Rapport hijack this

Bonjour,

info.txt logfile of random's system information tool 1.08 2011-05-09 18:01:32

======Uninstall list======

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe -maintain activex
Apple Application Support-->MsiExec.exe /I{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}
Apple Mobile Device Support-->MsiExec.exe /I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Atheros for Acer Driver v7.2.0.208_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /X{2A981294-F14C-4F0F-9627-D793270922F8}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel(R) TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
iTunes-->MsiExec.exe /I{2A697B53-0DE3-42DA-B41D-C3F804B1C538}
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{0450B7B0-AC71-44A4-AB40-4DD678DF3A8C}
Microsoft Antimalware Service FR-FR Language Pack-->MsiExec.exe /X{A4526B5A-89C0-4F4B-9E6E-4F883374D5F9}
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Security Client FR-FR Language Pack-->MsiExec.exe /I{859B9BCA-5376-4566-9F88-C6C9DAA7A925}
Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB974571(Security Update) is not applicable for this system
Record Number: 2088
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010041.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB974571(Security Update) is not applicable for this system
Record Number: 2089
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010041.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB974571(Security Update) is not applicable for this system
Record Number: 2090
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010041.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB951978(Update) is not applicable for this system
Record Number: 2112
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010052.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Instructor-PC
Event Code: 4374
Message: Windows Servicing identified that package KB951978(Update) is not applicable for this system
Record Number: 2113
Source Name: Microsoft-Windows-Servicing
Time Written: 20110510010052.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Instructor-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4134636282-1512834369-3856581858-1000_Classes:
Process 976 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4134636282-1512834369-3856581858-1000_CLASSES

Record Number: 365
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110510000340.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Instructor-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 381
Source Name: Microsoft-Windows-WMI
Time Written: 20110510000651.000000-000
Event Type: Error
User:

Computer Name: Instructor-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4134636282-1512834369-3856581858-1000:
Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4134636282-1512834369-3856581858-1000

Record Number: 420
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110510003903.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Instructor-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-4134636282-1512834369-3856581858-1000_Classes:
Process 880 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-4134636282-1512834369-3856581858-1000_CLASSES

Record Number: 421
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20110510003904.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Instructor-PC
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 441
Source Name: Microsoft-Windows-WMI
Time Written: 20110510004153.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 539
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.882435-000
Event Type: Audit Failure
User:

Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 540
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.898035-000
Event Type: Audit Failure
User:

Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 541
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.913635-000
Event Type: Audit Failure
User:

Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 542
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.929235-000
Event Type: Audit Failure
User:

Computer Name: Instructor-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 543
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20110510010129.944835-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=1601
"NUMBER_OF_PROCESSORS"=1
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.08 (written by random/random)
Run by Instructor at 2011-05-09 18:00:12
Microsoft® Windows Vista(TM) Home Basic Service Pack 1
System drive C: has 15 GB (45%) free of 33 GB
Total RAM: 2549 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:01:31 PM, on 5/9/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Instructor\Desktop\RSIT.exe
C:\Program Files\trend micro\Instructor.exe
C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe