok.dll
2008-08-14 12:08 . 2008-02-17 03:00 138,384 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-08-14 12:08 . 2008-02-17 03:00 52,496 --a------ C:\WINDOWS\system32\drivers\tmactmon.sys
2008-08-14 12:08 . 2008-02-17 03:00 52,240 --a------ C:\WINDOWS\system32\drivers\tmevtmgr.sys
2008-08-14 12:06 . 2008-08-31 21:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-14 11:23 . 2008-08-14 11:23 10,752 --a------ C:\WINDOWS\DCEBoot.exe
2008-08-14 11:22 . 2008-08-14 11:22 <DIR> d-------- C:\Program Files\PCPitstop
2008-08-14 11:11 . 2008-08-14 12:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-08-13 18:07 . 2008-08-13 18:07 427 --a------ C:\WINDOWS\system32\QuickTimeFavorites.qtr
2008-08-13 18:07 . 2008-08-13 18:07 0 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-08-10 20:30 . 2008-08-10 20:30 <DIR> d-------- C:\Program Files\MoTeC
2008-08-10 20:30 . 2008-08-10 20:30 <DIR> d-------- C:\MoTeC
2008-08-10 20:30 . 2008-08-10 20:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MoTeC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-30 03:23 --------- d-----w C:\Documents and Settings\User\Application Data\EndNote
2008-09-26 04:52 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-18 02:13 --------- d-----w C:\Program Files\Microsoft Games
2008-09-09 10:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 09:08 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-09-08 09:06 --------- d-----w C:\Program Files\Playboy - The Mansion
2008-09-04 08:29 --------- d-----w C:\Program Files\LucasArts
2008-09-02 04:02 --------- d-----w C:\Program Files\Project64 1.6
2008-08-13 06:43 --------- d-----w C:\Program Files\rFactor
2008-07-31 10:01 --------- d-----w C:\Program Files\Infogrames
2008-07-28 06:44 --------- d-----w C:\Documents and Settings\User\Application Data\Petroglyph
2008-07-24 10:16 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-24 10:14 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-07-24 10:14 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-07-24 10:14 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-07-08 08:23 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-17 02:59 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-06-17 02:59 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2004-03-11 02:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-02-17 492808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-20 57344]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"PC Pitstop Optimize Scheduler"="C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" [2007-01-04 1700864]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-17 1398024]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]
"EssSpkPhone"="essspk.exe" [2001-10-19 C:\WINDOWS\essspk.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe [2007-11-13 282624]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-24 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.iv32"= C:\WINDOWS\system32\ir32_32.dll
"vidc.iv31"= C:\WINDOWS\system32\ir32_32.dll
"vidc.VSPX"= vspxvfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\GPLSecrets\\iGOR\\iGOR.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Battlefront II\\GameData\\BattlefrontII.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);C:\WINDOWS\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R2 ETDrv;ETDrv;C:\WINDOWS\system32\drivers\ETDrv.sys [2003-11-13 170128]
R2 GLOGODrv;GLOGODrv;C:\WINDOWS\system32\drivers\GLOGODrv.sys [2000-10-12 13332]
S3 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-09-04 1984]
S3 WMIBIOS;%WMIBIOS.ServiceName%;C:\WINDOWS\system32\Drivers\wmibios.sys [2002-10-15 18272]
S3 WMIINFO;WMIINFO Driver;C:\WINDOWS\system32\Drivers\wmiinfo.sys [2002-05-13 21184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdf14998-f0aa-11db-a6a8-000fea79f6d5}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sys.exe
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-URLLSTCK.exe - C:\Program Files\Norton Internet Security\UrlLstCk.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\f7x6q11b.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://www.uow.edu.au/.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-30 13:25:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-30 13:26:30
ComboFix-quarantined-files.txt 2008-09-30 03:26:24
Pre-Run: 14,301,081,600 bytes free
Post-Run: 14,295,474,176 bytes free
163 --- E O F --- 2008-02-18 12:29:48
HJThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:51 PM, on 30/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.uow.edu.au/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.uow.edu.au:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.uow.edu.au;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.srtest.com/srl_bin/sysreqlab3.cabO16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) -
http://www.nvidia.com/content/DriverDow ... eqlab2.cabO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 6314 bytes