Contents of main.txt
Deckard's System Scanner v20071014.68
Run by krishnan on 2008-05-01 10:09:16
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
System Restore is disabled; attempting to re-enable...success.
-- Last 1 Restore Point(s) --
1: 2008-05-01 15:09:46 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
System Drive C: has 1.72 GiB (less than 15%) free.
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-01 10:14:41
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\aGFv\command.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\alg.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\OpenAFS\Client\Program\afscreds.exe
C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe
C:\Program Files\Agilent\IO Libraries\bin\iproc82357.exe
C:\Program Files\Agilent\IO Libraries\bin\iproc488.exe
C:\Program Files\RABCO\X_RABCOse.exe
C:\Documents and Settings\krishnan\Desktop\dss.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://seek.3721.com/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.yahoo.com.cn
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://seek.3721.com/srchcust.htm
O1 - Hosts: 10.254.254.253 AFS
O2 - BHO: (no name) - {043EB59E-5ACC-4800-9DA5-0A242AC4C4FB} - C:\Program Files\Common Files\sutewic89104.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RabioBHO - {1C2E5D27-A17C-4D89-85DD-3553C189380D} - C:\Program Files\RABCO\RABCO.dll
O2 - BHO: (no name) - {4C07A7A8-7C1A-4077-B0FE-9268A3C85FA3} - C:\WINDOWS\system32\vtutr.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\Program Files\FlashGet\Jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar4.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [78079119] rundll32.exe "C:\WINDOWS\system32\kliovwet.dll",b
O4 - HKLM\..\RunServices: [Shell] c:\windows\system\mainsv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uahe] "C:\DOCUME~1\krishnan\MYDOCU~1\FNTS~1\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Jcdsw] C:\WINDOWS\??curity\n?tdde.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\krishnan\Application Data\Mozilla\Firefox\Profiles\oug3xie7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\krishnan\Application Data\Mozilla\Firefox\Profiles/oug3xie7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AFS Credentials.lnk = C:\Program Files\OpenAFS\Client\Program\afscreds.exe
O4 - Global Startup: IO Control.lnk = C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Windows Desktop Search.lnk = ?
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?46224d9665074ef385a652b42a16c3
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?46224d9665074ef385a652b42a16c3
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} -
http://cn.zs.yahoo.com/cnsbutton.htm...&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} -
http://adtaobao.allyes.com/main/adfc...allyesPara=816 (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} -
http://cn.zs.yahoo.com/cnsbutton.htm...ns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} -
http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINDOWS\system32\IEPlugin.dll
O9 - Extra button: ???? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\system32\IEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
http://cn.zs.yahoo.com/cnsbutton.htm...s&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -
http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -
http://cn.zs.yahoo.com/cnsbutton.htm...cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -
http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -
http://cn.zs.yahoo.com/cnsbutton.htm...=cns&btn=clean (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O11 - Options Group: [!CNS] Chinese keywords
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} () -
http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://haozi-sun-sky.spaces.msn.com/...d/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.co...?1100865511890
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) -
http://download.sopcast.com/download/SOPCORE.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} () -
http://v4.windowsupdate.microsoft.co...831.2632175926
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -
http://www.live365.com/players/play365.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} () -
http://download.abacast.com/download...basetup155.cab
O17 - HKLM\Software\..\Telephony: DomainName = ee.nd.edu
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = ee.nd.edu
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = ee.nd.edu
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.0.0792.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: qomjiff - C:\WINDOWS\system32\qomjiff.dll (file missing)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aGFv\command.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: nidevldu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: nipxirmu - National Instruments Corporation - C:\WINDOWS\system32\nipalsm.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenAFS Client Service (TransarcAFSDaemon) - OpenAFS Project - C:\Program Files\OpenAFS\Client\Program\afsd_service.exe
--
End of file - 16677 bytes
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 CnsMinKP - c:\windows\system32\drivers\cnsminkp.sys <Not Verified; ??????(??)????; ????>
R0 laminfniqf - c:\windows\\systemroot\system32\drivers\laminfniqf.sys (file missing)
R0 NIPALK - c:\windows\system32\drivers\nipalk.sys <Not Verified; National Instruments Corporation; NI-PAL>
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 tdpipee - c:\windows\system32\drivers\tdpipee.sys
R2 gpib420 (GPIB Analyzer) - c:\windows\system32\drivers\gpib420.sys <Not Verified; National Instruments Corporation; NI-488.2 for Windows>
R2 GpibPrtK (Gpib Port) - c:\windows\system32\drivers\gpibprtk.sys <Not Verified; National Instruments Corporation; NI-488.2 for Windows>
R2 niarbk - c:\windows\system32\drivers\niarbk.dll <Not Verified; National Instruments Corporation; NI-ARB>
R2 nibffrk - c:\windows\system32\drivers\nibffrk.dll <Not Verified; National Instruments Corporation; NI Buffer Services>
R2 Nidaq32k - c:\windows\system32\drivers\nidaq32k.sys <Not Verified; National Instruments Corporation; NI-DAQ>
R2 nidimk - c:\windows\system32\drivers\nidimk.dll <Not Verified; National Instruments Corporation; NIDIM>
R2 nidmmk (NI DMM and Data Logger Kernel Driver) - c:\windows\system32\drivers\nidmmk.dll <Not Verified; National Instruments Corporation; NIDMM User and Kernel Mode Component for NIDAQ 6.9.x>
R2 nimdsk - c:\windows\system32\drivers\nimdsk.dll <Not Verified; National Instruments Corporation; NI-MDS>
R2 nimxpk - c:\windows\system32\drivers\nimxpk.dll <Not Verified; National Instruments Corporation; NIMXP>
R2 nipxirmk - c:\windows\system32\drivers\nipxirmk.dll <Not Verified; National Instruments Corporation; NIPXIRM>
R2 nistck - c:\windows\system32\drivers\nistck.dll <Not Verified; National Instruments Corporation; NISTC>
R2 niswdk - c:\windows\system32\drivers\niswdk.dll <Not Verified; National Instruments Corporation; NISWD>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R2 WinDriver - c:\windows\system32\drivers\windrvr.sys <Not Verified; Jungo; WinDriver Device Driver>
R2 XilinxPC4Driver - c:\windows\system32\drivers\xpc4drvr.sys <Not Verified; Xilinx, Inc.; Xilinx PC4 Driver>
R2 XPROTECTOR - c:\windows\system32\drivers\oreans.sys
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 mlnxfltr - c:\windows\system32\drivers\mlnxfltr.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R3 nicdrk - c:\windows\system32\drivers\nicdrk.dll <Not Verified; National Instruments Corporation; NICDR>
R3 nimdbgk - c:\windows\system32\drivers\nimdbgk.dll <Not Verified; National Instruments Corporation; NIMDBG>
R3 nimru2k - c:\windows\system32\drivers\nimru2k.dll <Not Verified; National Instruments Corporation; NIMRU>
R3 nimslk - c:\windows\system32\drivers\nimslk.dll <Not Verified; National Instruments Corporation; NIMSL>
R3 nimsrlk - c:\windows\system32\drivers\nimsrlk.dll <Not Verified; National Instruments Corporation; NIMSRL>
R3 nimstsk - c:\windows\system32\drivers\nimstsk.dll <Not Verified; National Instruments Corporation; NIMSTS>
R3 nimxdfk - c:\windows\system32\drivers\nimxdfk.dll <Not Verified; National Instruments Corporation; NIMXDF>
R3 niorbk - c:\windows\system32\drivers\niorbk.dll <Not Verified; National Instruments Corporation; NIORB>
R3 niscdk - c:\windows\system32\drivers\niscdk.dll <Not Verified; National Instruments Corporation; NISCD>
S2 EZUSB (Analog Devices Inc. General Purpose EZ-KIT USB Driver (WmUSBEz.sys)) - c:\windows\system32\drivers\wmusbez.sys <Not Verified; Analog Devices Inc.; Analog Devices Inc. EZ-KIT USB Driver>
S3 EGATHDRV (IBM Access Support) - c:\windows\system32\egathdrv.sys <Not Verified; IBM Corporation; IBM eGatherer>
S3 grmnusb - c:\windows\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
S3 MultiLINX - c:\windows\system32\drivers\mltlnx.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 niefrk - c:\windows\system32\drivers\niefrk.dll <Not Verified; National Instruments Corporation; NIEFR>
S3 niesrk - c:\windows\system32\drivers\niesrk.dll <Not Verified; National Instruments Corporation; NIMIOR>
S3 nimsdrk - c:\windows\system32\drivers\nimsdrk.dll <Not Verified; National Instruments Corporation; NIMSDR>
S3 nisdigk - c:\windows\system32\drivers\nisdigk.dll <Not Verified; National Instruments Corporation; NISDIG>
S3 nispdk - c:\windows\system32\drivers\nispdk.dll
S3 nistc2k - c:\windows\system32\drivers\nistc2k.dll <Not Verified; National Instruments Corporation; NISTC>
S3 nistcrk - c:\windows\system32\drivers\nistcrk.dll <Not Verified; National Instruments Corporation; NISTCR>
S3 nitiork - c:\windows\system32\drivers\nitiork.dll <Not Verified; National Instruments Corporation; NITIOR>
S3 NiViPxiK - c:\windows\system32\drivers\nivipxik.sys <Not Verified; National Instruments; NI-VISA for Windows>
S3 niwfrk - c:\windows\system32\drivers\niwfrk.dll <Not Verified; National Instruments Corporation; NIMIOR>
S3 PcdrNt - c:\windows\system32\drivers\pcdrnt.sys <Not Verified; PC-Doctor Inc.; PC-Doctor NT 3.0>
S4 R2A - c:\windows\system32a2.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 cmdService (Command Service) - c:\windows\agfv\command.exe
R2 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>
R2 Network Monitor - c:\program files\network monitor\netmon.exe service
R2 nidevldu - system32\nipalsm.exe <Not Verified; National Instruments Corporation; NIPALSM>
R2 nipxirmu - system32\nipalsm.exe <Not Verified; National Instruments Corporation; NIPALSM>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&2A083901&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&2A083901&0
Service: i8042prt
-- Files created between 2008-04-01 and 2008-05-01 -----------------------------
2008-05-01 09:51:54 0 d-------- C:\ie-spyad_zo
2008-05-01 09:44:20 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-01 09:43:40 0 d-------- C:\Program Files\SpywareBlaster
2008-04-23 14:40:46 89152 --a------ C:\WINDOWS\system32\kliovwet.dll
2008-04-23 14:38:46 93248 --a------ C:\WINDOWS\system32\ngugibyt.dll
2008-04-18 10:14:14 94784 --a------ C:\WINDOWS\system32\vjcjfeym.dll
2008-04-18 10:12:05 87616 --a------ C:\WINDOWS\system32\hrtwcdoe.dll
2008-04-18 09:48:32 96320 --a------ C:\WINDOWS\system32\ibtdsxar.dll
2008-04-17 09:41:15 92736 --a------ C:\WINDOWS\system32\dpdijjen.dll
2008-04-13 15:26:47 92736 --a------ C:\WINDOWS\system32\myphgntr.dll
2008-04-13 15:24:41 85568 --a------ C:\WINDOWS\system32\gpesgqep.dll
2008-04-13 15:24:40 3648 --a------ C:\WINDOWS\system32\epteygqd.dll
2008-04-13 13:14:09 354 --ahs---- C:\WINDOWS\system32\bkqlwipo.ini2
2008-04-12 14:35:49 86592 --a------ C:\WINDOWS\system32\tcahpkir.dll
2008-04-12 14:33:31 92736 --a------ C:\WINDOWS\system32\feidubxj.dll
2008-04-12 14:33:27 3648 --a------ C:\WINDOWS\system32\lheqopqx.dll
2008-04-11 14:32:48 90176 --a------ C:\WINDOWS\system32\rrusswxh.dll
2008-04-11 14:32:43 3648 --a------ C:\WINDOWS\system32\pkducykt.dll
2008-04-10 15:57:10 0 d-------- C:\Program Files\Panda Security
-- Find3M Report ---------------------------------------------------------------
2008-05-01 10:15:47 515909 --ahs---- C:\WINDOWS\system32\rtutv.ini2
2008-05-01 09:32:54 0 d-------- C:\Documents and Settings\krishnan\Application Data\Skype
2008-04-16 12:56:16 0 d-------- C:\Documents and Settings\krishnan\Application Data\WinEdt
2008-04-10 15:57:20 11788 --a------ C:\WINDOWS\mozver.dat
2008-03-18 18:37:28 87616 --a------ C:\WINDOWS\system32\pjseonku.dll
2008-03-18 18:37:24 92736 --a------ C:\WINDOWS\system32\vijcfuoi.dll
2008-03-17 18:36:58 93760 --a------ C:\WINDOWS\system32\vqkfuwvb.dll
2008-03-17 18:36:53 87616 --a------ C:\WINDOWS\system32\dequkydd.dll
2008-03-16 18:36:02 99904 --a------ C:\WINDOWS\system32\dacndcvu.dll
2008-03-15 20:12:45 0 d-------- C:\Program Files\Common Files
2008-03-15 18:34:15 98368 --a------ C:\WINDOWS\system32\qiywvwun.dll
2008-03-15 18:27:07 63 --a------ C:\WINDOWS\system32\78078397
2008-03-15 18:26:34 290816 --a------ C:\WINDOWS\system32\vtutr.dll
2008-03-15 18:25:25 0 d-------- C:\Program Files\RABCO
2008-03-15 18:22:42 0 d-------- C:\Program Files\Outerinfo
2008-03-15 18:22:21 687592 --a------ C:\WINDOWS\system32\atmtd.dll
2008-03-15 18:21:44 0 d-------- C:\Program Files\Network Monitor
2008-03-15 18:21:10 41723 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2008-02-07 20:07:06 217088 --a------ C:\Program Files\Common Files\sutewic89104.dll
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{043EB59E-5ACC-4800-9DA5-0A242AC4C4FB}]
02/07/2008 08:07 PM 217088 --a------ C:\Program Files\Common Files\sutewic89104.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C2E5D27-A17C-4D89-85DD-3553C189380D}]
01/30/2008 02:02 PM 414992 --a------ C:\Program Files\RABCO\RABCO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C07A7A8-7C1A-4077-B0FE-9268A3C85FA3}]
03/15/2008 06:26 PM 290816 --a------ C:\WINDOWS\system32\vtutr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}]
11/23/2007 09:13 AM 81240 --a------ C:\WINDOWS\DOWNLO~1\cnshook.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [03/21/2002 12:23 PM C:\WINDOWS\SOUNDMAN.EXE]
"UC_SMB"="" []
"Tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [11/07/2001 04:50 AM]
"NvCplDaemon"="NvQTwk" []
"nwiz"="nwiz.exe" [07/31/2002 01:50 AM C:\WINDOWS\system32\nwiz.exe]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 12:31 AM]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [08/18/2001 07:00 AM]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [08/28/2002 11:39 PM]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 11:39 PM]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [08/28/2002 11:39 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [09/07/2003 12:20 PM]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [09/29/2003 08:45 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [01/10/2005 07:12 PM]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [08/22/2004 05:05 PM]
"IMSCMig"="C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.exe" [07/14/2003 10:57 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [08/06/2004 03:50 AM]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe" [10/07/2003 09:48 AM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [09/20/2002 03:16 PM]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [09/11/2002 12:58 PM]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [09/11/2002 12:57 PM]
"CnsMin"="C:\WINDOWS\DOWNLO~1\CnsMin.dll" [08/17/2007 05:59 PM]
"MRT"="C:\WINDOWS\system32\MRT.exe" []
"78079119"="C:\WINDOWS\system32\kliovwet.dll" [04/23/2008 02:40 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [03/31/2007 12:04 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [03/30/2007 01:34 PM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [04/13/2008 03:27 PM]
"Uahe"="C:\DOCUME~1\krishnan\MYDOCU~1\FNTS~1\smss.exe" []
"Jcdsw"="C:\WINDOWS\??curity\n?tdde.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"FFTI"=C:\Documents and Settings\krishnan\Application Data\Mozilla\Firefox\Profiles\oug3xie7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\krishnan\Application Data\Mozilla\Firefox\Profiles/oug3xie7.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Shell"=c:\windows\system\mainsv.exe
C:\Documents and Settings\krishnan\Start Menu\Programs\Startup\
RABCO - Auto Update.lnk - C:\Program Files\RABCO\RABCOse.exe [3/15/2008 6:21:16 PM]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [3/2/2004 8:04:09 PM]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/2/2005 6:24:01 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 1:05:26 AM]
AFS Credentials.lnk - C:\Program Files\OpenAFS\Client\Program\afscreds.exe [10/19/2005 9:40:44 PM]
IO Control.lnk - C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe [6/5/2003 5:00:30 PM]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [3/31/2007 12:04:30 PM]
Windows Desktop Search.lnk - C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe [9/20/2005 6:10:04 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{D157330A-9EF3-49F8-9A67-4141AC41ADD4}"= C:\WINDOWS\DOWNLO~1\cnshook.dll [11/23/2007 09:13 AM 81240]
"{E9383002-FC55-4330-B9C9-67E03BC5C840}"= C:\WINDOWS\system32\qomjiff.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AfsLogon]
afslogon.dll 10/19/2005 09:41 PM 95216 C:\WINDOWS\system32\afslogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\KFWLogon]
afslogon.dll 10/19/2005 09:41 PM 95216 C:\WINDOWS\system32\afslogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomjiff]
qomjiff.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\vtutr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09a5a659-7cc0-11d7-adca-00096b521e8e}]
AutoRun\command- Iexplores.exe
*Newly Created Service* - R2A
-- Hosts -----------------------------------------------------------------------
10.254.254.253 AFS
-- End of Deckard's System Scanner: finished at 2008-05-01 10:19:04 ------------