Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with malware and pop ups


  • This topic is locked This topic is locked
9 replies to this topic

#1 yanketex

yanketex

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 17 October 2008 - 07:58 PM

Currently getting a red pop up spyware ad at log in stating "Windows XP system securty message" and "Spyware detected on your computer". I have not downloaded any of the the ads. It started out when stupidly running an .exe file and mcafee catching mount.exe and Karna.dat trojans, but apparently they, or others, got through anyway. Rapid virus ads and Smart virus 2009 adds were loaded on desktop along with porn website shortcuts. I've been able to remove most everything with numberous spyware removers: Malwarebyte, Superantispyware, adaware, spybot, BitDefender, Panda, and Stinger, as recommended, but the red pop is persistent and I still get popups with connected to web. I also always find more viruses with every new program I try. I've also used the removers in Safe Mode. Please Help! Here's my logfile

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:40:11 PM, on 10/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CRYPTO~1\bin\eus.exe
C:\Program Files\Cisco Systems\AVPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\NetExec.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\UphClean.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avi Player\AviPlayer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eRoom 7\ERClient7.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Abc
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {35a4a9ed-362b-eaf9-7f94-b4c9572c25e9} - {9e52c275-9c4b-49f7-9fae-b263de9a4a53} - C:\WINDOWS\system32\jwdjdp.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SWPull_AutoUpdateAgent] C:\WINDOWS\SISystem\AutoUpdateAgent.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TempClean] C:\WINDOWS\system32\TempClean.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Avi Player] "C:\Program Files\Avi Player\AviPlayer.exe" hmw
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [Sidebar] C:\DOCUME~1\medincl\LOCALS~1\Temp\sidebar.exe
O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.abtapwas002
O15 - Trusted Zone: http://*.abtapwas101
O15 - Trusted Zone: http://*.ailuvs02
O15 - Trusted Zone: http://*.ama-assn.org
O15 - Trusted Zone: http://*.cas.org
O15 - Trusted Zone: http://*.cedapwc0010
O15 - Trusted Zone: http://*.cedapwc0010d
O15 - Trusted Zone: http://*.cedapwc0010q
O15 - Trusted Zone: http://*.ceddociisdev01
O15 - Trusted Zone: http://*.ceddociisqa01
O15 - Trusted Zone: http://*.ceddociissrv01
O15 - Trusted Zone: http://*.chainsaw
O15 - Trusted Zone: http://*.datastarweb.com
O15 - Trusted Zone: http://*.dialog.com
O15 - Trusted Zone: http://*.discoverygate.com
O15 - Trusted Zone: http://*.edocsdev-web01
O15 - Trusted Zone: http://*.edocsemudev-web01
O15 - Trusted Zone: http://*.edocsemuprod-web01
O15 - Trusted Zone: http://*.edocsemuqa-web01
O15 - Trusted Zone: http://*.edocsgawdev-web01
O15 - Trusted Zone: http://*.edocsgawdqa-web01
O15 - Trusted Zone: http://*.edocsgawprod-web01
O15 - Trusted Zone: http://*.edocspr-web01
O15 - Trusted Zone: http://*.edocsqa-web01
O15 - Trusted Zone: http://*.edocstr-web01
O15 - Trusted Zone: http://*.edqm.eu
O15 - Trusted Zone: http://*.ehr.com
O15 - Trusted Zone: http://*.emupr-web01
O15 - Trusted Zone: http://*.exlibrisgroup.com
O15 - Trusted Zone: http://*.GDMSWEB-PROD
O15 - Trusted Zone: http://*.gimlet
O15 - Trusted Zone: http://*.gotomeeting.com
O15 - Trusted Zone: http://*.GPOAPA0111D
O15 - Trusted Zone: http://*.gpoapz0111
O15 - Trusted Zone: http://*.gpoapz0112
O15 - Trusted Zone: http://*.gpoapz0113
O15 - Trusted Zone: http://*.gpoapz0116d
O15 - Trusted Zone: http://*.gprwoa0022
O15 - Trusted Zone: http://*.iddb3.com
O15 - Trusted Zone: http://*.intrastar.ch
O15 - Trusted Zone: http://*.knovel.com
O15 - Trusted Zone: http://*.luminexcorp.com
O15 - Trusted Zone: http://tap.mdsol.com
O15 - Trusted Zone: http://*.myretirementplan.com
O15 - Trusted Zone: http://*.nielsen.com
O15 - Trusted Zone: http://*.Omega
O15 - Trusted Zone: http://*.OmegaDev
O15 - Trusted Zone: http://*.OmegaDevv
O15 - Trusted Zone: http://*.OmegaQA
O15 - Trusted Zone: http://*.OneAbbott.com
O15 - Trusted Zone: http://*.pheur.org
O15 - Trusted Zone: http://*.ppdapa13
O15 - Trusted Zone: http://*.ppdapa15
O15 - Trusted Zone: http://*.ppdapq0002d
O15 - Trusted Zone: http://*.ppdapq0003d
O15 - Trusted Zone: http://*.ppdapsql01
O15 - Trusted Zone: http://*.ppdapw0001d
O15 - Trusted Zone: http://*.ppdapw0020d
O15 - Trusted Zone: http://*.ppdapw0633
O15 - Trusted Zone: http://*.ppdapw0633dv
O15 - Trusted Zone: http://*.ppdapw0633qv
O15 - Trusted Zone: http://*.PPDLCWEB01
O15 - Trusted Zone: http://*.PPDLCWEB02
O15 - Trusted Zone: http://*.PPDweb01
O15 - Trusted Zone: http://*.qdmsdev-web01
O15 - Trusted Zone: http://*.sumtotalsystems.com
O15 - Trusted Zone: http://*.synygy.com
O15 - Trusted Zone: http://*.tdb
O15 - Trusted Zone: http://*.tdb-dev
O15 - Trusted Zone: http://*.tdb-tst
O15 - Trusted Zone: http://*.tppdapm03
O15 - Trusted Zone: http://*.tppdapm04
O15 - Trusted Zone: http://*.tppdapm05
O15 - Trusted Zone: http://*.wrench
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: JavaConnect - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\JavaConnect.cab
O16 - DPF: Sametime BC 651FP1 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STBroadcastClient.cab
O16 - DPF: Sametime DA 651FP1 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STDirectoryApplet.cab
O16 - DPF: Sametime MRC 651FP1 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STMeetingRoomClient.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://abtapn800.northamerica.intra.abc.com/qp2.cab
O16 - DPF: {1E40C477-ECA7-48DC-A9FC-D4F77A365442} (STURLConnection Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STUrlConLoader.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - STCWeb.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STAutoAwayLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STJNILoader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O17 - HKLM\Software\..\Telephony: DomainName = northamerica.intra.abbott.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CRYPTOCard EUS (cc-eus) - Alexandria Software Consulting - C:\PROGRA~1\CRYPTO~1\bin\eus.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\AVPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NetExec process executer service (NetExec) - LoSOFT Softwaretechnik - C:\WINDOWS\System32\NetExec.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\\agent.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (VRTSChangeJournalReader) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 17675 bytes

Edited by yanketex, 18 October 2008 - 03:49 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:29 AM

Posted 18 October 2008 - 11:29 AM

Hello yanketex

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 yanketex

yanketex
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 18 October 2008 - 03:29 PM

kadah
Thanks for replying. Here is the log
Logfile of random's system information tool 1.04 (written by random/random)
Run by MEDINCL at 2008-10-18 15:18:13
Microsoft Windows XP Professional Service Pack 2
System drive C: has 41 GB (54%) free of 76 GB
Total RAM: 2038 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:18:16 PM, on 10/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CRYPTO~1\bin\eus.exe
C:\Program Files\Cisco Systems\AVPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\NetExec.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\UphClean.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avi Player\AviPlayer.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\eRoom 7\ERClient7.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\medincl\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MEDINCL.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by ABC
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: {35a4a9ed-362b-eaf9-7f94-b4c9572c25e9} - {9e52c275-9c4b-49f7-9fae-b263de9a4a53} - C:\WINDOWS\system32\jwdjdp.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SWPull_AutoUpdateAgent] C:\WINDOWS\SISystem\AutoUpdateAgent.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TempClean] C:\WINDOWS\system32\TempClean.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Avi Player] "C:\Program Files\Avi Player\AviPlayer.exe" hmw
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [Sidebar] C:\DOCUME~1\medincl\LOCALS~1\Temp\sidebar.exe
O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.abtapwas002
O15 - Trusted Zone: http://*.abtapwas101
O15 - Trusted Zone: http://*.ailuvs02
O15 - Trusted Zone: http://*.ama-assn.org
O15 - Trusted Zone: http://*.cas.org
O15 - Trusted Zone: http://*.cedapwc0010
O15 - Trusted Zone: http://*.cedapwc0010d
O15 - Trusted Zone: http://*.cedapwc0010q
O15 - Trusted Zone: http://*.ceddociisdev01
O15 - Trusted Zone: http://*.ceddociisqa01
O15 - Trusted Zone: http://*.ceddociissrv01
O15 - Trusted Zone: http://*.chainsaw
O15 - Trusted Zone: http://*.datastarweb.com
O15 - Trusted Zone: http://*.dialog.com
O15 - Trusted Zone: http://*.discoverygate.com
O15 - Trusted Zone: http://*.edocsdev-web01
O15 - Trusted Zone: http://*.edocsemudev-web01
O15 - Trusted Zone: http://*.edocsemuprod-web01
O15 - Trusted Zone: http://*.edocsemuqa-web01
O15 - Trusted Zone: http://*.edocsgawdev-web01
O15 - Trusted Zone: http://*.edocsgawdqa-web01
O15 - Trusted Zone: http://*.edocsgawprod-web01
O15 - Trusted Zone: http://*.edocspr-web01
O15 - Trusted Zone: http://*.edocsqa-web01
O15 - Trusted Zone: http://*.edocstr-web01
O15 - Trusted Zone: http://*.edqm.eu
O15 - Trusted Zone: http://*.ehr.com
O15 - Trusted Zone: http://*.emupr-web01
O15 - Trusted Zone: http://*.exlibrisgroup.com
O15 - Trusted Zone: http://*.GDMSWEB-PROD
O15 - Trusted Zone: http://*.gimlet
O15 - Trusted Zone: http://*.gotomeeting.com
O15 - Trusted Zone: http://*.GPOAPA0111D
O15 - Trusted Zone: http://*.gpoapz0111
O15 - Trusted Zone: http://*.gpoapz0112
O15 - Trusted Zone: http://*.gpoapz0113
O15 - Trusted Zone: http://*.gpoapz0116d
O15 - Trusted Zone: http://*.gprwoa0022
O15 - Trusted Zone: http://*.iddb3.com
O15 - Trusted Zone: http://*.intrastar.ch
O15 - Trusted Zone: http://*.knovel.com
O15 - Trusted Zone: http://*.luminexcorp.com
O15 - Trusted Zone: http://tap.mdsol.com
O15 - Trusted Zone: http://*.myretirementplan.com
O15 - Trusted Zone: http://*.nielsen.com
O15 - Trusted Zone: http://*.Omega
O15 - Trusted Zone: http://*.OmegaDev
O15 - Trusted Zone: http://*.OmegaDevv
O15 - Trusted Zone: http://*.OmegaQA
O15 - Trusted Zone: http://*.pheur.org
O15 - Trusted Zone: http://*.ppdapa13
O15 - Trusted Zone: http://*.ppdapa15
O15 - Trusted Zone: http://*.ppdapq0002d
O15 - Trusted Zone: http://*.ppdapq0003d
O15 - Trusted Zone: http://*.ppdapsql01
O15 - Trusted Zone: http://*.ppdapw0001d
O15 - Trusted Zone: http://*.ppdapw0020d
O15 - Trusted Zone: http://*.ppdapw0633
O15 - Trusted Zone: http://*.ppdapw0633dv
O15 - Trusted Zone: http://*.ppdapw0633qv
O15 - Trusted Zone: http://*.PPDLCWEB01
O15 - Trusted Zone: http://*.PPDLCWEB02
O15 - Trusted Zone: http://*.PPDweb01
O15 - Trusted Zone: http://*.qdmsdev-web01
O15 - Trusted Zone: http://*.sumtotalsystems.com
O15 - Trusted Zone: http://*.synygy.com
O15 - Trusted Zone: http://*.tdb
O15 - Trusted Zone: http://*.tdb-dev
O15 - Trusted Zone: http://*.tdb-tst
O15 - Trusted Zone: http://*.tppdapm03
O15 - Trusted Zone: http://*.tppdapm04
O15 - Trusted Zone: http://*.tppdapm05
O15 - Trusted Zone: http://*.wrench
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: JavaConnect - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\JavaConnect.cab
O16 - DPF: Sametime BC 651FP1 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STBroadcastClient.cab
O16 - DPF: Sametime DA 651FP1 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STDirectoryApplet.cab
O16 - DPF: Sametime MRC 651FP1 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STMeetingRoomClient.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://abtapn800.northamerica.intra.abc.com/qp2.cab
O16 - DPF: {1E40C477-ECA7-48DC-A9FC-D4F77A365442} (STURLConnection Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STUrlConLoader.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - STCWeb.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STAutoAwayLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STJNILoader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O17 - HKLM\Software\..\Telephony: DomainName = northamerica.intra.abc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CRYPTOCard EUS (cc-eus) - Alexandria Software Consulting - C:\PROGRA~1\CRYPTO~1\bin\eus.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\AVPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NetExec process executer service (NetExec) - LoSOFT Softwaretechnik - C:\WINDOWS\System32\NetExec.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\\agent.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (VRTSChangeJournalReader) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 17640 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e52c275-9c4b-49f7-9fae-b263de9a4a53}]
C:\WINDOWS\system32\jwdjdp.dll [2008-10-16 108544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2007-04-13 271360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-16 137752]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-16 162328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-16 137752]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-05-06 405504]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1236992]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-10-26 1392640]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-07-02 159744]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 98304]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [2007-03-27 136768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
"SWPull_AutoUpdateAgent"=C:\WINDOWS\SISystem\AutoUpdateAgent.exe [2005-02-28 53248]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
"TempClean"=C:\WINDOWS\system32\TempClean.exe [2004-11-29 120904]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []
"HPWH myPrintMileage Agent"=C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe [2003-09-23 102400]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Sidebar"=C:\DOCUME~1\medincl\LOCALS~1\Temp\sidebar.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Avi Player"=C:\Program Files\Avi Player\AviPlayer.exe [2007-09-05 629760]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe
Symantec NetBackup Desktop Agent.lnk - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe

C:\Documents and Settings\medincl\Start Menu\Programs\Startup
Monitor My eRooms (V7).lnk - C:\Program Files\eRoom 7\ERClient7.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispSettingPage"=1
"DisableTaskMgr"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"LegalNoticeCaption"=Abbott Laboratories
"disablecad"=0
"legalnoticetext"=Only authorized personnel are allowed to access this system.
"MaxGPOScriptWait"=60

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"DisallowRun"=1
"ForceStartMenuLogOff"=1
"NoWindowsUpdate"=0
"Intellimenus"=1
"NoWelcomeScreen"=1
"NoSMBalloonTip"=1
"NoStartMenuMorePrograms"=0
"StartMenuLogOff"=0
"NoDrives"=0
"NoToolbarCustomize"=0
"NoSetFolders"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=
"NoSimpleStartMenu"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae9ba024-50e1-11dd-8d87-001c234c00a8}]
shell\AutoRun\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
shell\open\command - E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3863998-5e2f-11dd-8d9b-001c234c00a8}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-10-18 15:18:13 ----D---- C:\rsit
2008-10-17 19:39:54 ----D---- C:\Program Files\Trend Micro
2008-10-17 15:44:25 ----D---- C:\Program Files\Panda Security
2008-10-17 00:26:16 ----D---- C:\WINDOWS\BDOSCAN8
2008-10-17 00:01:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-17 00:01:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-16 18:13:39 ----D---- C:\Program Files\Lavasoft
2008-10-16 18:13:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 16:11:12 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-16 16:11:00 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-16 16:11:00 ----D---- C:\Documents and Settings\medincl\Application Data\SUPERAntiSpyware.com
2008-10-16 16:10:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 00:56:06 ----D---- C:\Documents and Settings\medincl\Application Data\Malwarebytes
2008-10-16 00:55:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 00:55:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-16 00:54:26 ----A---- C:\WINDOWS\system32\jwdjdp.dll
2008-10-16 00:54:25 ----A---- C:\WINDOWS\system32\nvpcdkvi.dll
2008-10-16 00:53:58 ----A---- C:\WINDOWS\system32\8749be0c-.txt
2008-10-15 18:41:21 ----D---- C:\WINDOWS\Minidump
2008-10-15 17:10:40 ----D---- C:\QUARANTINE
2008-10-15 16:59:28 ----D---- C:\Documents and Settings\All Users\Application Data\bcjypszw
2008-10-15 16:58:36 ----D---- C:\Documents and Settings\medincl\Application Data\TmpRecentIcons
2008-10-15 16:58:13 ----A---- C:\WINDOWS\efdv.exe
2008-10-15 16:57:00 ----D---- C:\Documents and Settings\medincl\Application Data\0000005738
2008-10-15 16:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-15 16:51:08 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-15 16:51:02 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-15 16:50:47 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-15 16:50:33 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-15 16:49:53 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-15 16:49:33 ----D---- C:\1422778e79130d4fdf4135d99a
2008-10-15 16:49:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-15 16:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-15 16:46:49 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-15 16:46:49 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-10-15 16:09:47 ----H---- C:\WINDOWS\system32\swk.ini
2008-10-15 16:09:35 ----D---- C:\Program Files\Avi Player
2008-10-15 15:38:46 ----D---- C:\MDT
2008-10-15 14:18:39 ----D---- C:\Documents and Settings\medincl\Application Data\CyberLink
2008-10-15 14:18:39 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-15 02:55:41 ----D---- C:\WINDOWS\Sun
2008-10-09 08:49:04 ----D---- C:\Program Files\IrAnalyser
2008-10-07 22:52:54 ----D---- C:\Program Files\Cisco
2008-10-07 22:52:54 ----D---- C:\Documents and Settings\All Users\Application Data\Cisco

======List of files/folders modified in the last 1 months======

2008-10-18 15:14:57 ----D---- C:\WINDOWS\Temp
2008-10-18 11:33:17 ----D---- C:\WINDOWS\Prefetch
2008-10-18 10:45:21 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2008-10-17 19:39:54 ----RD---- C:\Program Files
2008-10-17 19:37:55 ----A---- C:\WINDOWS\smscfg.ini
2008-10-17 19:37:54 ----D---- C:\WINDOWS
2008-10-17 19:37:30 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-10-17 19:37:06 ----D---- C:\WINDOWS\system32\drivers
2008-10-17 19:36:54 ----A---- C:\WINDOWS\system32\rpcnet.dll
2008-10-17 19:34:29 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-17 15:44:25 ----HD---- C:\WINDOWS\inf
2008-10-17 15:43:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-17 15:43:49 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-17 15:39:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-17 05:21:44 ----SHD---- C:\WINDOWS\CSC
2008-10-16 18:14:52 ----SHD---- C:\WINDOWS\Installer
2008-10-16 18:13:39 ----D---- C:\WINDOWS\system32
2008-10-16 16:10:43 ----D---- C:\Program Files\Common Files
2008-10-16 15:34:50 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2008-10-16 01:14:29 ----D---- C:\Documents and Settings\medincl\Application Data\Adobe
2008-10-15 17:01:30 ----D---- C:\WINDOWS\AppPatch
2008-10-15 16:51:11 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 16:50:52 ----A---- C:\WINDOWS\win.ini
2008-10-15 16:50:46 ----D---- C:\Program Files\Windows Media Player
2008-10-15 16:50:42 ----D---- C:\WINDOWS\Help
2008-10-15 16:49:26 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-15 11:36:14 ----D---- C:\WINDOWS\security
2008-10-15 08:58:43 ----A---- C:\WINDOWS\notesnsd.ini
2008-10-09 08:49:03 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-08 21:23:56 ----D---- C:\WINDOWS\system32\config
2008-10-07 22:52:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-06 23:14:53 ----A---- C:\WINDOWS\QUICKEN.INI
2008-10-06 23:14:16 ----D---- C:\Program Files\Quicken

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2007-01-18 59904]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter; C:\WINDOWS\system32\drivers\bcmwlnpf.sys [2006-10-26 33664]
R2 CVPNDRVA;Abbott Laboratories IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc80211.sys [2008-06-23 15793]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-22 161792]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-03-26 62208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-08-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-08-02 211200]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-16 5707744]
R3 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2007-05-30 8992]
R3 kbstuff;SMS Virtual Keyboard; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2007-05-30 11744]
R3 MakoNT;MakoNT; C:\WINDOWS\system32\drivers\MakoNT.sys [2006-07-20 76849]
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2006-12-20 117024]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
R3 rap;rap; C:\WINDOWS\System32\drivers\RapDrv.sys [2006-07-20 47697]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-06 1222840]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-08-02 731136]
R4 black;black; C:\WINDOWS\System32\drivers\BlackCat.sys [2006-07-20 196978]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 EZUSBDEV;Guide Mx Portable Infrared Camera(gd_usb.sys); C:\WINDOWS\system32\DRIVERS\gdusb.sys [2006-12-06 11828]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2008-08-20 20152]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-16 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 BlackICE;BlackICE; C:\Program Files\ISS\Proventia Desktop\blackd.exe [2006-07-20 2007382]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cc-eus;CRYPTOCard EUS; C:\PROGRA~1\CRYPTO~1\bin\eus.exe [2008-06-23 65536]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 590712]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\AVPN Client\cvpnd.exe [2006-04-20 1520688]
R2 iPCAgent;iPCAgent; C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2005-08-25 90112]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2007-03-27 104000]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2007-01-18 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2007-01-18 29184]
R2 NetExec;NetExec process executer service; C:\WINDOWS\System32\NetExec.exe [2003-09-07 88576]
R2 RapApp;RapApp; C:\Program Files\ISS\Proventia Desktop\RapApp.exe [2006-07-20 844126]
R2 Rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2008-09-17 47104]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-05-06 94208]
R2 STCAgent;Cisco Systems, Inc. STC Agent; C:\Program Files\Cisco Systems\SSL VPN Client\\agent.exe [2008-06-23 242744]
R2 UPHClean;User Profile Hive Cleanup; C:\WINDOWS\System32\UphClean.exe [2005-04-27 241725]
R2 VPatch;ISS Buffer Overflow Exploit Prevention; C:\Program Files\ISS\Proventia Desktop\vpatch.exe [2006-07-20 426333]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-08-20 370872]
R2 VRTSChangeJournalReader;Symantec NetBackup Desktop Agent Change Journal Reader; C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe [2007-02-13 394872]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-10-26 20480]
R2 Wuser32;SMS Remote Control Agent; C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe [2007-05-30 241664]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPassConnectEngine;iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [2005-08-25 1064960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------


...and here is the info log

info.txt logfile of random's system information tool 1.04 2008-10-18 15:18:19

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Abc Fonts-->C:\WINDOWS\Abc\Logs\UNWISE.EXE C:\WINDOWS\Abc\Logs\AbcFonts.log
AbtInstaller - NetExec 1.62-->C:\WINDOWS\UNWISE.EXE C:\WINDOWS\NetExec162.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AFPL Ghostscript 8.54-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.54\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avi Player -->C:\Program Files\Avi Player\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Cisco AnyConnect VPN Client-->MsiExec.exe /I{D9F50DFC-5894-460A-9B14-44889BF42DFB}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
CRYPTOCard EUS-->"C:\Program Files\CRYPTOCard EUS\UninstallerData\Uninstall EUS.exe"
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DVMaxResearch-->MsiExec.exe /I{DBCBDF5C-D69F-4CE8-B98F-620BA30F01C0}
eRoom 7.4.1-->C:\WINDOWS\Abc\Logs\UNWISE.EXE C:\WINDOWS\Abc\Logs\eRoom_7.4.1.LOG
ffdshow [rev 918] [2007-02-12]-->"C:\Program Files\ffdshow\unins000.exe"
Garmin City Navigator Europe NT 2008-->MsiExec.exe /X{EEC8205A-E3DE-4C00-B60C-48E3B9B58B13}
Garmin City Navigator North America NT 2008 Update-->MsiExec.exe /X{96AF271A-43B5-4615-8D00-26B45EE58FC8}
GolfLogix Course Manager 3.0-->"C:\Program Files\GolfLogix\CourseManager\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB948046-v2)-->"C:\WINDOWS\$NtUninstallKB948046-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp business inkjet 1100-->msiexec /x{242B9150-74EC-4606-AAB1-2F0C719378D7}
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
iPassConnect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000030064}\setup.exe"
IrAnalyser-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B42FB0B-216E-4EC6-B78D-A7DF36CD3DC1}\setup.exe" -l0x9 -removeonly
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Lotus Notes 6.5.4 HF972-->MsiExec.exe /I{6B2764B1-F062-4481-94FD-58B1C211C448}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MarkAble-->MsiExec.exe /I{709D9781-D00A-45DF-BC32-3F46AAEA357F}
McAfee Anti-Spyware Enterprise Module-->C:\Program Files\Network Associates\VirusScan\csscan.exe /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
MetaFrame Presentation Server Client-->MsiExec.exe /I{D989BCC0-757C-4FB6-893C-512DF4382656}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2000 SR-1 Standard-->MsiExec.exe /I{00020409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Visio Viewer 2003 (English)-->MsiExec.exe /I{90520409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\SETUP.exe" -l0x9 -cluninstall
Quicken 2009-->MsiExec.exe /X{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}
QuickPlace ActiveX-->C:\WINDOWS\Abc\Logs\UNWISE.EXE C:\WINDOWS\Abc\Logs\QuckPlaceActiveX_3-2008.log
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->C:\WINDOWS\Abc\Logs\UNWISE.EXE C:\WINDOWS\Abc\Logs\QuickTime702.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Sametime Client v6.5.1 Fix Pack 1-->MsiExec.exe /I{22754376-4E58-4961-A375-B12C31455C11}
Sametime Print Capture-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82AFAC3E-A0EA-11D3-BFAC-00C04F60824A}\setup.exe"
Sametime v6.5.1FP1 Applets-->MsiExec.exe /I{66B08191-AC71-42C5-8D2C-25D441A9C8B8}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SSL VPN Client-->C:\Program Files\Cisco Systems\SSL VPN Client\\uninstall.exe
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec NetBackup Desktop Agent-->MsiExec.exe /I{5939491F-BCA6-41F6-9D8B-31D3FCD2E56C}
SYSTRAN-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4C94F105-81D0-4AFC-8F0A-38949DC07F65} /l1033
UltraISO V7.25 ME-->"C:\Program Files\UltraISO\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
Western Australian Time Zone Update-->MsiExec.exe /X{C098DAEC-29EF-4A59-B18E-0E950169CA3C}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885443-->C:\WINDOWS\$NtUninstallKB885443$\spuninst\spuninst.exe
Windows XP Hotfix - KB889085-->C:\WINDOWS\$NtUninstallKB889085$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

FW: Proventia Desktop

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"MODEL"=Dx30
"X_DETECTEDMODEL"=D630
"X_LOB"=Latitude
"TYPE"=Notebook
"DRVDIR"=C:\DRV
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by yanketex, 18 October 2008 - 04:00 PM.


#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:29 AM

Posted 18 October 2008 - 04:32 PM

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
    explorer.exe
    
    :files
    E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe
    C:\WINDOWS\system32\jwdjdp.dll
    C:\WINDOWS\system32\nvpcdkvi.dll
    C:\WINDOWS\system32\8749be0c-.txt
    C:\Documents and Settings\All Users\Application Data\bcjypszw
    C:\WINDOWS\efdv.exe
    
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae9ba024-50e1-11dd-8d87-001c234c00a8}]
    
    
    :commands
    [emptytemp]
    [start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
===================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=========================
Please post these logs in your next reply:
  • Ot Move it log
  • Malware Bytes log
  • New Rsit log

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 yanketex

yanketex
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 18 October 2008 - 06:28 PM

OTMove it Log

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder E:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\jwdjdp.dll
C:\WINDOWS\system32\jwdjdp.dll NOT unregistered.
C:\WINDOWS\system32\jwdjdp.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\nvpcdkvi.dll
C:\WINDOWS\system32\nvpcdkvi.dll NOT unregistered.
C:\WINDOWS\system32\nvpcdkvi.dll moved successfully.
C:\WINDOWS\system32\8749be0c-.txt moved successfully.
C:\Documents and Settings\All Users\Application Data\bcjypszw moved successfully.
C:\WINDOWS\efdv.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae9ba024-50e1-11dd-8d87-001c234c00a8}\\ deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\medincl\LOCALS~1\Temp\Perflib_Perfdata_f90.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\medincl\LOCALS~1\Temp\~DFF719.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\WFV34.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10182008_172655

Malbyte log

Files moved on Reboot...
File C:\DOCUME~1\medincl\LOCALS~1\Temp\Perflib_Perfdata_f90.dat not found!
C:\DOCUME~1\medincl\LOCALS~1\Temp\~DFF719.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\WFV34.tmp not found!

Malwarebytes' Anti-Malware 1.28
Database version: 1274
Windows 5.1.2600 Service Pack 2

10/18/2008 5:54:50 PM
mbam-log-2008-10-18 (17-54-50).txt

Scan type: Quick Scan
Objects scanned: 51743
Time elapsed: 2 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e52c275-9c4b-49f7-9fae-b263de9a4a53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9e52c275-9c4b-49f7-9fae-b263de9a4a53} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\jwdjdp.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Rsit log

Logfile of random's system information tool 1.04 (written by random/random)
Run by MEDINCL at 2008-10-18 18:20:52
Microsoft Windows XP Professional Service Pack 2
System drive C: has 41 GB (54%) free of 76 GB
Total RAM: 2038 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:53 PM, on 10/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\ISS\Proventia Desktop\blackd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\CRYPTO~1\bin\eus.exe
C:\Program Files\Cisco Systems\AVPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect\iPCAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\System32\NetExec.exe
C:\Program Files\ISS\Proventia Desktop\RapApp.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\UphClean.exe
C:\Program Files\ISS\Proventia Desktop\vpatch.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avi Player\AviPlayer.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
C:\Program Files\eRoom 7\ERClient7.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iPass\iPassConnect\downloader\ipccheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\medincl\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\MEDINCL.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by abc
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [SWPull_AutoUpdateAgent] C:\WINDOWS\SISystem\AutoUpdateAgent.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [TempClean] C:\WINDOWS\system32\TempClean.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [HPWH myPrintMileage Agent] C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Avi Player] "C:\Program Files\Avi Player\AviPlayer.exe" hmw
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Policies\Explorer\Run: [Sidebar] C:\DOCUME~1\medincl\LOCALS~1\Temp\sidebar.exe
O4 - Startup: Monitor My eRooms (V7).lnk = C:\Program Files\eRoom 7\ERClient7.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: Symantec NetBackup Desktop Agent.lnk = C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=about:blank
O15 - Trusted Zone: http://*.abtapwas002
O15 - Trusted Zone: http://*.abtapwas101
O15 - Trusted Zone: http://*.ailuvs02
O15 - Trusted Zone: http://*.ama-assn.org
O15 - Trusted Zone: http://*.cas.org
O15 - Trusted Zone: http://*.cedapwc0010
O15 - Trusted Zone: http://*.cedapwc0010d
O15 - Trusted Zone: http://*.cedapwc0010q
O15 - Trusted Zone: http://*.ceddociisdev01
O15 - Trusted Zone: http://*.ceddociisqa01
O15 - Trusted Zone: http://*.ceddociissrv01
O15 - Trusted Zone: http://*.chainsaw
O15 - Trusted Zone: http://*.datastarweb.com
O15 - Trusted Zone: http://*.dialog.com
O15 - Trusted Zone: http://*.discoverygate.com
O15 - Trusted Zone: http://*.edocsdev-web01
O15 - Trusted Zone: http://*.edocsemudev-web01
O15 - Trusted Zone: http://*.edocsemuprod-web01
O15 - Trusted Zone: http://*.edocsemuqa-web01
O15 - Trusted Zone: http://*.edocsgawdev-web01
O15 - Trusted Zone: http://*.edocsgawdqa-web01
O15 - Trusted Zone: http://*.edocsgawprod-web01
O15 - Trusted Zone: http://*.edocspr-web01
O15 - Trusted Zone: http://*.edocsqa-web01
O15 - Trusted Zone: http://*.edocstr-web01
O15 - Trusted Zone: http://*.edqm.eu
O15 - Trusted Zone: http://*.ehr.com
O15 - Trusted Zone: http://*.emupr-web01
O15 - Trusted Zone: http://*.exlibrisgroup.com
O15 - Trusted Zone: http://*.GDMSWEB-PROD
O15 - Trusted Zone: http://*.gimlet
O15 - Trusted Zone: http://*.gotomeeting.com
O15 - Trusted Zone: http://*.GPOAPA0111D
O15 - Trusted Zone: http://*.gpoapz0111
O15 - Trusted Zone: http://*.gpoapz0112
O15 - Trusted Zone: http://*.gpoapz0113
O15 - Trusted Zone: http://*.gpoapz0116d
O15 - Trusted Zone: http://*.gprwoa0022
O15 - Trusted Zone: http://*.iddb3.com
O15 - Trusted Zone: http://*.intrastar.ch
O15 - Trusted Zone: http://*.knovel.com
O15 - Trusted Zone: http://*.luminexcorp.com
O15 - Trusted Zone: http://tap.mdsol.com
O15 - Trusted Zone: http://*.myretirementplan.com
O15 - Trusted Zone: http://*.nielsen.com
O15 - Trusted Zone: http://*.Omega
O15 - Trusted Zone: http://*.OmegaDev
O15 - Trusted Zone: http://*.OmegaDevv
O15 - Trusted Zone: http://*.OmegaQA
O15 - Trusted Zone: http://*.pheur.org
O15 - Trusted Zone: http://*.ppdapa13
O15 - Trusted Zone: http://*.ppdapa15
O15 - Trusted Zone: http://*.ppdapq0002d
O15 - Trusted Zone: http://*.ppdapq0003d
O15 - Trusted Zone: http://*.ppdapsql01
O15 - Trusted Zone: http://*.ppdapw0001d
O15 - Trusted Zone: http://*.ppdapw0020d
O15 - Trusted Zone: http://*.ppdapw0633
O15 - Trusted Zone: http://*.ppdapw0633dv
O15 - Trusted Zone: http://*.ppdapw0633qv
O15 - Trusted Zone: http://*.PPDLCWEB01
O15 - Trusted Zone: http://*.PPDLCWEB02
O15 - Trusted Zone: http://*.PPDweb01
O15 - Trusted Zone: http://*.qdmsdev-web01
O15 - Trusted Zone: http://*.sumtotalsystems.com
O15 - Trusted Zone: http://*.synygy.com
O15 - Trusted Zone: http://*.tdb
O15 - Trusted Zone: http://*.tdb-dev
O15 - Trusted Zone: http://*.tdb-tst
O15 - Trusted Zone: http://*.tppdapm03
O15 - Trusted Zone: http://*.tppdapm04
O15 - Trusted Zone: http://*.tppdapm05
O15 - Trusted Zone: http://*.wrench
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
O16 - DPF: JavaConnect - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\JavaConnect.cab
O16 - DPF: Sametime BC 651FP1 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STBroadcastClient.cab
O16 - DPF: Sametime DA 651FP1 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STDirectoryApplet.cab
O16 - DPF: Sametime MRC 651FP1 - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STMeetingRoomClient.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://abtapn800.northamerica.intra.abc.com/qp2.cab
O16 - DPF: {1E40C477-ECA7-48DC-A9FC-D4F77A365442} (STURLConnection Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STUrlConLoader.cab
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - STCWeb.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {53F92AF2-3C1E-4A63-B2EA-2E33DA6286B7} (STAutoAway Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STAutoAwayLoader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8F0DF9DB-AA5A-4ED0-9176-1C4A9C762C59} (JNILoader Control) - file://C:\Documents and Settings\Administrator\Local Settings\Temp\SISD\STJNILoader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O17 - HKLM\Software\..\Telephony: DomainName = northamerica.intra.abc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = northamerica.intra.abc.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\blackd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CRYPTOCard EUS (cc-eus) - Alexandria Software Consulting - C:\PROGRA~1\CRYPTO~1\bin\eus.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\AVPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass - C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Program Files\iPass\iPassConnect\iPCAgent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - McAfee, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: NetExec process executer service (NetExec) - LoSOFT Softwaretechnik - C:\WINDOWS\System32\NetExec.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\RapApp.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\\agent.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\Proventia Desktop\vpatch.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
O23 - Service: Symantec NetBackup Desktop Agent Change Journal Reader (VRTSChangeJournalReader) - Symantec Corporation - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - (no file)

--
End of file - 17580 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2007-04-13 271360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-05-16 137752]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-05-16 162328]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-05-16 137752]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-05-06 405504]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-09-07 1236992]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-10-26 1392640]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-07-02 159744]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 98304]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UdaterUI.exe [2007-03-27 136768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe [2006-12-15 75520]
"SWPull_AutoUpdateAgent"=C:\WINDOWS\SISystem\AutoUpdateAgent.exe [2005-02-28 53248]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
"TempClean"=C:\WINDOWS\system32\TempClean.exe [2004-11-29 120904]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe -scheduler []
"HPWH myPrintMileage Agent"=C:\Program Files\Hewlett-Packard\hp business inkjet 1100 series\Toolbox\mpm.exe [2003-09-23 102400]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Sidebar"=C:\DOCUME~1\medincl\LOCALS~1\Temp\sidebar.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Avi Player"=C:\Program Files\Avi Player\AviPlayer.exe [2007-09-05 629760]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Program Neighborhood Agent.lnk - C:\Program Files\Citrix\ICA Client\pnagent.exe
Symantec NetBackup Desktop Agent.lnk - C:\Program Files\Symantec\NetBackup DLO\DLO\DLOClientu.exe

C:\Documents and Settings\medincl\Start Menu\Programs\Startup
Monitor My eRooms (V7).lnk - C:\Program Files\eRoom 7\ERClient7.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-05-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispSettingPage"=1
"DisableTaskMgr"=0
"NoDispScrSavPage"=0
"NoDispCPL"=0
"NoDispAppearancePage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1
"LegalNoticeCaption"=abc
"disablecad"=0
"legalnoticetext"=Only authorized personnel are allowed to access this system.
"MaxGPOScriptWait"=60

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
"DisallowRun"=1
"ForceStartMenuLogOff"=1
"NoWindowsUpdate"=0
"Intellimenus"=1
"NoWelcomeScreen"=1
"NoSMBalloonTip"=1
"NoStartMenuMorePrograms"=0
"StartMenuLogOff"=0
"NoDrives"=0
"NoToolbarCustomize"=0
"NoSetFolders"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWindowsUpdate"=
"NoSimpleStartMenu"=
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3863998-5e2f-11dd-8d9b-001c234c00a8}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======List of files/folders created in the last 1 months======

2008-10-18 17:26:55 ----D---- C:\_OTMoveIt
2008-10-18 15:18:13 ----D---- C:\rsit
2008-10-17 19:39:54 ----D---- C:\Program Files\Trend Micro
2008-10-17 15:44:25 ----D---- C:\Program Files\Panda Security
2008-10-17 00:26:16 ----D---- C:\WINDOWS\BDOSCAN8
2008-10-17 00:01:57 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-17 00:01:57 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-16 18:13:39 ----D---- C:\Program Files\Lavasoft
2008-10-16 18:13:38 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 16:11:12 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-16 16:11:00 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-16 16:11:00 ----D---- C:\Documents and Settings\medincl\Application Data\SUPERAntiSpyware.com
2008-10-16 16:10:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-16 00:56:06 ----D---- C:\Documents and Settings\medincl\Application Data\Malwarebytes
2008-10-16 00:55:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 00:55:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-15 18:41:21 ----D---- C:\WINDOWS\Minidump
2008-10-15 17:10:40 ----D---- C:\QUARANTINE
2008-10-15 16:58:36 ----D---- C:\Documents and Settings\medincl\Application Data\TmpRecentIcons
2008-10-15 16:57:00 ----D---- C:\Documents and Settings\medincl\Application Data\0000005738
2008-10-15 16:51:41 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-15 16:51:08 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-15 16:51:02 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-15 16:50:47 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-15 16:50:33 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-15 16:49:53 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-15 16:49:33 ----D---- C:\1422778e79130d4fdf4135d99a
2008-10-15 16:49:15 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-15 16:48:38 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2008-10-15 16:46:49 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-10-15 16:46:49 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2008-10-15 16:09:47 ----H---- C:\WINDOWS\system32\swk.ini
2008-10-15 16:09:35 ----D---- C:\Program Files\Avi Player
2008-10-15 15:38:46 ----D---- C:\MDT
2008-10-15 14:18:39 ----D---- C:\Documents and Settings\medincl\Application Data\CyberLink
2008-10-15 14:18:39 ----D---- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-10-15 02:55:41 ----D---- C:\WINDOWS\Sun
2008-10-09 08:49:04 ----D---- C:\Program Files\IrAnalyser
2008-10-07 22:52:54 ----D---- C:\Program Files\Cisco
2008-10-07 22:52:54 ----D---- C:\Documents and Settings\All Users\Application Data\Cisco

======List of files/folders modified in the last 1 months======

2008-10-18 17:51:26 ----D---- C:\WINDOWS\Temp
2008-10-18 17:45:51 ----D---- C:\WINDOWS\Prefetch
2008-10-18 17:45:03 ----A---- C:\WINDOWS\smscfg.ini
2008-10-18 17:44:37 ----D---- C:\WINDOWS
2008-10-18 17:44:35 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt
2008-10-18 17:44:10 ----D---- C:\WINDOWS\system32\drivers
2008-10-18 17:44:04 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2008-10-18 17:43:59 ----A---- C:\WINDOWS\system32\rpcnet.dll
2008-10-18 17:41:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-18 17:26:56 ----D---- C:\WINDOWS\system32
2008-10-17 19:39:54 ----RD---- C:\Program Files
2008-10-17 15:44:25 ----HD---- C:\WINDOWS\inf
2008-10-17 15:43:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-17 15:43:49 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-17 15:39:38 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-17 05:21:44 ----SHD---- C:\WINDOWS\CSC
2008-10-16 18:14:52 ----SHD---- C:\WINDOWS\Installer
2008-10-16 16:10:43 ----D---- C:\Program Files\Common Files
2008-10-16 15:34:50 ----A---- C:\WINDOWS\system32\rpcnetp.dll
2008-10-16 01:14:29 ----D---- C:\Documents and Settings\medincl\Application Data\Adobe
2008-10-15 17:01:30 ----D---- C:\WINDOWS\AppPatch
2008-10-15 16:51:11 ----A---- C:\WINDOWS\imsins.BAK
2008-10-15 16:50:52 ----A---- C:\WINDOWS\win.ini
2008-10-15 16:50:46 ----D---- C:\Program Files\Windows Media Player
2008-10-15 16:50:42 ----D---- C:\WINDOWS\Help
2008-10-15 16:49:26 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-15 11:36:14 ----D---- C:\WINDOWS\security
2008-10-15 08:58:43 ----A---- C:\WINDOWS\notesnsd.ini
2008-10-09 08:49:03 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-08 21:23:56 ----D---- C:\WINDOWS\system32\config
2008-10-07 22:52:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-06 23:14:53 ----A---- C:\WINDOWS\QUICKEN.INI
2008-10-06 23:14:16 ----D---- C:\Program Files\Quicken

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2007-01-18 59904]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 BCMWLNPF;Broadcom Netgroup Packet Filter; C:\WINDOWS\system32\drivers\bcmwlnpf.sys [2006-10-26 33664]
R2 CVPNDRVA;abc IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 MDC80211;iPass Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc80211.sys [2008-06-23 15793]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-07-22 161792]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2005-06-29 110080]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-03-26 62208]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-08-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-08-02 211200]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-05-16 5707744]
R3 idisw2km;idisw2km; C:\WINDOWS\system32\DRIVERS\idisw2km.sys [2007-05-30 8992]
R3 kbstuff;SMS Virtual Keyboard; C:\WINDOWS\system32\DRIVERS\kbstuff5.sys [2007-05-30 11744]
R3 MakoNT;MakoNT; C:\WINDOWS\system32\drivers\MakoNT.sys [2006-07-20 76849]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2006-12-20 117024]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
R3 rap;rap; C:\WINDOWS\System32\drivers\RapDrv.sys [2006-07-20 47697]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-06 1222840]
R3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
R3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
R3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
R3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-08-02 731136]
R4 black;black; C:\WINDOWS\System32\drivers\BlackCat.sys [2006-07-20 196978]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315]
S3 EZUSBDEV;Guide Mx Portable Infrared Camera(gd_usb.sys); C:\WINDOWS\system32\DRIVERS\gdusb.sys [2006-12-06 11828]
S3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2008-08-20 20152]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-16 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 BlackICE;BlackICE; C:\Program Files\ISS\Proventia Desktop\blackd.exe [2006-07-20 2007382]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 cc-eus;CRYPTOCard EUS; C:\PROGRA~1\CRYPTO~1\bin\eus.exe [2008-06-23 65536]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 590712]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\AVPN Client\cvpnd.exe [2006-04-20 1520688]
R2 iPCAgent;iPCAgent; C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2005-08-25 90112]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2007-03-27 104000]
R2 McShield;Network Associates McShield; C:\Program Files\Network Associates\VirusScan\mcshield.exe [2007-01-18 221191]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\vstskmgr.exe [2007-01-18 29184]
R2 NetExec;NetExec process executer service; C:\WINDOWS\System32\NetExec.exe [2003-09-07 88576]
R2 RapApp;RapApp; C:\Program Files\ISS\Proventia Desktop\RapApp.exe [2006-07-20 844126]
R2 Rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2008-09-17 47104]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-05-06 94208]
R2 STCAgent;Cisco Systems, Inc. STC Agent; C:\Program Files\Cisco Systems\SSL VPN Client\\agent.exe [2008-06-23 242744]
R2 UPHClean;User Profile Hive Cleanup; C:\WINDOWS\System32\UphClean.exe [2005-04-27 241725]
R2 VPatch;ISS Buffer Overflow Exploit Prevention; C:\Program Files\ISS\Proventia Desktop\vpatch.exe [2006-07-20 426333]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2008-08-20 370872]
R2 VRTSChangeJournalReader;Symantec NetBackup Desktop Agent Change Journal Reader; C:\Program Files\Symantec\NetBackup DLO\DLO\DLOChangeLogSvcu.exe [2007-02-13 394872]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-10-26 20480]
R2 Wuser32;SMS Remote Control Agent; C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe [2007-05-30 241664]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPassConnectEngine;iPassConnectEngine; C:\Program Files\iPass\iPassConnect\iPassConnectEngine.exe [2005-08-25 1064960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:29 AM

Posted 18 October 2008 - 06:50 PM

Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O24 - Desktop Component 0: Privacy Protection - (no file)



Now click on Fix Checked and then close Hijackthis.
=====================================================
Cleanup:

Please download OT CLeanit from Here save it to your desktop.
Double click on OT Clean it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u6-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
======================
Use a Firewall:

Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Sunbelt Free Firewall or Zonealarm
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.


=============================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Tony Klein article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 yanketex

yanketex
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 19 October 2008 - 03:48 AM

Kadah,
It would appear clean, and the security message coming up at login I found to be a wallpaper that was created and I deleted, Thanks a lot! But there still something happening with my background/wallpaper where it is turning white after logging in. I've set the wallpaper to standard window xp and I see that at start up, but then it flickers and changes to white that I can't change. This leads me to believe there's something still hidden somewhere. Thoughts? Also, I have Symantec NetBackup Desktop agent running that has those files that got installed on the desktop when it was originally infected that I can't seem to delete from the log. Any ideas on how to do so?

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:29 AM

Posted 19 October 2008 - 07:30 AM

YOu will have to contact Symantec for that Information.

Try this for the dekstop:
WHen you boot up the computer let it get to your desktop then in the top right hand corner place your maouse cursor at the very top right hanr=d corner of the screen then see if it will produce (a close or an X) button let me know. If it does then click on the x to remove it.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 yanketex

yanketex
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 19 October 2008 - 08:35 AM

worked like a charm. Thanks a lot. I've made a donation!

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:29 AM

Posted 19 October 2008 - 08:58 AM

You are welcome and thank you for your donation :thumbsup:


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users