Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Run Applications - Mdelk.exe & Bagel Worm


  • Please log in to reply
30 replies to this topic

#1 rtb1314

rtb1314

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 21 February 2008 - 10:37 PM

Whew - got it with DSS
FYI It didn't like the HJT on my computer
BTW - it was I who disabled sysrestore in order to prevent further infections in attempt to regain control.

In the interests of all that is good and pure....Here are both files
Deckard's System Scanner v20071014.68
Run by Lindsay on 2008-02-21 21:21:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-22 03:21:16 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-21 21:24:05
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ctxfihlp.exe
C:\WINDOWS\system32\CTxfispi.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\Documents and Settings\Lindsay\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [CheckRegDefragOnce] regopt.exe -checkdefrag
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = ?
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dll
O15 - Trusted Zone: https://turbotax.com (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/9/b...heckControl.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.8.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174800672546
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: sockspy.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


--
End of file - 13252 bytes

-- HijackThis Fixed Entries (C:\Documents and Settings\Lindsay\My Documents\computer\Digital Defense\HiJackThis\backups\) --------------------------------------------------------------------------------

backup-20080122-231403-256 O3 - Toolbar: Procesor Driver - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Program Files\Toolbar\like_googlenew1.1a.dll (file missing)
backup-20080123-221357-482 R3 - URLSearchHook: (no name) - {8A4E1972-8F42-4B50-AA71-29DCA9F336BC} - (no file)
backup-20080123-221357-586 O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
backup-20080123-221357-806 O2 - BHO: XBTB06829 - {1D09A743-00ED-4713-BCC4-32D590D1087A} - C:\Program Files\Toolbar\like_googlenew1.1a.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 CLBStor (InstantBurn Storage Helper Driver) - c:\windows\system32\drivers\clbstor.sys <Not Verified; Cyberlink Co.,Ltd.; >
R0 snapman (Acronis Snapshots Manager) - c:\windows\system32\drivers\snapman.sys <Not Verified; Acronis; Acronis Snapshot API>
R1 AsIO - c:\windows\system32\drivers\asio.sys
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD>
R1 FileDisk - c:\windows\system32\drivers\filedisk.sys <Not Verified; Bo Brantén; filedisk>
R1 meiudf - c:\windows\system32\drivers\meiudf.sys <Not Verified; Matsubleepa Electric Industrial Co.,Ltd.; >
R1 OxFWLF - c:\windows\system32\drivers\oxfwlf.sys <Not Verified; OEM; 1394 Filter Driver>
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.5.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.4.5.0>
R2 CLBUDF (CyberLink InstantBurn UDF Filesystem) - c:\windows\system32\drivers\clbudf.sys <Not Verified; CyberLink Corporation.; UDF File System Driver>
R2 FolderProtectDriver - c:\program files\spotmau wincare 2008\sub\fsdriver\folderprotectdriver.sys

S1 OxUsb (oxUsb.Sys driver) - c:\windows\system32\drivers\oxusb.sys <Not Verified; OEM; OXUxxxx>
S2 tmcomm - c:\windows\system32\drivers\tmcomm.sys <Not Verified; Trend Micro Inc.; ActiveClean>
S3 catchme - c:\docume~1\lindsay\locals~1\temp\catchme.sys (file missing)
S3 OxUSBLF (Oxsemi USB filter driver) - c:\windows\system32\drivers\oxusblf.sys <Not Verified; OEM; OXUxxxx>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>
S3 WD_FireWire_HID (WD FireWire Pseudo-HID driver) - c:\windows\system32\drivers\wdfwhid.sys <Not Verified; Western Digital Technologies; WD External Storage>
S3 WDC_SAM (WD SCSI Pass Thru driver) - c:\windows\system32\drivers\wdcsam.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 bgsvcgen (B's Recorder GOLD Library General Service) - c:\windows\system32\bgsvcgen.exe <Not Verified; B.H.A Corporation; B's Recorder GOLD8>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 Capture Device Service - "c:\program files\common files\intervideo\deviceservice\devsvc.exe" <Not Verified; InterVideo Inc.; Capture Device Service>
R2 DVD-RAM_Service - c:\windows\system32\dvdramsv.exe <Not Verified; Matsubleepa Electric Industrial Co., Ltd.; >
R2 FolderProtectService - c:\program files\spotmau wincare 2008\sub\fsdriver\folderprotectservice.exe
R2 Remote Solver for COSMOSFloWorks 2006 - c:\program files\solidworks\cosmos\floworks\bincfw\standaloneslv.exe <Not Verified; ; StandAloneSlv Module>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4
Manufacturer: Marvell
Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4362&SUBSYS_81421043&REV_20\4&8D68EE5&0&00E4
Service: yukonwxp

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: Logitech QuickCam Pro 9000
Device ID: USB\VID_046D&PID_0990&MI_00\7&31491FA0&1&0000
Manufacturer: Logitech
Name: Logitech QuickCam Pro 9000
PNP Device ID: USB\VID_046D&PID_0990&MI_00\7&31491FA0&1&0000
Service: LVUVC

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
Device ID: USB\VID_0BDA&PID_8187\0015AF0B6FA8
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter
PNP Device ID: USB\VID_0BDA&PID_8187\0015AF0B6FA8
Service: RTLWUSB


-- Scheduled Tasks -------------------------------------------------------------

2008-02-21 02:00:20 1676 --a------ C:\WINDOWS\Tasks\wrSpySweeper_LFD59FBE67398473FB47424EE18E40A41.job


-- Files created between 2008-01-21 and 2008-02-21 -----------------------------

2008-02-21 08:35:16 0 d-------- C:\Program Files\Trend Micro
2008-02-20 23:34:55 0 d-------- C:\Program Files\Lavasoft
2008-02-20 23:34:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 23:06:41 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 22:26:45 0 d-------- C:\WINDOWS\BDOSCAN8
2008-02-17 20:10:10 0 d-------- C:\Program Files\BitDefender
2008-02-17 20:05:44 0 d-------- C:\Documents and Settings\All Users\Local Settings
2008-02-17 17:12:00 71172 --a------ C:\WINDOWS\system32\mdelk.exe
2008-02-17 01:16:25 1489920 --a------ C:\WINDOWS\system32\pdftk.exe
2008-02-10 13:14:54 0 d-------- C:\Program Files\Common Files\LogiShrd
2008-02-10 13:00:34 0 d-------- C:\Documents and Settings\Diane\Contacts
2008-02-10 06:01:06 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-09 23:58:05 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2008-02-09 23:58:03 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-09 23:58:03 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-09 23:58:03 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-09 16:11:57 0 d-------- C:\Documents and Settings\Lindsay\Contacts
2008-02-09 16:03:23 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-09 16:03:19 0 d-------- C:\Program Files\Windows Live
2008-02-09 16:03:14 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-09 14:01:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-02-09 14:01:31 0 d-------- C:\Program Files\Logitech
2008-02-09 14:01:31 0 d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-04 14:07:59 0 d-------- C:\Documents and Settings\Secaurin\Application Data\WinCare2008
2008-01-29 19:36:31 0 d-------- C:\Documents and Settings\Diane\Application Data\WinCare2008
2008-01-28 22:39:37 0 d-------- C:\Documents and Settings\Lindsay\Application Data\WinCare2008
2008-01-28 22:38:27 0 d-------- C:\Program Files\Spotmau WinCare 2008
2008-01-28 15:12:29 0 d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-21 21:23:06 164 --a------ C:\install.dat


-- Find3M Report ---------------------------------------------------------------

2008-02-20 23:06:41 0 d-------- C:\Program Files\Common Files
2008-02-17 23:22:43 0 d-------- C:\Documents and Settings\Lindsay\Application Data\Canon
2008-02-17 16:13:04 0 d-------- C:\Program Files\eMule
2008-02-17 15:47:49 81984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-10 10:34:24 0 d-------- C:\Program Files\Ahead
2008-02-10 00:21:25 0 d-------- C:\Documents and Settings\Lindsay\Application Data\Adobe
2008-02-09 23:59:45 0 d-------- C:\Documents and Settings\Lindsay\Application Data\Ahead
2008-02-09 23:59:44 0 d-------- C:\Program Files\Common Files\LightScribe
2008-02-09 21:37:30 0 d-------- C:\Program Files\Windows NT
2008-02-09 14:03:43 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-08 22:14:29 0 d-------- C:\Program Files\Online Services
2008-02-08 16:35:17 0 d-------- C:\Program Files\TBFDropZone
2008-01-28 15:14:57 0 d-------- C:\Documents and Settings\Lindsay\Application Data\Intuit
2008-01-28 15:11:03 0 d-------- C:\Program Files\Common Files\Intuit
2008-01-28 15:10:13 0 d-------- C:\Program Files\TurboTax
2008-01-16 23:06:14 0 d-------- C:\Program Files\Lighting Handbook
2008-01-09 22:42:39 0 d-------- C:\Program Files\AliveMedia
2008-01-09 15:01:48 53248 --a------ C:\WINDOWS\bdoscandel.exe
2008-01-08 22:34:11 0 d-------- C:\Program Files\TotalAudioConverter
2008-01-08 22:30:47 0 d-------- C:\Documents and Settings\Lindsay\Application Data\Softplicity
2008-01-08 00:02:12 0 d-------- C:\Program Files\BitTornado
2008-01-07 23:21:48 0 d-------- C:\Documents and Settings\Lindsay\Application Data\.BitTornado
2008-01-04 01:28:29 0 d-------- C:\Documents and Settings\Lindsay\Application Data\RipIt4Me
2008-01-03 23:04:01 0 d-------- C:\Program Files\FixVTS
2008-01-03 23:01:30 0 d-------- C:\Program Files\RipIt4Me
2008-01-03 22:56:55 0 d-------- C:\Program Files\DVD Shrink
2008-01-03 22:54:59 0 d-------- C:\Program Files\DVD Decrypter
2008-01-03 19:33:21 0 d-------- C:\Program Files\MagicDVDRipper
2008-01-01 16:31:58 0 d-------- C:\Program Files\Apple Software Update
2008-01-01 08:29:33 0 d-------- C:\Program Files\ASF-AVI-RM-WMV Repair
2007-12-31 23:50:18 0 d-------- C:\Documents and Settings\Lindsay\Application Data\AVG7
2007-12-31 22:25:14 0 d-------- C:\Program Files\ASUS WiFi-AP Solo
2007-12-31 17:36:37 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-30 21:45:11 0 d-------- C:\Program Files\Advanced System Optimizer
2007-12-28 20:26:48 0 d-------- C:\Program Files\Bonjour
2007-12-28 20:24:43 0 d-------- C:\Program Files\Better File Series
2007-12-28 20:24:41 0 d-------- C:\Program Files\Windows Desktop Search
2007-12-28 20:24:12 0 d-------- C:\Program Files\QuickTime
2007-12-18 23:24:47 33 --a------ C:\Documents and Settings\Lindsay\Application Data\pcouffin.log
2007-12-18 23:24:46 47360 --a------ C:\Documents and Settings\Lindsay\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-18 23:24:46 1144 --a------ C:\Documents and Settings\Lindsay\Application Data\pcouffin.inf
2007-12-18 23:24:46 7824 --a------ C:\Documents and Settings\Lindsay\Application Data\pcouffin.cat
2007-12-17 22:22:14 1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [11/04/2005 05:07 PM]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [07/13/2006 01:11 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [07/12/2007 03:00 AM]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [05/08/2003 10:00 AM]
"nwiz"="nwiz.exe" [11/06/2007 08:00 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [02/28/2006 06:00 AM C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [02/28/2006 06:00 AM C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [01/12/2006 03:40 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [02/07/2007 03:21 PM]
"CTxfiHlp"="CTXFIHLP.EXE" [12/12/2006 10:46 AM C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [12/12/2006 10:46 AM C:\WINDOWS\system32\CtHelper.exe]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [01/08/2006 08:43 PM]
"CheckRegDefragOnce"="regopt.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [10/25/2007 04:33 PM]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [10/25/2007 04:37 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [01/04/2008 08:56 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [02/28/2006 06:00 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2/10/2008 1:17:06 PM]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [11/25/2007 9:12:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [02/05/2007 02:39 PM 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=sockspy.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33a84b3a-0f49-11dc-aef9-0018f3ab7d5e}]
AutoRun\command- I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b69ed42-aa06-11dc-807f-0018f3ab7d5e}]
AutoRun\command- I:\LaunchU3.exe -a




-- End of Deckard's System Scanner: finished at 2008-02-21 21:25:09 ------------


EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START EXTRA LOGFILE START

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU @ 2.66GHz
CPU 1: Intel® Core™2 Quad CPU @ 2.66GHz
CPU 2: Intel® Core™2 Quad CPU @ 2.66GHz
CPU 3: Intel® Core™2 Quad CPU @ 2.66GHz
Percentage of Memory in Use: 15%
Physical Memory (total/avail): 3071.04 MiB / 2585.48 MiB
Pagefile Memory (total/avail): 7010.23 MiB / 6611.1 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1899.73 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 97.65 GiB total, 17.29 GiB free.
D: is Fixed (NTFS) - 368.1 GiB total, 346.14 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)

\\.\PHYSICALDRIVE0 - External Disk 0 - 465.76 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 97.65 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 368.1 GiB - D:

\\.\PHYSICALDRIVE2 - WD CR HS-5-IN-1 USB Device

\\.\PHYSICALDRIVE1 - WD CR HS-CF USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Bitdefender Antivirus v8.0 (Softwin)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe"="C:\\Program Files\\TurboTax\\Premier 2007\\32bit\\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"="C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Lindsay\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=QCORE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Lindsay
LOGONSERVER=\\QCORE
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Common Files\Ulead Systems\DVD;C:\Program Files\Lambda Research Corporation\TracePro\lib3dx\intel_a\code\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f07
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Lindsay\LOCALS~1\Temp
TMP=C:\DOCUME~1\Lindsay\LOCALS~1\Temp
USERDOMAIN=QCORE
USERNAME=Lindsay
USERPROFILE=C:\Documents and Settings\Lindsay
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Lindsay (admin)
Diane (admin)
Secaurin (admin)
Administrator.QCORE (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
--> "C:\Program Files\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
--> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\Program Files\Yahoo!\Yahoo! Music Jukebox\oggcodecs\uninst.exe
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\system32\UninstIPP.isu
--> MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}\setup.exe" REMOVEALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF18108B-E5D8-4EE9-96D4-DB9B9A311780}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06E3E953-0570-4DFF-A7B5-46114C390228}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EF644C7-1A0D-4B94-9AF5-AD04702094A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C229589D-CC1A-43FF-9507-CDED3AB85325}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8A544F4-AC5F-4B67-9C74-F3E976798797}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3C64B-2A22-48C5-857B-E952D7BE64F5}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FCCDA302-32D9-4AE7-A094-4BE677554F26}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acronis Disk Director Suite --> MsiExec.exe /X{2300EE96-0A41-4FAB-BD03-989EC44577A0}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Production Premium --> C:\Program Files\Common Files\Adobe\Installers\aefc483f26b23ab60cc5653016d5017\Setup.exe
Adobe Acrobat 8 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000003}
Adobe Acrobat 8.1.2 Professional --> msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe After Effects CS3 --> MsiExec.exe /I{EB0202F7-016A-410C-ADE4-40F848CCC661}
Adobe After Effects CS3 Presets --> MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe After Effects CS3 Template Projects & Footage --> MsiExec.exe /I{73E81E9B-7319-43AD-B7CC-1C61405E5089}
Adobe After Effects CS3 Third Party Content --> MsiExec.exe /I{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Creative Suite 3 Production Premium --> MsiExec.exe /I{40F2BCF4-4EED-4AD4-BFB6-A58946C561A1}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Encore CS3 --> MsiExec.exe /I{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}
Adobe Encore CS3 Codecs --> MsiExec.exe /I{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}
Adobe Encore CS3 Library --> MsiExec.exe /I{F1D93F5B-881F-49E3-BA56-B4B8FA991059}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Extension Manager CS3 --> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Video Encoder --> MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Glyphlet Creation Tool CS3 --> MsiExec.exe /I{243DA072-8E39-424A-86A3-F63152021383}
Adobe Help Center 2.1 --> MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71}
Adobe Help Viewer CS3 --> MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe MotionPicture Color Files --> MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Elements 5.0 --> msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}
Adobe Photoshop Lightroom --> MsiExec.exe /I{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}
Adobe Premiere Elements 3.0.2 --> msiexec /I {530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Premiere Elements 3.0.2 --> MsiExec.exe /I{530AFAFF-6F0A-48BB-88D0-04F9658322D3}
Adobe Premiere Elements 3.0.2 Templates --> MsiExec.exe /I{6EACDDF4-4220-49A3-9204-984C86852C3D}
Adobe Premiere Pro CS3 --> MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}
Adobe Premiere Pro CS3 Functional Content --> MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}
Adobe Premiere Pro CS3 Third Party Content --> MsiExec.exe /I{485ACF57-F364-440A-8496-E1E81C8FA1AA}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{BA67E3E1-25EE-4481-857D-D3CA99DA71C8}
Adobe Soundbooth CS3 --> MsiExec.exe /I{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}
Adobe Soundbooth CS3 Codecs --> MsiExec.exe /I{0327FA9D-975C-448C-A086-577D57BB25B8}
Adobe Soundbooth CS3 Scores --> MsiExec.exe /I{92A300C0-E97B-48CC-9702-AB1AAED167E1}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles --> MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3 --> MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3 --> MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3 --> MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Advanced System Optimizer 2 --> "C:\Program Files\Advanced System Optimizer\unins000.exe"
AHV content for Acrobat and Flash --> MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Alive MP3 WAV Converter version 3.9.3.2 --> "C:\Program Files\AliveMedia\MP3 WAV Converter\unins000.exe"
All Media Fixer 7.7 --> "C:\Program Files\All Media Fixer\unins000.exe"
AnswerWorks 4.0 Runtime - English --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
ASUS DH Remote --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}\Setup.exe" -l0x9
ASUS WiFi-AP Solo --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
AVS DVDMenu Editor 1.2.1.19 --> "C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Tools 5.6 --> "C:\Program Files\AVSMedia\VideoTools\unins000.exe"
BadCopy Pro --> C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG
BDAspy (remove only) --> C:\Program Files\Softwin\BDAspy\Uninstall.exe
Bentley Publishers - eBahn® --> C:\BENTLE~1 c:\BentleyPubs\eBahn\install.log
Better File Series 4.9.5 --> "C:\Program Files\Better File Series\unins000.exe"
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
Business Contact Manager for Outlook 2007 SP1 --> "C:\Program Files\Microsoft Small Business\Business Contact Manager\SetupBootstrap\Setup.exe" /remove {B32C4059-6E7A-41EF-AD20-56DF1872B923}
Business Contact Manager for Outlook 2007 SP1 --> MsiExec.exe /X{B32C4059-6E7A-41EF-AD20-56DF1872B923}
Canon MF Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01B93B3A-283F-411B-A648-69CABCACC986}\Setup.exe" -l0x9 -Uninstall
Canon MF Toolbox 4.9.1.1.mf01 --> MsiExec.exe /I{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}
CDRoller version 7.00 --> "C:\Program Files\CDRoller\unins000.exe"
COSMOSFloWorks --> MsiExec.exe /I{9944827A-6E24-429C-B232-406E58E19492}
COSMOSMotion 2006 SP04.1 --> MsiExec.exe /I{5D25B8F8-3D08-4510-8ACE-74020ACCDCDF}
COSMOSWorks 2006 SP04.1 --> MsiExec.exe /I{5AC6F03B-0186-4CC8-A67D-BA37FD504CC4}
Creative MediaSource 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative Software AutoUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07 --> "C:\Program Files\Cucusoft\avi-dvd-pro\unins000.exe"
CyberLink InstantBurn --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}\Setup.exe" -l0x9 -uninstall
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD-MovieAlbumSE 4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6391CAF3-0AED-4D3F-B904-C6209EC0C88D}\Setup.exe" -l0x9 UNINSTALL
DVD-RAM Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" -l0x9 DVD-RAM Driver
DVD Data Rescue 2.1 --> "C:\Program Files\dvddr\unins000.exe"
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
DVDfunSTUDIO --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A49098C1-980A-4C99-A579-4D10409AD899}\Setup.exe" -l0x9
DWGeditor --> MsiExec.exe /X{1CECDCCE-1D2D-46E8-9F02-CCFC93120B55}
eDrawings 2006 --> MsiExec.exe /I{E44895E5-15CA-48CB-B136-707E5183BEF3}
eMule --> "C:\Program Files\eMule\Uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Documents and Settings\Lindsay\My Documents\computer\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
Installation --> MsiExec.exe /I{419D01F5-4BDC-4111-9880-B2A90BE65B05}
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LabelPrint 2.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Lighting Handbook --> C:\WINDOWS\IsUninst.exe -f"c:\Program Files\Lighting Handbook\Uninst.isu"
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam --> MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech QuickCam Driver Package --> "C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.50.1145\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.50" /clone_wait /hide_progress
Magic DVD Ripper V4.3.1 --> "C:\Program Files\MagicDVDRipper\unins000.exe"
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Max Data Recovery 1.65 --> C:\Program Files\Max Data Recovery\Uninstall.exe
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internet Explorer 5 Web Accessories --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\IE5WA.inf, Uninstall
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Accounting 2007 --> "C:\Program Files\Microsoft Small Business\Small Business Accounting 2007\SetupBootstrap\Setup.exe" /remove {B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting 2007 --> MsiExec.exe /X{B0717D5A-1976-482B-9ADF-F19631A541A4}
Microsoft Office Accounting ADP Payroll Addin --> MsiExec.exe /I{5FA793A6-0071-42C1-9355-8F69A428C44F}
Microsoft Office Accounting Equifax Addin --> MsiExec.exe /X{8C711818-076E-475C-B95B-DF11CD9D8DBE}
Microsoft Office Accounting Fixed Asset Manager --> MsiExec.exe /X{46614A49-222A-48EF-87A9-BFD603E608E1}
Microsoft Office Accounting PayPal Addin --> MsiExec.exe /X{353D20CC-719B-4A60-AD33-D03F88C10330}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Small Business Connectivity Components --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Project 2000 SR-1 --> MsiExec.exe /I{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual Basic 6.0 Professional Edition --> "C:\Program Files\Microsoft Visual Studio\VB98\Setup\1033\Setup.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
MOVAVI VideoSuite 3.5 --> C:\Program Files\MOVAVI VideoSuite 3.5\uninst.exe
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSDN Library - Visual Studio 6.0a --> "C:\Program Files\Microsoft Visual Studio\MSDN98\98VSa\1033\Setup\Setup.exe"
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My Book RAID Manager --> MsiExec.exe /X{F0BFDB27-7F84-4641-869F-BB5E67D27245}
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nero Digital --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
NeroMIX --> C:\WINDOWS\UNNMIX.exe /UNINSTALL
NUCLEUS KERNEL for CD-DVD 1.8 --> "C:\Program Files\Nucleus\NUCLEUS KERNEL for CD-DVD\Uninst\unins000.exe"
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
OmniPage SE 2.0 --> MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PDF Settings --> MsiExec.exe /I{DC017035-1939-425F-8F86-63B462C76C6A}
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\Setup.exe" -uninstall
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup 2.5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDirector --> "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PowerDVD Copy 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\setup.exe" -uninstall
PowerDVD Ultra --> "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x000409 /z-uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
Presto! PageManager 6.03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BE42A03-E7B8-42A9-B1BB-FC48B03D58B8}\Setup.exe" -l0x9 anything
Procesor Driver --> regsvr32 /u /s "C:\Program Files\Toolbar\like_googlenew1.1a.dll"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel Protection Installer 7.3.0 --> MsiExec.exe /I{404C18ED-873A-4191-BA03-30F627445418}
SetupBadCDDVDRecovery --> MsiExec.exe /I{68C2B052-B49E-43BF-8190-9811BB7502C7}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SolidWorks 2006-2007 Student Edition --> MsiExec.exe /X{44F6D111-8407-4E7B-AD20-04B9BE377C3D}
SopCast 1.1.2 --> C:\Program Files\SopCast\uninst.exe
Sound Blaster X-Fi --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
Spotmau Wincare 2008 --> "C:\Program Files\Spotmau WinCare 2008\unins000.exe"
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Topaz DeJPEG (freeware) --> MsiExec.exe /I{80A35F57-8C90-42A2-AD77-7D39F1FEC1C9}
Topaz Enhance --> MsiExec.exe /I{7A0E3387-C4E7-48D9-B8B9-2A24ECC755EA}
Topaz Moment --> MsiExec.exe /I{D392E98A-6DC2-4548-85AC-F48819892B6B}
Topaz Vivacity --> MsiExec.exe /I{C13A8E73-7E98-4295-BA94-6931701CD1F9}
TracePro --> C:\Program Files\InstallShield Installation Information\{F2EB5822-62CF-4FCF-BA5A-C8FBB08C3536}\setup.exe -runfromtemp -l0x0009 -removeonly
TraceProBridge --> C:\Program Files\InstallShield Installation Information\{B007FFBC-29B8-4F31-91C9-4281AF6EBBA8}\setup.exe -runfromtemp -l0x0009 -removeonly
TransferBigFiles.com Drop Zone --> "C:\Program Files\TBFDropZone\uninstall.exe"
TurboTax Premier 2007 --> C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
Ulead CD & DVD PictureShow 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F6199F9-9BED-4B43-9E5C-8495086EE714}\setup.exe" -l0x9
Ulead COOL 360 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC1FBAF2-2B8D-4E9D-B881-37D1A52E77C5}\Setup.exe" -l0x9
Ulead DVD MovieFactory 6 --> C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
Ulead Photo Explorer 8.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{025C3792-E9C6-432A-92C1-661F99D021CA}\Setup.exe" -l0x9
Ulead PhotoImpact 12 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11AFE21E-B193-430D-B57A-DFF7815BB962}\Setup.exe" -l0x9
Update for Outlook 2007 Junk Email Filter (kb944965) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {EA8C80AA-31D6-43F0-8CD8-CA85479A34F1}
VideoLAN VLC media player 0.8.6b --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"
Yahoo! Music Jukebox --> MsiExec.exe /X{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}


-- Application Event Log -------------------------------------------------------

Event Record #/Type30964 / Warning
Event Submitted/Written: 02/21/2008 08:51:36 PM
Event ID/Source: 3 / SQLBrowser
Event Description:
The configuration of the AdminConnection\TCP protocol in the SQL instance MSSMLBIZ is not valid.

Event Record #/Type30960 / Warning
Event Submitted/Written: 02/21/2008 08:51:35 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam' failed during request for component '{62BA7C13-20BB-41F7-A6A4-482632CE53D4}'

Event Record #/Type30959 / Warning
Event Submitted/Written: 02/21/2008 08:51:35 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.

Event Record #/Type30954 / Success
Event Submitted/Written: 02/21/2008 08:51:35 PM
Event ID/Source: 2570 / Adobe Active File Monitor 5.0
Event Description:
Adobe Active File Monitor Service has Started.

Event Record #/Type30950 / Warning
Event Submitted/Written: 02/21/2008 08:50:28 AM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}', feature 'QuickCam', component '{B52C7B4D-F46F-438C-ADF2-05A138C57757}' failed. The resource 'HKEY_CURRENT_USER\Software\Logitech\InstallerKeys\QCDesktopShortcutKey' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type11447 / Error
Event Submitted/Written: 02/21/2008 09:16:37 PM
Event ID/Source: 1002 / Dhcp
Event Description:
The IP address lease 192.168.1.106 for the Network Card with network address 0018F3AB7D5E has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Event Record #/Type11435 / Error
Event Submitted/Written: 02/21/2008 08:56:38 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460

Event Record #/Type11430 / Error
Event Submitted/Written: 02/21/2008 08:52:59 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The tmcomm service failed to start due to the following error:
%%2001

Event Record #/Type11429 / Error
Event Submitted/Written: 02/21/2008 08:52:59 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The Wireless Zero Configuration service depends on the NDIS Usermode I/O Protocol service which failed to start because of the following error:
%%1058

Event Record #/Type11420 / Error
Event Submitted/Written: 02/21/2008 09:00:09 AM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Computer Browser service terminated with the following error:
%%1460



-- End of Deckard's System Scanner: finished at 2008-02-21 21:25:09 ------------

BC AdBot (Login to Remove)

 


#2 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:04:19 PM

Posted 23 February 2008 - 12:44 AM

Hello rtb1314 and welcome to BC :thumbsup:

My name is SNOWHITE and I will be helping you with your Malware problem.

You have one really nasty infection there..

Do not disable system restore!

Please follow the steps below exactly in the order they are written:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Please post back with combofix report and HijackThis log.

Regards,
SNOWHITE
Posted Image

#3 rtb1314

rtb1314
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 23 February 2008 - 02:18 PM

Hi Snowhite,

Thanks for all your time and help - logs are included.
I have performed the combofix - what kind of malware were all the exe files

I reinstalled HJT and it runs OK now.
I am currently have no AV installed I was working with bitdefender tech support when all this hit the fan and I switched over to you guys after they asked to do certain things to reinstall AV 2008 that I didn't feel comfortable with.
I have a cleaner download and the new AV2008 here allow me thinks I should possibly redownload when you say we're ready to bring up AV software on my system.
Q. Should I stick with the BD AV2008 and spysweeper combo or go back to norton? - just your opinion.
I also read that online communities fighting back is growing.....yay!

THE LOGS - COMBO 1st then HJT

ComboFix 08-02-23.2 - Lindsay 2008-02-23 10:03:09.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2530 [GMT -6:00]
Running from: C:\Documents and Settings\Lindsay\Desktop\Combo-Fix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\101171.exe
C:\WINDOWS\system32\drivers\down\101625.exe
C:\WINDOWS\system32\drivers\down\102062.exe
C:\WINDOWS\system32\drivers\down\102859.exe
C:\WINDOWS\system32\drivers\down\107625.exe
C:\WINDOWS\system32\drivers\down\110250.exe
C:\WINDOWS\system32\drivers\down\112171.exe
C:\WINDOWS\system32\drivers\down\114515.exe
C:\WINDOWS\system32\drivers\down\117718.exe
C:\WINDOWS\system32\drivers\down\118296.exe
C:\WINDOWS\system32\drivers\down\118640.exe
C:\WINDOWS\system32\drivers\down\119343.exe
C:\WINDOWS\system32\drivers\down\120015.exe
C:\WINDOWS\system32\drivers\down\122140.exe
C:\WINDOWS\system32\drivers\down\122281.exe
C:\WINDOWS\system32\drivers\down\122578.exe
C:\WINDOWS\system32\drivers\down\123000.exe
C:\WINDOWS\system32\drivers\down\123484.exe
C:\WINDOWS\system32\drivers\down\124546.exe
C:\WINDOWS\system32\drivers\down\124671.exe
C:\WINDOWS\system32\drivers\down\125359.exe
C:\WINDOWS\system32\drivers\down\125531.exe
C:\WINDOWS\system32\drivers\down\126171.exe
C:\WINDOWS\system32\drivers\down\126312.exe
C:\WINDOWS\system32\drivers\down\126750.exe
C:\WINDOWS\system32\drivers\down\128437.exe
C:\WINDOWS\system32\drivers\down\128531.exe
C:\WINDOWS\system32\drivers\down\129046.exe
C:\WINDOWS\system32\drivers\down\129625.exe
C:\WINDOWS\system32\drivers\down\130281.exe
C:\WINDOWS\system32\drivers\down\130609.exe
C:\WINDOWS\system32\drivers\down\130812.exe
C:\WINDOWS\system32\drivers\down\132812.exe
C:\WINDOWS\system32\drivers\down\133156.exe
C:\WINDOWS\system32\drivers\down\133171.exe
C:\WINDOWS\system32\drivers\down\134609.exe
C:\WINDOWS\system32\drivers\down\135234.exe
C:\WINDOWS\system32\drivers\down\135875.exe
C:\WINDOWS\system32\drivers\down\135953.exe
C:\WINDOWS\system32\drivers\down\136546.exe
C:\WINDOWS\system32\drivers\down\138093.exe
C:\WINDOWS\system32\drivers\down\138500.exe
C:\WINDOWS\system32\drivers\down\140703.exe
C:\WINDOWS\system32\drivers\down\140937.exe
C:\WINDOWS\system32\drivers\down\141062.exe
C:\WINDOWS\system32\drivers\down\142906.exe
C:\WINDOWS\system32\drivers\down\143671.exe
C:\WINDOWS\system32\drivers\down\144531.exe
C:\WINDOWS\system32\drivers\down\144859.exe
C:\WINDOWS\system32\drivers\down\145328.exe
C:\WINDOWS\system32\drivers\down\145859.exe
C:\WINDOWS\system32\drivers\down\145906.exe
C:\WINDOWS\system32\drivers\down\146296.exe
C:\WINDOWS\system32\drivers\down\146984.exe
C:\WINDOWS\system32\drivers\down\14702500.exe
C:\WINDOWS\system32\drivers\down\14703531.exe
C:\WINDOWS\system32\drivers\down\14704812.exe
C:\WINDOWS\system32\drivers\down\14739203.exe
C:\WINDOWS\system32\drivers\down\14739484.exe
C:\WINDOWS\system32\drivers\down\14746578.exe
C:\WINDOWS\system32\drivers\down\14748484.exe
C:\WINDOWS\system32\drivers\down\14751437.exe
C:\WINDOWS\system32\drivers\down\14753500.exe
C:\WINDOWS\system32\drivers\down\14760109.exe
C:\WINDOWS\system32\drivers\down\14763578.exe
C:\WINDOWS\system32\drivers\down\14764765.exe
C:\WINDOWS\system32\drivers\down\14765468.exe
C:\WINDOWS\system32\drivers\down\14769937.exe
C:\WINDOWS\system32\drivers\down\14772406.exe
C:\WINDOWS\system32\drivers\down\14774515.exe
C:\WINDOWS\system32\drivers\down\147859.exe
C:\WINDOWS\system32\drivers\down\14799859.exe
C:\WINDOWS\system32\drivers\down\14802140.exe
C:\WINDOWS\system32\drivers\down\150515.exe
C:\WINDOWS\system32\drivers\down\150703.exe
C:\WINDOWS\system32\drivers\down\150734.exe
C:\WINDOWS\system32\drivers\down\151250.exe
C:\WINDOWS\system32\drivers\down\15174343.exe
C:\WINDOWS\system32\drivers\down\153281.exe
C:\WINDOWS\system32\drivers\down\153421.exe
C:\WINDOWS\system32\drivers\down\153609.exe
C:\WINDOWS\system32\drivers\down\153718.exe
C:\WINDOWS\system32\drivers\down\15449796.exe
C:\WINDOWS\system32\drivers\down\154609.exe
C:\WINDOWS\system32\drivers\down\154843.exe
C:\WINDOWS\system32\drivers\down\155000.exe
C:\WINDOWS\system32\drivers\down\155078.exe
C:\WINDOWS\system32\drivers\down\156359.exe
C:\WINDOWS\system32\drivers\down\157125.exe
C:\WINDOWS\system32\drivers\down\157546.exe
C:\WINDOWS\system32\drivers\down\159125.exe
C:\WINDOWS\system32\drivers\down\159828.exe
C:\WINDOWS\system32\drivers\down\161328.exe
C:\WINDOWS\system32\drivers\down\161843.exe
C:\WINDOWS\system32\drivers\down\16319468.exe
C:\WINDOWS\system32\drivers\down\16336000.exe
C:\WINDOWS\system32\drivers\down\16336343.exe
C:\WINDOWS\system32\drivers\down\16344281.exe
C:\WINDOWS\system32\drivers\down\16346578.exe
C:\WINDOWS\system32\drivers\down\16351890.exe
C:\WINDOWS\system32\drivers\down\16353984.exe
C:\WINDOWS\system32\drivers\down\16359875.exe
C:\WINDOWS\system32\drivers\down\16362656.exe
C:\WINDOWS\system32\drivers\down\16364000.exe
C:\WINDOWS\system32\drivers\down\16374250.exe
C:\WINDOWS\system32\drivers\down\16377546.exe
C:\WINDOWS\system32\drivers\down\16379906.exe
C:\WINDOWS\system32\drivers\down\16381312.exe
C:\WINDOWS\system32\drivers\down\163937.exe
C:\WINDOWS\system32\drivers\down\16407593.exe
C:\WINDOWS\system32\drivers\down\16416312.exe
C:\WINDOWS\system32\drivers\down\164640.exe
C:\WINDOWS\system32\drivers\down\164843.exe
C:\WINDOWS\system32\drivers\down\164890.exe
C:\WINDOWS\system32\drivers\down\165078.exe
C:\WINDOWS\system32\drivers\down\165484.exe
C:\WINDOWS\system32\drivers\down\166421.exe
C:\WINDOWS\system32\drivers\down\166953.exe
C:\WINDOWS\system32\drivers\down\167687.exe
C:\WINDOWS\system32\drivers\down\167796.exe
C:\WINDOWS\system32\drivers\down\168546.exe
C:\WINDOWS\system32\drivers\down\168671.exe
C:\WINDOWS\system32\drivers\down\169500.exe
C:\WINDOWS\system32\drivers\down\169828.exe
C:\WINDOWS\system32\drivers\down\170156.exe
C:\WINDOWS\system32\drivers\down\170765.exe
C:\WINDOWS\system32\drivers\down\171359.exe
C:\WINDOWS\system32\drivers\down\172796.exe
C:\WINDOWS\system32\drivers\down\173437.exe
C:\WINDOWS\system32\drivers\down\173671.exe
C:\WINDOWS\system32\drivers\down\173843.exe
C:\WINDOWS\system32\drivers\down\173875.exe
C:\WINDOWS\system32\drivers\down\174953.exe
C:\WINDOWS\system32\drivers\down\176031.exe
C:\WINDOWS\system32\drivers\down\176953.exe
C:\WINDOWS\system32\drivers\down\177734.exe
C:\WINDOWS\system32\drivers\down\180296.exe
C:\WINDOWS\system32\drivers\down\182312.exe
C:\WINDOWS\system32\drivers\down\182937.exe
C:\WINDOWS\system32\drivers\down\183828.exe
C:\WINDOWS\system32\drivers\down\187234.exe
C:\WINDOWS\system32\drivers\down\187437.exe
C:\WINDOWS\system32\drivers\down\189015.exe
C:\WINDOWS\system32\drivers\down\189625.exe
C:\WINDOWS\system32\drivers\down\190281.exe
C:\WINDOWS\system32\drivers\down\191453.exe
C:\WINDOWS\system32\drivers\down\191890.exe
C:\WINDOWS\system32\drivers\down\191906.exe
C:\WINDOWS\system32\drivers\down\194000.exe
C:\WINDOWS\system32\drivers\down\194203.exe
C:\WINDOWS\system32\drivers\down\194875.exe
C:\WINDOWS\system32\drivers\down\195046.exe
C:\WINDOWS\system32\drivers\down\197890.exe
C:\WINDOWS\system32\drivers\down\198546.exe
C:\WINDOWS\system32\drivers\down\199531.exe
C:\WINDOWS\system32\drivers\down\200500.exe
C:\WINDOWS\system32\drivers\down\200625.exe
C:\WINDOWS\system32\drivers\down\201890.exe
C:\WINDOWS\system32\drivers\down\202640.exe
C:\WINDOWS\system32\drivers\down\203859.exe
C:\WINDOWS\system32\drivers\down\204296.exe
C:\WINDOWS\system32\drivers\down\208968.exe
C:\WINDOWS\system32\drivers\down\210890.exe
C:\WINDOWS\system32\drivers\down\211046.exe
C:\WINDOWS\system32\drivers\down\211484.exe
C:\WINDOWS\system32\drivers\down\214281.exe
C:\WINDOWS\system32\drivers\down\215437.exe
C:\WINDOWS\system32\drivers\down\216718.exe
C:\WINDOWS\system32\drivers\down\219687.exe
C:\WINDOWS\system32\drivers\down\222312.exe
C:\WINDOWS\system32\drivers\down\226187.exe
C:\WINDOWS\system32\drivers\down\226234.exe
C:\WINDOWS\system32\drivers\down\228890.exe
C:\WINDOWS\system32\drivers\down\228921.exe
C:\WINDOWS\system32\drivers\down\232281.exe
C:\WINDOWS\system32\drivers\down\238437.exe
C:\WINDOWS\system32\drivers\down\239953.exe
C:\WINDOWS\system32\drivers\down\243593.exe
C:\WINDOWS\system32\drivers\down\246062.exe
C:\WINDOWS\system32\drivers\down\247687.exe
C:\WINDOWS\system32\drivers\down\248796.exe
C:\WINDOWS\system32\drivers\down\249312.exe
C:\WINDOWS\system32\drivers\down\250625.exe
C:\WINDOWS\system32\drivers\down\251453.exe
C:\WINDOWS\system32\drivers\down\252328.exe
C:\WINDOWS\system32\drivers\down\253296.exe
C:\WINDOWS\system32\drivers\down\263312.exe
C:\WINDOWS\system32\drivers\down\263671.exe
C:\WINDOWS\system32\drivers\down\272234.exe
C:\WINDOWS\system32\drivers\down\274218.exe
C:\WINDOWS\system32\drivers\down\277171.exe
C:\WINDOWS\system32\drivers\down\279406.exe
C:\WINDOWS\system32\drivers\down\284421.exe
C:\WINDOWS\system32\drivers\down\286171.exe
C:\WINDOWS\system32\drivers\down\2864328.exe
C:\WINDOWS\system32\drivers\down\2868703.exe
C:\WINDOWS\system32\drivers\down\287062.exe
C:\WINDOWS\system32\drivers\down\2870734.exe
C:\WINDOWS\system32\drivers\down\287656.exe
C:\WINDOWS\system32\drivers\down\2880375.exe
C:\WINDOWS\system32\drivers\down\2880656.exe
C:\WINDOWS\system32\drivers\down\288281.exe
C:\WINDOWS\system32\drivers\down\2886046.exe
C:\WINDOWS\system32\drivers\down\2887812.exe
C:\WINDOWS\system32\drivers\down\288906.exe
C:\WINDOWS\system32\drivers\down\2889703.exe
C:\WINDOWS\system32\drivers\down\2891640.exe
C:\WINDOWS\system32\drivers\down\2901062.exe
C:\WINDOWS\system32\drivers\down\2908046.exe
C:\WINDOWS\system32\drivers\down\2908921.exe
C:\WINDOWS\system32\drivers\down\2910218.exe
C:\WINDOWS\system32\drivers\down\2910875.exe
C:\WINDOWS\system32\drivers\down\2913062.exe
C:\WINDOWS\system32\drivers\down\291359.exe
C:\WINDOWS\system32\drivers\down\2915281.exe
C:\WINDOWS\system32\drivers\down\292625.exe
C:\WINDOWS\system32\drivers\down\2940000.exe
C:\WINDOWS\system32\drivers\down\2942343.exe
C:\WINDOWS\system32\drivers\down\306390.exe
C:\WINDOWS\system32\drivers\down\30890296.exe
C:\WINDOWS\system32\drivers\down\30891937.exe
C:\WINDOWS\system32\drivers\down\30894328.exe
C:\WINDOWS\system32\drivers\down\30911859.exe
C:\WINDOWS\system32\drivers\down\30912140.exe
C:\WINDOWS\system32\drivers\down\30919765.exe
C:\WINDOWS\system32\drivers\down\30921656.exe
C:\WINDOWS\system32\drivers\down\30924281.exe
C:\WINDOWS\system32\drivers\down\30927687.exe
C:\WINDOWS\system32\drivers\down\30933437.exe
C:\WINDOWS\system32\drivers\down\30957656.exe
C:\WINDOWS\system32\drivers\down\30961421.exe
C:\WINDOWS\system32\drivers\down\30964968.exe
C:\WINDOWS\system32\drivers\down\30971328.exe
C:\WINDOWS\system32\drivers\down\30972734.exe
C:\WINDOWS\system32\drivers\down\31010484.exe
C:\WINDOWS\system32\drivers\down\31024921.exe
C:\WINDOWS\system32\drivers\down\318109.exe
C:\WINDOWS\system32\drivers\down\322125.exe
C:\WINDOWS\system32\drivers\down\3447468.exe
C:\WINDOWS\system32\drivers\down\3451421.exe
C:\WINDOWS\system32\drivers\down\3455406.exe
C:\WINDOWS\system32\drivers\down\3493515.exe
C:\WINDOWS\system32\drivers\down\3493765.exe
C:\WINDOWS\system32\drivers\down\3730984.exe
C:\WINDOWS\system32\drivers\down\3736718.exe
C:\WINDOWS\system32\drivers\down\3780937.exe
C:\WINDOWS\system32\drivers\down\3781968.exe
C:\WINDOWS\system32\drivers\down\3791406.exe
C:\WINDOWS\system32\drivers\down\3794031.exe
C:\WINDOWS\system32\drivers\down\3796437.exe
C:\WINDOWS\system32\drivers\down\3798828.exe
C:\WINDOWS\system32\drivers\down\3804609.exe
C:\WINDOWS\system32\drivers\down\3808843.exe
C:\WINDOWS\system32\drivers\down\3810656.exe
C:\WINDOWS\system32\drivers\down\3811500.exe
C:\WINDOWS\system32\drivers\down\3812375.exe
C:\WINDOWS\system32\drivers\down\3815578.exe
C:\WINDOWS\system32\drivers\down\396593.exe
C:\WINDOWS\system32\drivers\down\398953.exe
C:\WINDOWS\system32\drivers\down\4083046.exe
C:\WINDOWS\system32\drivers\down\4112078.exe
C:\WINDOWS\system32\drivers\down\4125375.exe
C:\WINDOWS\system32\drivers\down\43811593.exe
C:\WINDOWS\system32\drivers\down\43815859.exe
C:\WINDOWS\system32\drivers\down\43817046.exe
C:\WINDOWS\system32\drivers\down\43818484.exe
C:\WINDOWS\system32\drivers\down\43831062.exe
C:\WINDOWS\system32\drivers\down\43831343.exe
C:\WINDOWS\system32\drivers\down\43837296.exe
C:\WINDOWS\system32\drivers\down\43839671.exe
C:\WINDOWS\system32\drivers\down\43842125.exe
C:\WINDOWS\system32\drivers\down\43844578.exe
C:\WINDOWS\system32\drivers\down\43849531.exe
C:\WINDOWS\system32\drivers\down\43851718.exe
C:\WINDOWS\system32\drivers\down\43852312.exe
C:\WINDOWS\system32\drivers\down\43852875.exe
C:\WINDOWS\system32\drivers\down\43856609.exe
C:\WINDOWS\system32\drivers\down\43885812.exe
C:\WINDOWS\system32\drivers\down\43888468.exe
C:\WINDOWS\system32\drivers\down\43917437.exe
C:\WINDOWS\system32\drivers\down\43927187.exe
C:\WINDOWS\system32\drivers\down\439812.exe
C:\WINDOWS\system32\drivers\down\440156.exe
C:\WINDOWS\system32\drivers\down\469000.exe
C:\WINDOWS\system32\drivers\down\472093.exe
C:\WINDOWS\system32\drivers\down\476656.exe
C:\WINDOWS\system32\drivers\down\486765.exe
C:\WINDOWS\system32\drivers\down\497328.exe
C:\WINDOWS\system32\drivers\down\501343.exe
C:\WINDOWS\system32\drivers\down\502140.exe
C:\WINDOWS\system32\drivers\down\502984.exe
C:\WINDOWS\system32\drivers\down\503734.exe
C:\WINDOWS\system32\drivers\down\506656.exe
C:\WINDOWS\system32\drivers\down\509296.exe
C:\WINDOWS\system32\drivers\down\535765.exe
C:\WINDOWS\system32\drivers\down\562234.exe
C:\WINDOWS\system32\drivers\down\75718.exe
C:\WINDOWS\system32\drivers\down\78000.exe
C:\WINDOWS\system32\drivers\down\79015.exe
C:\WINDOWS\system32\drivers\down\79421.exe
C:\WINDOWS\system32\drivers\down\81312.exe
C:\WINDOWS\system32\drivers\down\81890.exe
C:\WINDOWS\system32\drivers\down\82687.exe
C:\WINDOWS\system32\drivers\down\82750.exe
C:\WINDOWS\system32\drivers\down\83187.exe
C:\WINDOWS\system32\drivers\down\84015.exe
C:\WINDOWS\system32\drivers\down\86203.exe
C:\WINDOWS\system32\drivers\down\86515.exe
C:\WINDOWS\system32\drivers\down\89281.exe
C:\WINDOWS\system32\drivers\down\99203.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.

2008-02-21 21:21 . 2008-02-21 21:21 <DIR> d-------- C:\Deckard
2008-02-21 08:35 . 2008-02-21 08:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 07:41 . 2008-02-21 07:41 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-20 23:34 . 2008-02-20 23:34 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-20 23:34 . 2008-02-20 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 23:06 . 2008-02-20 23:06 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-18 07:49 . 2008-02-18 07:49 <DIR> d-------- C:\Program Files\Softwin
2008-02-17 22:26 . 2008-02-18 05:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-17 20:10 . 2008-02-17 22:12 <DIR> d-------- C:\Program Files\BitDefender
2008-02-17 01:16 . 2004-11-08 15:34 1,489,920 --a------ C:\WINDOWS\system32\pdftk.exe
2008-02-10 13:21 . 2007-10-11 20:00 3,647,384 -ra------ C:\WINDOWS\system32\drivers\lvuvc.sys
2008-02-10 13:21 . 2007-10-11 19:59 1,920,920 -ra------ C:\WINDOWS\system32\drivers\lvpopflt.sys
2008-02-10 13:21 . 2007-10-11 20:00 490,008 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-02-10 13:21 . 2007-10-11 20:00 465,432 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-02-10 13:21 . 2007-10-11 19:57 416,280 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-02-10 13:21 . 2007-10-11 19:57 195,096 -ra------ C:\WINDOWS\system32\lvci1150.dll
2008-02-10 13:21 . 2007-10-11 19:11 59,500 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-02-10 13:21 . 2007-10-11 20:00 41,752 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-02-10 13:21 . 2007-10-11 20:01 23,832 -ra------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-02-10 13:21 . 2007-10-11 19:18 21,138 -ra------ C:\WINDOWS\system32\Repository.reg
2008-02-10 13:14 . 2008-02-10 13:21 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-02-10 13:13 . 2008-02-10 13:13 268 --ah----- C:\sqmdata01.sqm
2008-02-10 13:13 . 2008-02-10 13:13 244 --ah----- C:\sqmnoopt01.sqm
2008-02-10 13:05 . 2008-02-10 13:05 268 --ah----- C:\sqmdata00.sqm
2008-02-10 13:05 . 2008-02-10 13:05 244 --ah----- C:\sqmnoopt00.sqm
2008-02-10 13:00 . 2008-02-10 13:23 <DIR> d-------- C:\Documents and Settings\Diane\Contacts
2008-02-10 06:01 . 2008-02-10 06:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-09 23:58 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-02-09 23:58 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-02-09 23:58 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-02-09 23:58 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-02-09 23:58 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-02-09 23:58 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-09 16:11 . 2008-02-09 19:26 <DIR> d-------- C:\Documents and Settings\Lindsay\Contacts
2008-02-09 16:03 . 2008-02-09 16:05 <DIR> d-------- C:\Program Files\Windows Live
2008-02-09 16:03 . 2008-02-09 16:04 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-09 16:03 . 2008-02-09 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-09 14:05 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-02-09 14:03 . 2008-02-09 14:03 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-02-09 14:01 . 2008-02-10 13:14 <DIR> d-------- C:\Program Files\Logitech
2008-02-09 14:01 . 2008-02-09 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-09 14:01 . 2008-02-10 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-02-04 14:07 . 2008-02-04 14:07 <DIR> d-------- C:\Documents and Settings\Secaurin\Application Data\WinCare2008
2008-01-29 19:36 . 2008-01-29 19:36 <DIR> d-------- C:\Documents and Settings\Diane\Application Data\WinCare2008
2008-01-28 22:49 . 2008-01-29 01:17 1,600 --a------ C:\help.zip_zip_Data Recovery.hhp.cached
2008-01-28 22:39 . 2008-01-28 22:39 <DIR> d-------- C:\Documents and Settings\Lindsay\Application Data\WinCare2008
2008-01-28 22:38 . 2008-02-21 07:33 <DIR> d-------- C:\Program Files\Spotmau WinCare 2008
2008-01-28 15:12 . 2008-01-28 15:12 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-28 15:11 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 16:45 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-02-23 16:45 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-02-23 16:27 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-21 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-18 05:22 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Canon
2008-02-18 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-17 22:13 --------- d-----w C:\Program Files\eMule
2008-02-10 16:34 --------- d-----w C:\Program Files\Ahead
2008-02-10 05:59 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-10 05:59 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Ahead
2008-02-09 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 22:35 --------- d-----w C:\Program Files\TBFDropZone
2008-01-28 21:14 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Intuit
2008-01-28 21:11 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-28 21:10 --------- d-----w C:\Program Files\TurboTax
2008-01-22 03:23 164 ----a-w C:\install.dat
2008-01-17 05:06 --------- d-----w C:\Program Files\Lighting Handbook
2008-01-10 04:42 --------- d-----w C:\Program Files\AliveMedia
2008-01-09 21:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 04:34 --------- d-----w C:\Program Files\TotalAudioConverter
2008-01-09 04:30 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Softplicity
2008-01-08 06:02 --------- d-----w C:\Program Files\BitTornado
2008-01-08 05:21 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\.BitTornado
2008-01-05 02:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 02:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 02:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 02:34 20,336 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-05 02:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-04 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-04 07:28 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\RipIt4Me
2008-01-04 05:04 --------- d-----w C:\Program Files\FixVTS
2008-01-04 05:01 --------- d-----w C:\Program Files\RipIt4Me
2008-01-04 04:56 --------- d-----w C:\Program Files\DVD Shrink
2008-01-04 04:54 --------- d-----w C:\Program Files\DVD Decrypter
2008-01-04 01:33 --------- d-----w C:\Program Files\MagicDVDRipper
2008-01-01 22:31 --------- d-----w C:\Program Files\Apple Software Update
2008-01-01 14:29 --------- d-----w C:\Program Files\ASF-AVI-RM-WMV Repair
2008-01-01 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-01 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-01 05:50 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\AVG7
2008-01-01 05:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-01 04:25 --------- d-----w C:\Program Files\ASUS WiFi-AP Solo
2008-01-01 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 03:45 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-12-29 02:26 --------- d-----w C:\Program Files\Bonjour
2007-12-29 02:24 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-29 02:24 --------- d-----w C:\Program Files\QuickTime
2007-12-29 02:24 --------- d-----w C:\Program Files\Better File Series
2007-12-19 05:24 87,608 ----a-w C:\Documents and Settings\Lindsay\Application Data\ezpinst.exe
2007-12-19 05:24 47,360 ----a-w C:\Documents and Settings\Lindsay\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@={D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@={8A814C29-D3CD-4F9E-9770-DF8704503ACA}

[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2007-12-03 09:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2007-12-03 09:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 06:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 17:07 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 13:11 122880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-02-28 06:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-02-28 06:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-08 20:43 53340]
"CheckRegDefragOnce"="regopt.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-02-10 13:17:06 66864]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-11-25 21:12:43 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

R0 CLBStor;InstantBurn Storage Helper Driver;C:\WINDOWS\system32\drivers\CLBStor.sys [2006-12-21 17:53]
R1 OxFWLF;OxFWLF;C:\WINDOWS\system32\drivers\OxFWLF.sys [2006-05-18 18:41]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\WINDOWS\system32\drivers\CLBUDF.sys [2006-12-21 17:53]
R2 FolderProtectDriver;FolderProtectDriver;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectDriver.sys [2007-09-05 15:51]
R2 FolderProtectService;FolderProtectService;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe [2007-12-22 16:23]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 04:29]
S1 OxUsb;oxUsb.Sys driver;C:\WINDOWS\system32\DRIVERS\oxusb.sys [2006-05-18 18:41]
S3 OxUSBLF;Oxsemi USB filter driver;C:\WINDOWS\system32\DRIVERS\OxUSBLF.sys [2006-10-04 12:56]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-10-23 02:45]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33a84b3a-0f49-11dc-aef9-0018f3ab7d5e}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b69ed42-aa06-11dc-807f-0018f3ab7d5e}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-23 15:48:50 C:\WINDOWS\Tasks\wrSpySweeper_LFD59FBE67398473FB47424EE18E40A41.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_LFD59FBE67398473FB47424EE18E40A41
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 10:50:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-02-23 10:53:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-23 16:53:42
.
2008-02-13 12:03:47 --- E O F ---

HIJACK THIS LOG STARTS HERE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:41 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Lindsay\Desktop\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [CheckRegDefragOnce] regopt.exe -checkdefrag
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.8.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174800672546
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 12375 bytes

#4 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:04:19 PM

Posted 24 February 2008 - 01:36 AM

Hello rtb1314,

I have performed the combofix - what kind of malware were all the exe files


You had a couple of undesirable infections : Trojan.Mitglieder.Q - backdoor/proxy, W32.Beagle.GM etc.

I recommend these actions:

1) use a known secure computer to change all of your online passwords
2) contact your bank and credit card company for possible unauthorized transactions

More info can be found here:


How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?



Should I stick with the BD AV2008 and spysweeper combo or go back to norton? - just your opinion.


In my opinion you should stick with BD AV2008 and spysweeper, unless you feel more comfortable with norton, but its a resource hog. Since you are paying for antivirus I advice Nod32 or Kaspersky from payed versions, if you want free one then Avast or AntiVir.

Please install one antivirus program before we proceed.

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.

Re-open HiJackThis and click on "Do a system scan only". Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 4...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Plattform: "Windows".
  • Select your Language: "English".
  • Read the License Agreement and then check the box that says: "Accept License Agreement".
  • Click "Continue".
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.

    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ SE Runtime Environment 6 Update 1


  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u4-windows-i586-p.exe to install the newest version.

1. Go to this website: www.virustotal.com
2. Upload this file by copy/pasting (Ctrl+C/Ctrl+V) it in to the file box: C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
3. Submit the file and copy/paste the results back into this thread.


Post back with new HijackThis log and VirusTotal results, also let me know have you set policies to block use of the Run box.

Regards,
SNOWHITE
Posted Image

#5 rtb1314

rtb1314
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 24 February 2008 - 04:25 PM

Hi Snowy,

Couple of things.

Brought up BD2008 sucessfully and everything was clear no detections or objections.
Uninstalled spybot and adware since running spysweeper anyway - didn't wnat conflicts or arguments.
Performed the HJT fix on the specified object
I couldn't download the runtime file from sun site but got it from filehippo.com

During uninstall of old JAVA versions during uninstall of JAVA™ 6 Update 3 I got a popup window stating the following:

"The following applications should be closed before continuing the installation:"
Can't Run Applications - Mdelk.exe & Bagelworm - windows Internet Explorer

There were cancel retry and ignore buttons to click on

I choose retry got same message and then ignore to see what would happen next - nothing so I kept going.

Installed JAVA update 4 etc.

Then went looking for C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe - couldn't be found
-there was a file in the prefetch directory BWUNIN-8.1.1.50-8876480SL.EXE-0BAABA55.pf
- I scanned it - looked OK
Did a new Hijack LOG

also let me know have you set policies to block use of the Run box.

- not sure what you're asking here?


RESULTS:
File BWUNIN-8.1.1.50-8876480SL.EXE-0BA received on 02.24.2008 21:55:58 (CET)
Current status: finished


Result: 0/32 (0%)



File BWUNIN-8.1.1.50-8876480SL.EXE-0BA received on 02.24.2008 21:55:58 (CET)Antivirus Version Last Update Result
AhnLab-V3 2008.2.22.0 2008.02.22 -
AntiVir 7.6.0.67 2008.02.24 -
Authentium 4.93.8 2008.02.24 -
Avast 4.7.1098.0 2008.02.23 -
AVG 7.5.0.516 2008.02.24 -
BitDefender 7.2 2008.02.24 -
CAT-QuickHeal 9.50 2008.02.22 -
ClamAV 0.92.1 2008.02.24 -
DrWeb 4.44.0.09170 2008.02.24 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5557 2008.02.23 -
Ewido 4.0 2008.02.24 -
FileAdvisor 1 2008.02.24 -
Fortinet 3.14.0.0 2008.02.24 -
F-Prot 4.4.2.54 2008.02.24 -
F-Secure 6.70.13260.0 2008.02.23 -
Ikarus T3.1.1.20 2008.02.24 -
Kaspersky 7.0.0.125 2008.02.24 -
McAfee 5236 2008.02.22 -
Microsoft 1.3204 2008.02.24 -
NOD32v2 2898 2008.02.23 -
Norman 5.80.02 2008.02.22 -
Panda 9.0.0.4 2008.02.24 -
Prevx1 V2 2008.02.24 -
Rising 20.32.62.00 2008.02.24 -
Sophos 4.26.0 2008.02.24 -
Sunbelt 3.0.893.0 2008.02.23 -
Symantec 10 2008.02.24 -
TheHacker 6.2.9.228 2008.02.23 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.24 -
Webwasher-Gateway 6.6.2 2008.02.24 -

Additional information
File size: 25944 bytes
MD5: af9b0e820b95e255c2dffb8de00f010f
SHA1: de1cc33aad4cb217e88fdbaf8b7e2482c1b631bb
PEiD: -


HIJACK THIS LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:07:14 PM, on 2/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [CheckRegDefragOnce] regopt.exe -checkdefrag
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.8.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174800672546
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12640 bytes

#6 rtb1314

rtb1314
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 25 February 2008 - 08:31 AM

Hi Snowy,

Looks like BD2008 had a little activity last nite.

C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP1\A0000136.sys Rootkit.Bagle.D Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP2\A0000284.sys Rootkit.Bagle.D Deleted
C:\Deckard\System Scanner\backup\DOCUME~1\Lindsay\LOCALS~1\Temp\tmp000070b6\tmp00805934 Trojan.Dropper.Delf.FP Deleted
C:\WINDOWS\Temp\tmp000009e4\tmp0007af29 Trojan.Dropper.Delf.FP Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\mdelk.exe.vir Win32.Bagle.SUQ@mm Deleted
C:\QooBox\Quarantine\C\WINDOWS\system32\wintems.exe.vir Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000303.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000377.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000478.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000494.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000538.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000543.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000562.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000596.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000597.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000598.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000604.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000630.exe Win32.Bagle.SUQ@mm Deleted
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP3\A0000631.exe Win32.Bagle.SUQ@mm Deleted

#7 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:04:19 PM

Posted 26 February 2008 - 02:04 AM

Hello rtb1314, please re-run Combofix and post the report back here, also post new HijackThis log.

Regards,
SNOWHITE
Posted Image

#8 rtb1314

rtb1314
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 26 February 2008 - 02:30 AM

Hi Snowy,

You should know that upon discovering BD2008 distrust of the system restore area - I wiped it by turning off system restore and then turning it back on - paranoia?

Anyway I ran the scans and BD kept popping up about registry changes - I shut it off as well as spysweep.

Here are the logs.

ComboFix 08-02-23.2 - Lindsay 2008-02-26 1:17:15.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2465 [GMT -6:00]
Running from: C:\Documents and Settings\Lindsay\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.

2008-02-25 21:14 . 2008-02-25 21:14 268 --ah----- C:\sqmdata02.sqm
2008-02-25 21:14 . 2008-02-25 21:14 244 --ah----- C:\sqmnoopt02.sqm
2008-02-25 14:04 . 2008-02-25 14:04 <DIR> d-------- C:\Documents and Settings\Diane\Application Data\BitDefender
2008-02-24 23:49 . 2008-02-25 23:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 23:49 . 2008-02-24 23:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 15:28 . 2008-02-24 15:28 0 --a------ C:\WINDOWS\CPC10Q.INI
2008-02-24 15:06 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-24 15:05 . 2008-02-24 15:05 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 11:59 . 2008-02-25 21:15 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-24 10:05 . 2008-02-24 10:05 <DIR> d-------- C:\Program Files\BitDefender
2008-02-24 10:05 . 2008-02-24 10:05 <DIR> d-------- C:\Documents and Settings\Lindsay\Application Data\Bitdefender
2008-02-24 10:05 . 2008-02-24 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-24 10:03 . 2008-02-24 10:05 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-21 21:21 . 2008-02-21 21:21 <DIR> d-------- C:\Deckard
2008-02-21 08:35 . 2008-02-21 08:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 07:41 . 2008-02-24 09:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-20 23:34 . 2008-02-20 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 22:26 . 2008-02-18 05:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-17 01:16 . 2004-11-08 15:34 1,489,920 --a------ C:\WINDOWS\system32\pdftk.exe
2008-02-10 13:21 . 2007-10-11 20:00 3,647,384 -ra------ C:\WINDOWS\system32\drivers\lvuvc.sys
2008-02-10 13:21 . 2007-10-11 19:59 1,920,920 -ra------ C:\WINDOWS\system32\drivers\lvpopflt.sys
2008-02-10 13:21 . 2007-10-11 20:00 490,008 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-02-10 13:21 . 2007-10-11 20:00 465,432 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-02-10 13:21 . 2007-10-11 19:57 416,280 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-02-10 13:21 . 2007-10-11 19:57 195,096 -ra------ C:\WINDOWS\system32\lvci1150.dll
2008-02-10 13:21 . 2007-10-11 19:11 59,500 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-02-10 13:21 . 2007-10-11 20:00 41,752 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-02-10 13:21 . 2007-10-11 20:01 23,832 -ra------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-02-10 13:21 . 2007-10-11 19:18 21,138 -ra------ C:\WINDOWS\system32\Repository.reg
2008-02-10 13:14 . 2008-02-10 13:21 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-02-10 13:13 . 2008-02-10 13:13 268 --ah----- C:\sqmdata01.sqm
2008-02-10 13:13 . 2008-02-10 13:13 244 --ah----- C:\sqmnoopt01.sqm
2008-02-10 13:05 . 2008-02-10 13:05 268 --ah----- C:\sqmdata00.sqm
2008-02-10 13:05 . 2008-02-10 13:05 244 --ah----- C:\sqmnoopt00.sqm
2008-02-10 13:00 . 2008-02-10 13:23 <DIR> d-------- C:\Documents and Settings\Diane\Contacts
2008-02-10 06:01 . 2008-02-10 06:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-09 23:58 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-02-09 23:58 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-02-09 23:58 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-02-09 23:58 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-02-09 23:58 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-02-09 23:58 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-09 16:11 . 2008-02-09 19:26 <DIR> d-------- C:\Documents and Settings\Lindsay\Contacts
2008-02-09 16:03 . 2008-02-09 16:05 <DIR> d-------- C:\Program Files\Windows Live
2008-02-09 16:03 . 2008-02-09 16:04 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-09 16:03 . 2008-02-09 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-09 14:05 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-02-09 14:01 . 2008-02-24 09:57 <DIR> d-------- C:\Program Files\Logitech
2008-02-09 14:01 . 2008-02-09 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-09 14:01 . 2008-02-10 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-02-04 14:07 . 2008-02-04 14:07 <DIR> d-------- C:\Documents and Settings\Secaurin\Application Data\WinCare2008
2008-01-29 19:36 . 2008-01-29 19:36 <DIR> d-------- C:\Documents and Settings\Diane\Application Data\WinCare2008
2008-01-28 22:49 . 2008-01-29 01:17 1,600 --a------ C:\help.zip_zip_Data Recovery.hhp.cached
2008-01-28 22:39 . 2008-01-28 22:39 <DIR> d-------- C:\Documents and Settings\Lindsay\Application Data\WinCare2008
2008-01-28 22:38 . 2008-02-21 07:33 <DIR> d-------- C:\Program Files\Spotmau WinCare 2008
2008-01-28 15:12 . 2008-01-28 15:12 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-28 15:11 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 05:04 --------- d-----w C:\Program Files\eMule
2008-02-26 03:17 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-02-26 03:17 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-02-24 21:06 --------- d-----w C:\Program Files\Java
2008-02-24 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 16:27 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-21 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-18 05:22 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Canon
2008-02-18 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-17 21:47 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-02-10 16:34 --------- d-----w C:\Program Files\Ahead
2008-02-10 05:59 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-10 05:59 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Ahead
2008-02-09 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 22:35 --------- d-----w C:\Program Files\TBFDropZone
2008-01-28 21:14 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Intuit
2008-01-28 21:11 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-28 21:10 --------- d-----w C:\Program Files\TurboTax
2008-01-22 03:23 164 ----a-w C:\install.dat
2008-01-17 05:06 --------- d-----w C:\Program Files\Lighting Handbook
2008-01-10 04:42 --------- d-----w C:\Program Files\AliveMedia
2008-01-09 21:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 04:34 --------- d-----w C:\Program Files\TotalAudioConverter
2008-01-09 04:30 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Softplicity
2008-01-08 06:02 --------- d-----w C:\Program Files\BitTornado
2008-01-08 05:21 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\.BitTornado
2008-01-07 23:41 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-01-05 02:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 02:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 02:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 02:34 20,336 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-05 02:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-04 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-04 07:28 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\RipIt4Me
2008-01-04 05:04 --------- d-----w C:\Program Files\FixVTS
2008-01-04 05:01 --------- d-----w C:\Program Files\RipIt4Me
2008-01-04 04:56 --------- d-----w C:\Program Files\DVD Shrink
2008-01-04 04:54 --------- d-----w C:\Program Files\DVD Decrypter
2008-01-04 01:33 --------- d-----w C:\Program Files\MagicDVDRipper
2008-01-01 22:31 --------- d-----w C:\Program Files\Apple Software Update
2008-01-01 14:29 --------- d-----w C:\Program Files\ASF-AVI-RM-WMV Repair
2008-01-01 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-01 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-01 05:50 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\AVG7
2008-01-01 05:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-01 04:25 --------- d-----w C:\Program Files\ASUS WiFi-AP Solo
2008-01-01 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 03:45 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-12-29 02:26 --------- d-----w C:\Program Files\Bonjour
2007-12-29 02:24 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-29 02:24 --------- d-----w C:\Program Files\QuickTime
2007-12-29 02:24 --------- d-----w C:\Program Files\Better File Series
2007-12-19 05:24 87,608 ----a-w C:\Documents and Settings\Lindsay\Application Data\ezpinst.exe
2007-12-19 05:24 47,360 ----a-w C:\Documents and Settings\Lindsay\Application Data\pcouffin.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-11-27 22:46 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@={D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@={8A814C29-D3CD-4F9E-9770-DF8704503ACA}

[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2007-12-03 09:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2007-12-03 09:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 17:07 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 13:11 122880]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-02-28 06:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-02-28 06:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-08 20:43 53340]
"CheckRegDefragOnce"="regopt.exe" []
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-24 12:31 360448]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-11-25 21:12:43 155648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

R0 CLBStor;InstantBurn Storage Helper Driver;C:\WINDOWS\system32\drivers\CLBStor.sys [2006-12-21 17:53]
R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-01-25 15:40]
R1 OxFWLF;OxFWLF;C:\WINDOWS\system32\drivers\OxFWLF.sys [2006-05-18 18:41]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\WINDOWS\system32\drivers\CLBUDF.sys [2006-12-21 17:53]
R2 FolderProtectDriver;FolderProtectDriver;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectDriver.sys [2007-09-05 15:51]
R2 FolderProtectService;FolderProtectService;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe [2007-12-22 16:23]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 17:41]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-16 14:12]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 04:29]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2006-02-28 06:00]
S1 OxUsb;oxUsb.Sys driver;C:\WINDOWS\system32\DRIVERS\oxusb.sys [2006-05-18 18:41]
S3 OxUSBLF;Oxsemi USB filter driver;C:\WINDOWS\system32\DRIVERS\OxUSBLF.sys [2006-10-04 12:56]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-10-23 02:45]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33a84b3a-0f49-11dc-aef9-0018f3ab7d5e}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b69ed42-aa06-11dc-807f-0018f3ab7d5e}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 08:00:02 C:\WINDOWS\Tasks\wrSpySweeper_LFD59FBE67398473FB47424EE18E40A41.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_LFD59FBE67398473FB47424EE18E40A41
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 01:22:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-26 1:22:42
ComboFix-quarantined-files.txt 2008-02-26 07:22:39
ComboFix2.txt 2008-02-23 16:53:46
.
2008-02-13 12:03:47 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:25:18 AM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtect.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\QuickTime\QuickTimePlayer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [CheckRegDefragOnce] regopt.exe -checkdefrag
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.8.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174800672546
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12391 bytes

#9 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:04:19 PM

Posted 27 February 2008 - 11:31 PM

Hello rtb1314

You should know that upon discovering BD2008 distrust of the system restore area - I wiped it by turning off system restore and then turning it back on - paranoia?


Please don't touch system restore, we are going to clean it and set new restore point when we are done with cleaning of the computer, for now keep it enabled.

Please follow the steps below exactly in the order they are written:

Step #1

Open notepad and copy/paste the text in the codebox below into it:

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowRun"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CheckRegDefragOnce"=-
IMPORTANT: The above script was written specifically for this infection on this person's computer. It is NOT to be used on another computer, as it may cause damage that could result in a format!


Save this as "CFScript"


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Step #2

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note: This scanner will work with Internet Explorer Only!

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please post back with Combofix report, Kaspersky report and new HijackThis log. Let me know how is the computer running.

Regards,
SNOWHITE
Posted Image

#10 rtb1314

rtb1314
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 01 March 2008 - 12:39 AM

Hi Snowy,

Here are the logs.

In my opinion the computer is not running smoothly at all - it seems sluggish and bogged down sometimes and then other times its seems more speedy and less quirky.

ComboFix 08-02-23.2 - Lindsay 2008-02-28 7:39:40.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2448 [GMT -6:00]
Running from: C:\Documents and Settings\Lindsay\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Lindsay\Desktop\CFscript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.

2008-02-28 00:29 . 2008-02-28 00:29 268 --ah----- C:\sqmdata04.sqm
2008-02-28 00:29 . 2008-02-28 00:29 244 --ah----- C:\sqmnoopt04.sqm
2008-02-26 21:41 . 2008-02-26 21:41 268 --ah----- C:\sqmdata03.sqm
2008-02-26 21:41 . 2008-02-26 21:41 244 --ah----- C:\sqmnoopt03.sqm
2008-02-26 01:25 . 2008-02-26 01:25 <DIR> d-------- C:\Program Files\New Folder
2008-02-25 21:14 . 2008-02-25 21:14 268 --ah----- C:\sqmdata02.sqm
2008-02-25 21:14 . 2008-02-25 21:14 244 --ah----- C:\sqmnoopt02.sqm
2008-02-25 14:04 . 2008-02-25 14:04 <DIR> d-------- C:\Documents and Settings\Diane\Application Data\BitDefender
2008-02-24 23:49 . 2008-02-25 23:59 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-24 23:49 . 2008-02-24 23:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 15:28 . 2008-02-24 15:28 0 --a------ C:\WINDOWS\CPC10Q.INI
2008-02-24 15:06 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-24 15:05 . 2008-02-24 15:05 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 11:59 . 2008-02-28 00:29 121 --a------ C:\WINDOWS\bdagent.INI
2008-02-24 10:05 . 2008-02-24 10:05 <DIR> d-------- C:\Program Files\BitDefender
2008-02-24 10:05 . 2008-02-24 10:05 <DIR> d-------- C:\Documents and Settings\Lindsay\Application Data\Bitdefender
2008-02-24 10:05 . 2008-02-24 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-24 10:03 . 2008-02-24 10:05 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-02-21 21:21 . 2008-02-21 21:21 <DIR> d-------- C:\Deckard
2008-02-21 08:35 . 2008-02-21 08:35 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 07:41 . 2008-02-24 09:56 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-20 23:34 . 2008-02-20 23:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-17 22:26 . 2008-02-18 05:21 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-02-17 01:16 . 2004-11-08 15:34 1,489,920 --a------ C:\WINDOWS\system32\pdftk.exe
2008-02-10 13:21 . 2007-10-11 20:00 3,647,384 -ra------ C:\WINDOWS\system32\drivers\lvuvc.sys
2008-02-10 13:21 . 2007-10-11 19:59 1,920,920 -ra------ C:\WINDOWS\system32\drivers\lvpopflt.sys
2008-02-10 13:21 . 2007-10-11 20:00 490,008 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-02-10 13:21 . 2007-10-11 20:00 465,432 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-02-10 13:21 . 2007-10-11 19:57 416,280 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-02-10 13:21 . 2007-10-11 19:57 195,096 -ra------ C:\WINDOWS\system32\lvci1150.dll
2008-02-10 13:21 . 2007-10-11 19:11 59,500 -ra------ C:\WINDOWS\system32\lvcoinst.ini
2008-02-10 13:21 . 2007-10-11 20:00 41,752 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-02-10 13:21 . 2007-10-11 20:01 23,832 -ra------ C:\WINDOWS\system32\drivers\lvuvcflt.sys
2008-02-10 13:21 . 2007-10-11 19:18 21,138 -ra------ C:\WINDOWS\system32\Repository.reg
2008-02-10 13:14 . 2008-02-10 13:21 <DIR> d-------- C:\Program Files\Common Files\LogiShrd
2008-02-10 13:13 . 2008-02-10 13:13 268 --ah----- C:\sqmdata01.sqm
2008-02-10 13:13 . 2008-02-10 13:13 244 --ah----- C:\sqmnoopt01.sqm
2008-02-10 13:05 . 2008-02-10 13:05 268 --ah----- C:\sqmdata00.sqm
2008-02-10 13:05 . 2008-02-10 13:05 244 --ah----- C:\sqmnoopt00.sqm
2008-02-10 13:00 . 2008-02-10 13:23 <DIR> d-------- C:\Documents and Settings\Diane\Contacts
2008-02-10 06:01 . 2008-02-10 06:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-09 23:58 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-02-09 23:58 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-02-09 23:58 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-02-09 23:58 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-02-09 23:58 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-02-09 23:58 . 2005-09-01 11:03 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-02-09 16:11 . 2008-02-09 19:26 <DIR> d-------- C:\Documents and Settings\Lindsay\Contacts
2008-02-09 16:03 . 2008-02-09 16:05 <DIR> d-------- C:\Program Files\Windows Live
2008-02-09 16:03 . 2008-02-09 16:04 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-09 16:03 . 2008-02-09 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-09 14:05 . 2004-08-04 00:56 90,624 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-02-09 14:01 . 2008-02-24 09:57 <DIR> d-------- C:\Program Files\Logitech
2008-02-09 14:01 . 2008-02-09 14:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-09 14:01 . 2008-02-10 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-02-04 14:07 . 2008-02-04 14:07 <DIR> d-------- C:\Documents and Settings\Secaurin\Application Data\WinCare2008
2008-01-29 19:36 . 2008-01-29 19:36 <DIR> d-------- C:\Documents and Settings\Diane\Application Data\WinCare2008
2008-01-28 22:49 . 2008-01-29 01:17 1,600 --a------ C:\help.zip_zip_Data Recovery.hhp.cached
2008-01-28 22:39 . 2008-01-28 22:39 <DIR> d-------- C:\Documents and Settings\Lindsay\Application Data\WinCare2008
2008-01-28 22:38 . 2008-02-21 07:33 <DIR> d-------- C:\Program Files\Spotmau WinCare 2008
2008-01-28 15:12 . 2008-01-28 15:12 <DIR> d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2008-01-28 15:11 . 2007-10-22 18:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-28 13:33 0 ----a-w C:\WINDOWS\system32\drivers\lvuvc.hs
2008-02-28 13:33 0 ----a-w C:\WINDOWS\system32\drivers\logiflt.iad
2008-02-27 04:01 --------- d-----w C:\Program Files\eMule
2008-02-24 21:06 --------- d-----w C:\Program Files\Java
2008-02-24 15:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 16:27 102,664 ----a-w C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-21 13:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-18 05:22 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Canon
2008-02-18 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-17 21:47 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-02-10 16:34 --------- d-----w C:\Program Files\Ahead
2008-02-10 05:59 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-02-10 05:59 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Ahead
2008-02-09 20:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 22:35 --------- d-----w C:\Program Files\TBFDropZone
2008-01-28 21:14 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Intuit
2008-01-28 21:11 --------- d-----w C:\Program Files\Common Files\Intuit
2008-01-28 21:10 --------- d-----w C:\Program Files\TurboTax
2008-01-22 03:23 164 ----a-w C:\install.dat
2008-01-17 05:06 --------- d-----w C:\Program Files\Lighting Handbook
2008-01-10 04:42 --------- d-----w C:\Program Files\AliveMedia
2008-01-09 21:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-09 04:34 --------- d-----w C:\Program Files\TotalAudioConverter
2008-01-09 04:30 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\Softplicity
2008-01-08 06:02 --------- d-----w C:\Program Files\BitTornado
2008-01-08 05:21 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\.BitTornado
2008-01-07 23:41 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
2008-01-05 02:56 1,526,640 ----a-w C:\WINDOWS\WRSetup.dll
2008-01-05 02:34 23,920 ----a-w C:\WINDOWS\system32\drivers\sskbfd.sys
2008-01-05 02:34 21,872 ----a-w C:\WINDOWS\system32\drivers\sshrmd.sys
2008-01-05 02:34 20,336 ----a-w C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-01-05 02:34 163,696 ----a-w C:\WINDOWS\system32\drivers\ssidrv.sys
2008-01-04 07:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-04 07:28 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\RipIt4Me
2008-01-04 05:04 --------- d-----w C:\Program Files\FixVTS
2008-01-04 05:01 --------- d-----w C:\Program Files\RipIt4Me
2008-01-04 04:56 --------- d-----w C:\Program Files\DVD Shrink
2008-01-04 04:54 --------- d-----w C:\Program Files\DVD Decrypter
2008-01-04 01:33 --------- d-----w C:\Program Files\MagicDVDRipper
2008-01-01 22:31 --------- d-----w C:\Program Files\Apple Software Update
2008-01-01 14:29 --------- d-----w C:\Program Files\ASF-AVI-RM-WMV Repair
2008-01-01 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-01 14:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-01 05:50 --------- d-----w C:\Documents and Settings\Lindsay\Application Data\AVG7
2008-01-01 05:18 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-01 04:25 --------- d-----w C:\Program Files\ASUS WiFi-AP Solo
2008-01-01 04:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-31 03:45 --------- d-----w C:\Program Files\Advanced System Optimizer
2007-12-29 02:26 --------- d-----w C:\Program Files\Bonjour
2007-12-29 02:24 --------- d-----w C:\Program Files\Windows Desktop Search
2007-12-29 02:24 --------- d-----w C:\Program Files\QuickTime
2007-12-29 02:24 --------- d-----w C:\Program Files\Better File Series
2007-12-19 05:24 87,608 ----a-w C:\Documents and Settings\Lindsay\Application Data\ezpinst.exe
2007-12-19 05:24 47,360 ----a-w C:\Documents and Settings\Lindsay\Application Data\pcouffin.sys
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{381FFDE8-2394-4F90-B10D-FC6124A40F8C}

[HKEY_CLASSES_ROOT\clsid\{381ffde8-2394-4f90-b10d-fc6124a40f8c}]
[HKEY_CLASSES_ROOT\BitDefender Toolbar]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@={D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@={8A814C29-D3CD-4F9E-9770-DF8704503ACA}

[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2007-12-03 09:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2007-12-03 09:05 348160 --a------ C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 06:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 17:07 49152]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-07-13 13:11 122880]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 10:00 49152]
"nwiz"="nwiz.exe" [2007-11-06 20:00 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-02-28 06:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-02-28 06:00 33280 C:\WINDOWS\system32\rundll32.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 15:40 155648]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 15:21 54832]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe]
"CTHelper"="CTHELPER.EXE" [2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-08 20:43 53340]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 15:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-02-24 12:31 360448]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 20:56 5367664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2007-11-25 21:12:43 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=

R0 CLBStor;InstantBurn Storage Helper Driver;C:\WINDOWS\system32\drivers\CLBStor.sys [2006-12-21 17:53]
R1 bdftdif;bdftdif;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2008-01-25 15:40]
R1 OxFWLF;OxFWLF;C:\WINDOWS\system32\drivers\OxFWLF.sys [2006-05-18 18:41]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;"C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [2008-01-11 17:50]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;C:\WINDOWS\system32\drivers\CLBUDF.sys [2006-12-21 17:53]
R2 FolderProtectDriver;FolderProtectDriver;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectDriver.sys [2007-09-05 15:51]
R2 FolderProtectService;FolderProtectService;C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe [2007-12-22 16:23]
R2 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]
R3 bdfsfltr;bdfsfltr;C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-01-07 17:41]
R3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys [2008-01-16 14:12]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" [2007-02-10 04:29]
R3 scan;BitDefender Threat Scanner;C:\WINDOWS\System32\svchost.exe [2006-02-28 06:00]
S1 OxUsb;oxUsb.Sys driver;C:\WINDOWS\system32\DRIVERS\oxusb.sys [2006-05-18 18:41]
S3 OxUSBLF;Oxsemi USB filter driver;C:\WINDOWS\system32\DRIVERS\OxUSBLF.sys [2006-10-04 12:56]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2007-10-23 02:45]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33a84b3a-0f49-11dc-aef9-0018f3ab7d5e}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b69ed42-aa06-11dc-807f-0018f3ab7d5e}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-02-28 08:00:02 C:\WINDOWS\Tasks\wrSpySweeper_LFD59FBE67398473FB47424EE18E40A41.job"
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_LFD59FBE67398473FB47424EE18E40A41
- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex
- A:\
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 07:45:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-28 7:46:44
ComboFix-quarantined-files.txt 2008-02-28 13:46:32
ComboFix2.txt 2008-02-26 07:22:43
ComboFix3.txt 2008-02-23 16:53:46
.
2008-02-13 12:03:47 --- E O F --- -------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, February 29, 2008 11:24:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/02/2008
Kaspersky Anti-Virus database records: 587236
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 248724
Number of viruses found: 2
Number of infected objects: 3
Number of suspicious objects: 0
Duration of the scan process: 18:41:30

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\WINDOWS\temp\httproxy_srv0317FE501201577390 Infected: not-a-virus:Downloader.Win32.Keylogger.a skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.99.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.99.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wsb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy71.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf8.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf9.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_458.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Application Data\Bitdefender\Desktop\Profiles\asdict.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Application Data\Webroot\Spy Sweeper\Logs\080229020105.ses Object is locked skipped
C:\Documents and Settings\Lindsay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\History\History.IE5\MSHist012008022920080301\index.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Lindsay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Lindsay\ntuser.dat Object is locked skipped
C:\Documents and Settings\Lindsay\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0337188A-1222-4692-B88F-B1FB66582BC7.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0428487F-FF85-4457-BA17-248C10F041D4.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS068B034C-B86C-401D-B1D1-8DE7AC0EBE91.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS07744439-CEA8-485C-A156-3108B0DD89A4.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0AD212D5-41C0-448A-8438-B746C02E2D7B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0CB8BE52-2634-4301-8177-E2FBABCB0CEF.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0D9A32C0-F13C-45C0-9655-E82957520B41.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS125BA233-24F0-4601-9BB6-ADA0B2E76F30.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS13610D6F-58DF-4751-9B3A-8D49C005455C.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS13D04E6B-06A0-46CF-9DED-77D5A9B16C08.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS18A69B1A-46EC-4D38-8E35-5B7FE182D32F.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A0783A4-C9BE-42DE-8A0D-42823A3FACC0.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1A52CC0F-D3CA-431C-8F92-FFC0ADEBE8EE.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1B78015A-E478-4624-BFBC-2FC749E0D988.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS27C7DA7A-9F42-4DC0-B7B8-90C515C5329D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2B766E1B-364B-4862-A23B-1C631189E6AD.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS33A141AA-2BC5-4006-9EA4-52DCC75117A9.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS35BA01E9-D631-42AE-8D67-E62D8CEF2244.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS36925754-A188-4C5F-9D4C-F1D7EA951535.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3B47CDB6-093D-447D-A3B6-C758190750BB.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4107C730-827B-42CC-945D-204B39D8DB1B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4246FE66-7D97-49FD-8C35-CBD927D92B80.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46AE54A1-08BF-474D-A0FB-03F1AF710E93.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS46E0FC84-7774-4B49-9BF1-04933E9CB842.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS48FC9114-1DB6-4D28-800C-9FEBC3159273.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS4B196DDF-8F0A-445B-B4B6-96CF72231E50.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS50B6EC94-F706-4280-9339-756CB345ED9A.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS513D00D3-FA1D-439D-BE96-E831E0A7583C.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS518AB466-F123-4A9C-8F7A-8BC274154D75.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5481A9BD-9F00-421B-AB5E-7416339FE59B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54D5A096-B4C0-4551-AB76-1B9AF119E18D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS55413DE2-CFCF-43E4-8E4A-BADDE0ED739A.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS597E6F24-C28E-4C07-8E53-46FC5194EA26.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5B29096B-7B54-4EDE-A293-649D9D0DD16F.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5C2A3590-93A0-4EAE-B2E6-786BB29F4D6C.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5CCE1473-E9B6-4A2B-A85E-80A46CF64CAE.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5CD344B7-029D-4AC8-9957-2A7865760ACA.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5D292983-3019-4237-8CB4-61E754F58303.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5E6F0E15-6C91-4809-B305-74A69E19CB18.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5E9B92C4-E276-4D4D-9CE4-1F9A686CBBE7.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6A53071E-3480-4E53-BFCA-F521204F0C7A.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6AED7C82-F6DA-4D13-8651-FDC0986D2EF3.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6CBC28E5-7D5F-4DF5-8EC5-7209F8A0E74A.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6DB6C866-29BD-4A71-B4F1-871573537A51.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7006B8B3-BE77-429A-AFB0-CC6DED89B835.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7590FC22-C115-444C-95AF-91B2F38EEB2B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS76A5B3BD-55F7-42E9-8B3F-19A9B7B91F8D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS84FF3C6D-BB28-445D-8B95-7DB1D29A6B3F.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS85B4774B-EF05-4D39-916E-AF038A6389E8.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS87B4CE45-6598-47AC-888B-A227BAAC688D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8A8B28D4-3332-4B75-B7AB-1E875D8B6C94.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8B545C20-0DF6-42C7-88AB-EED00E180549.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8BD2109F-BEB3-482D-81EE-189497C34E00.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8DB60ED6-75F5-43E7-870B-A9100552109F.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8E82A448-3AEE-4B6D-95A5-3F6E0CEC4F7B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS90C708D5-6176-4741-A71F-C8A327FED482.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS95A8C5CF-93B4-4339-B428-88459BF3191D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS95DA7B8A-77F8-48F4-8488-B7CE68952C3E.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMS97F4266A-D33F-4E80-94E9-EAD39ABC325B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA4E311B8-48B1-4B50-BCC5-065C8FF3A9EF.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA5B3308E-E087-4033-917E-DA73D82455D0.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB0EC756B-0B19-4FCD-A4C2-4CEAA7EC17AD.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBDDF249B-39A9-4CFF-8AB3-F139FC4B84E1.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC297B105-4C42-41A5-9BC2-0352B53B697D.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC35CF045-C63D-40AB-A185-4FD709D13CD3.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC45146A7-556B-4F73-A70B-205E21AC1167.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC4C201B8-D769-4D4A-A369-FA759C31AAD0.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC8E9D863-25C3-4632-B832-4211838DAFF2.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCA27AE51-1C4F-4330-96D3-F4023D1E87A8.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCD0E4AF9-89ED-4BD0-86ED-305AACC1818C.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCFCBDAF1-53CE-4F98-85E9-96D735DF5683.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD0987DC8-4188-4A8D-A199-341813E6CD65.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD1CCBBC4-EB48-4F55-A0A6-537899783F66.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD3EEA182-8918-4B22-9DAD-07675CCDAEA6.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD75FD6AB-EC3A-492B-8E80-7436186CB018.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDA33C8CF-C686-4CA9-B405-B5E6EBDE6601.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDC579014-F92C-4775-BD79-AAAE71ABEB8B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDD8C47D4-1EB8-4E82-9866-876F51D03546.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE2A5D667-2D0E-47EB-A48A-19AF97CD146E.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE33E8252-0E79-4606-8A3E-EAD8B05DE3AF.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE4C89557-0EEC-4C95-A0B4-095F2F78B598.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE59B1504-7053-427C-BCE3-566E7F599ACD.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE88D22E0-969C-4A1D-88D4-808E5F96F807.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEF0B959B-AD1D-4AF1-ADFA-C9ECD41902BC.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEF56AC0A-0C45-47D2-9183-242BC5C96E37.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF0096BA5-5B1D-4AC7-A077-BDB138C18B0B.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF5281047-C90C-43DE-9269-4E0DEC1ADBCC.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF66B4DA5-CCA9-45B4-87F9-1816B394EA10.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF8ECB022-14E7-4EBD-8504-313BDD427C9C.tmp Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_934.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_9611\aspdict.dat Object is locked skipped
C:\Program Files\BitDefender\BitDefender 2008\dbokf.db Object is locked skipped
C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_215.trc Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\QooBox\Quarantine\Registry_backups\LEGACY_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\QooBox\Quarantine\Registry_backups\services_srosa.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP14\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3CF7D4B4-50FE-401C-8A92-E50A6EBF33ED}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\spnserv.dat Object is locked skipped
C:\WINDOWS\Temp\spserv.dat Object is locked skipped
C:\WINDOWS\Temp\tmp00003f39\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{D64EBDC7-5254-4FC0-BB6F-5540E1CDD886}\RP14\change.log Object is locked skipped

Scan process completed.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34:07 PM, on 2/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.8.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174800672546
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FolderProtectService - Unknown owner - C:\Program Files\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12581 bytes

#11 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:04:19 PM

Posted 05 March 2008 - 01:49 AM

Hello rtb1314,

In my opinion the computer is not running smoothly at all - it seems sluggish and bogged down sometimes and then other times its seems more speedy and less quirky.


Might be the Spotmau WinCare 2008 causing slowdowns?

"The PCs that were running this program had a very high average CPU load. This particular program may not have been the cause of the CPU load, but it may be worth further investigation."

http://www.pcpitstop.com/spycheck/swdetail...exe&print=1

See next link for information, how to improve the speed of the computer Help! My computer is slow!

Also read these articles :

Optimize your computer for peak performance
5 ways to speed up your PC

JkDefrag - is very nice and free program for defragmenting and optimizing, i use it personaly, see this link for more info --> http://www.kessels.com/JkDefrag/

See if the above helps, if not, let me know.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:
[/list]
For a tutorial on Firewalls and a listing of some available ones see this link:
Understanding and Using Firewalls

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Please post back with new HijackThis log.

Regards,
SNOWHITE
Posted Image

#12 rtb1314

rtb1314
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 09 March 2008 - 11:38 PM

Snowy,

Still working through the various tips & tricks etc.

I didn't want you to think I was done and close the topic.

I'll get back to you shortly.

#13 SNOWHITE

SNOWHITE

    missy malware magnet


  • Members
  • 2,676 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Bitola, Macedonia
  • Local time:04:19 PM

Posted 10 March 2008 - 03:52 AM

Snowy,

Still working through the various tips & tricks etc.

I didn't want you to think I was done and close the topic.

I'll get back to you shortly.

Thanks for letting me know :thumbsup:

Regards,
SNOWHITE
Posted Image

#14 Blender

Blender

    I will eat your Malware


  • Malware Response Team
  • 2,363 posts
  • OFFLINE
  •  
  • Location:Ontario
  • Local time:11:19 AM

Posted 14 March 2008 - 12:04 AM

Hi rtb1314 and welcome,

Just checking to see if you are doing OK.

Your helper SNOWHITE will be away for a while so I'll be here to help out if you still need a hand with something.
We'll have some cleanup left to do to remove tools used as well.

How is the system running?

Thanks :thumbsup:

Blender
I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing.
And to drink...a nice tall glass of adware!

For dessert; can I have a bowl of the freshest worms you have please?.

Never Give Up!

If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware Posted Image

#15 rtb1314

rtb1314
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 14 March 2008 - 01:33 AM

Blender,

I think I did all the optomization tweeks - didn't appear to do much....however I ran my Advanced System Tools windows and registry checker and it sorted out a few errors.

System seems to be smoother but occassionally internet bogs down - don't know if that's due to my p2p.

I don't think I am fully confident to do any secure stuff with it online yet

I looking at going with either zonealarm firewall or bitdefenders total security - I have their antivirus 2008 now and per their request I uninstalled spysweeper.

That's where I am at right now.

Let me know if there's something we've missed.

Snowy was was most helful as all of you have been on this board.

Here's a HJT log - I'll try and commit to a firewalll within the next 24hrs - probably bitdefender since there're offerring a upgrade license deal etc.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:28:34 AM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.0.8.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1174800672546
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://yme.music.yahoo.com/qos/cabs/DiagCo...tionControl.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2006 - Unknown owner - C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11001 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users