Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Virtumonde has infected my system.


  • Please log in to reply
13 replies to this topic

#1 ulyv

ulyv

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 18 December 2008 - 05:17 PM

My computer has become infected with the Virtumonde Trojan. I have tried several anti spyware programs and they keep re-detecting it.

Here is a list of them:

1. PC Tools Spyware Doctor
2. Zone Alarm
3. Spybot
4. Ad-aware

I have also used several free tools available such as Combofix and SmitfraudFix and still no results.

I have attached a recent RSIT Hijack log.

Thanks.


Logfile of random's system information tool 1.05 (written by random/random)
Run by ulises at 2008-12-19 10:56:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 54 GB (38%) free of 143 GB
Total RAM: 3325 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56:41 AM, on 12/19/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PKWARE\PKZIPO\PKTray.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\update.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Ulises.BNVINVESTMENTS\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\ulises.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: DLO Agent.lnk = C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPO\PKTray.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/Standar...aller_4-2-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bnvinvestments.com
O17 - HKLM\Software\..\Telephony: DomainName = bnvinvestments.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bnvinvestments.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bnvinvestments.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Symantec Backup Exec DLO Agent Change Journal Reader (VRTSChangeJournalReader) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 14641 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\BNV 1171116262.job
C:\WINDOWS\tasks\DLOClientu.exe - BNVINVESTMENTS_ulises.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{7470067F-9880-4583-A741-9E2955334BFE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2007-02-12 4793400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2007-02-12 4793400]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"WinFaxAppPortStarter"=C:\WINDOWS\system32\wfxsnt40.exe [2002-12-12 45568]
"WFXSwtch"=C:\PROGRA~1\WinFax\WFXSWTCH.exe [2002-12-12 28160]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-06 36864]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2003-05-15 114688]
"SW20"=C:\WINDOWS\system32\sw20.exe [2006-02-22 208896]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"LVCOMSX"=C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe [2006-06-26 243248]
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2003-05-15 163840]
"IntelAudioStudio"=C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe [2005-10-27 8740864]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-10-12 139264]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
"ipTray.exe"=C:\Program Files\Intel\IDU\iptray.exe [2006-12-28 2242328]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-04-02 919016]
"Norton Ghost 14.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2008-05-07 2245984]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-29 155648]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2006-05-05 36864]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2006-05-05 40960]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SDTray"=C:\Program Files\Spyware Doctor\SDTrayApp.exe [2007-09-20 1065288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2007-02-12 144448]
"SIDEBAR"=C:\Program Files\Desktop Sidebar\dsidebar.exe [2006-07-09 1777664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
DLO Agent.lnk - C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
PKZIP Attachments Status.lnk - C:\Program Files\PKWARE\PKZIPO\PKTray.exe

C:\Documents and Settings\Ulises.BNVINVESTMENTS\Start Menu\Programs\Startup
MailWasherPro.lnk - C:\Program Files\MailWasher Pro\MailWasher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-27 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"=C:\Program Files\WinFax\WfxSeh32.Dll [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"LegalNoticeText"=
"LegalNoticeCaption"=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"DisablePersonalDirChange"=1
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\WinFax\WFXCTL32.EXE"="C:\Program Files\WinFax\WFXCTL32.EXE:LocalSubNet:Enabled:Controller"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\WinFax\WFXCTL32.EXE"="C:\Program Files\WinFax\WFXCTL32.EXE:LocalSubNet:Enabled:Controller"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb92efc0-c2f2-11dc-82fb-001676880b29}]
shell\AutoRun\command - I:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2008-12-19 10:55:14 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-19 10:55:14 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-19 10:55:14 ----A---- C:\WINDOWS\system32\java.exe
2008-12-19 10:55:14 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-19 10:41:22 ----D---- C:\rsit
2008-12-18 16:23:39 ----SHD---- C:\RECYCLER
2008-12-18 16:18:16 ----A---- C:\ComboFix.txt
2008-12-18 15:44:23 ----A---- C:\WINDOWS\zip.exe
2008-12-18 15:44:23 ----A---- C:\WINDOWS\VFIND.exe
2008-12-18 15:44:23 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-18 15:44:23 ----A---- C:\WINDOWS\SWSC.exe
2008-12-18 15:44:23 ----A---- C:\WINDOWS\SWREG.exe
2008-12-18 15:44:23 ----A---- C:\WINDOWS\sed.exe
2008-12-18 15:44:23 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-18 15:44:23 ----A---- C:\WINDOWS\grep.exe
2008-12-18 15:44:23 ----A---- C:\WINDOWS\fdsv.exe
2008-12-18 15:44:14 ----D---- C:\WINDOWS\ERDNT
2008-12-18 15:44:14 ----D---- C:\Qoobox
2008-12-18 15:43:01 ----ASH---- C:\BOOT.BAK
2008-12-18 15:42:45 ----RSHD---- C:\cmdcons
2008-12-18 15:42:45 ----A---- C:\WINDOWS\UPGRADE.TXT
2008-12-18 15:42:44 ----D---- C:\WINDOWS\setup.pss
2008-12-18 15:42:21 ----D---- C:\WINDOWS\setupupd
2008-12-18 12:41:28 ----D---- C:\Program Files\Trend Micro
2008-12-18 12:32:29 ----D---- C:\VundoFix Backups
2008-12-16 09:24:30 ----D---- C:\Documents and Settings\All Users\Application Data\MotiveSysIDs
2008-12-16 09:23:40 ----D---- C:\Documents and Settings\All Users\Application Data\Motive
2008-12-16 09:23:30 ----D---- C:\Program Files\Common Files\Motive
2008-12-15 17:35:42 ----D---- C:\Program Files\iPod
2008-12-15 17:35:39 ----D---- C:\Program Files\iTunes
2008-12-15 17:35:39 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 17:35:18 ----D---- C:\Program Files\Bonjour
2008-12-15 17:32:34 ----D---- C:\Program Files\Apple Software Update
2008-12-15 17:31:43 ----D---- C:\Program Files\Common Files\Apple
2008-12-15 17:31:42 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-15 16:10:04 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-13 14:20:58 ----D---- C:\Program Files\Lavasoft
2008-12-13 14:20:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-13 13:30:26 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-13 13:30:26 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-11 01:17:02 ----A---- C:\WINDOWS\system32\dbb3b3b6-.txt
2008-12-11 01:08:15 ----A---- C:\Documents and Settings\Ulises.BNVINVESTMENTS\Application Data\calc.exe
2008-12-11 01:07:59 ----A---- C:\WINDOWS\Wkutazayujup.dll
2008-12-11 01:04:08 ----A---- C:\temp.txt
2008-12-10 23:15:11 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 17:40:21 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 17:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 17:39:35 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-03 09:48:22 ----A---- C:\WINDOWS\QIF to IIF Converter Uninstaller.exe
2008-12-03 09:47:36 ----A---- C:\WINDOWS\wininit.ini
2008-12-03 08:57:56 ----D---- C:\Program Files\Common Files\AnswerWorks 5.0
2008-12-03 08:21:56 ----A---- C:\WINDOWS\system32\cdintf300.dll
2008-12-03 08:21:56 ----A---- C:\WINDOWS\system32\acXMLParser.dll
2008-11-29 23:38:46 ----D---- C:\Downloads
2008-11-25 11:11:26 ----D---- C:\Documents and Settings\All Users\Application Data\Zachary Systems Inc
2008-11-25 11:10:49 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-11-21 11:27:02 ----D---- C:\Program Files\Quicken
2008-11-21 11:26:59 ----A---- C:\WINDOWS\QUICKEN.INI

======List of files/folders modified in the last 1 months======

2008-12-19 10:55:41 ----D---- C:\WINDOWS\Prefetch
2008-12-19 10:55:18 ----SHD---- C:\WINDOWS\Installer
2008-12-19 10:55:18 ----D---- C:\Config.Msi
2008-12-19 10:55:17 ----D---- C:\WINDOWS\Temp
2008-12-19 10:55:14 ----D---- C:\WINDOWS\system32
2008-12-19 10:54:55 ----D---- C:\Program Files\Java
2008-12-19 10:54:53 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-19 10:32:15 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-12-19 10:23:29 ----SD---- C:\WINDOWS\Tasks
2008-12-19 10:23:17 ----D---- C:\Documents and Settings\Ulises.BNVINVESTMENTS\Application Data\Desktop Sidebar
2008-12-19 10:22:46 ----D---- C:\Documents and Settings\Ulises.BNVINVESTMENTS\Application Data\MailWasherPro
2008-12-19 10:22:05 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-19 10:20:33 ----D---- C:\WINDOWS\Registration
2008-12-19 10:20:24 ----A---- C:\WINDOWS\win.ini
2008-12-19 10:20:06 ----D---- C:\WINDOWS\Internet Logs
2008-12-19 10:18:41 ----D---- C:\Program Files\Spyware Doctor
2008-12-19 10:18:38 ----D---- C:\WINDOWS\system32\drivers
2008-12-19 00:44:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-19 00:44:29 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-19 00:42:22 ----A---- C:\WINDOWS\hpbafd.ini
2008-12-18 22:50:12 ----D---- C:\My Downloads
2008-12-18 22:46:41 ----D---- C:\mIRC
2008-12-18 16:18:21 ----D---- C:\WINDOWS
2008-12-18 16:13:36 ----A---- C:\WINDOWS\system.ini
2008-12-18 16:01:22 ----D---- C:\WINDOWS\system32\config
2008-12-18 15:58:53 ----D---- C:\WINDOWS\AppPatch
2008-12-18 15:58:53 ----D---- C:\Program Files\Common Files
2008-12-18 15:57:12 ----D---- C:\Program Files\Microsoft IntelliType Pro
2008-12-18 15:43:01 ----RASH---- C:\boot.ini
2008-12-18 13:58:51 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-18 13:54:03 ----SHD---- C:\System Volume Information
2008-12-18 13:54:03 ----D---- C:\WINDOWS\system32\Restore
2008-12-18 13:30:33 ----D---- C:\Ringtones
2008-12-18 12:41:28 ----D---- C:\Program Files
2008-12-18 11:03:07 ----D---- C:\Scanned Images
2008-12-18 10:23:04 ----A---- C:\rollback.ini
2008-12-16 09:24:16 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-15 18:22:09 ----D---- C:\My Music
2008-12-15 17:36:22 ----D---- C:\Documents and Settings\Ulises.BNVINVESTMENTS\Application Data\Apple Computer
2008-12-15 17:36:00 ----HD---- C:\WINDOWS\inf
2008-12-15 17:35:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-15 17:35:39 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-15 17:34:32 ----D---- C:\Program Files\QuickTime
2008-12-15 17:32:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-15 16:55:55 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-13 14:20:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-11 22:06:13 ----D---- C:\Program Files\ImTOO
2008-12-11 14:24:17 ----D---- C:\Documents and Settings\Ulises.BNVINVESTMENTS\Application Data\U3
2008-12-11 02:31:43 ----D---- C:\WINDOWS\system32\wbem
2008-12-10 23:42:58 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-12-10 23:15:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 23:15:02 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 23:14:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-10 23:14:53 ----D---- C:\Program Files\Internet Explorer
2008-12-10 23:14:46 ----D---- C:\WINDOWS\ie7updates
2008-12-08 14:57:55 ----A---- C:\WINDOWS\bi_group.ini
2008-12-07 17:04:51 ----D---- C:\Temp
2008-12-03 08:23:27 ----D---- C:\WINDOWS\Help
2008-12-03 08:22:09 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-02 23:29:02 ----D---- C:\Program Files\BitComet
2008-12-02 22:46:30 ----A---- C:\WINDOWS\JETSUITE.INI
2008-12-02 20:47:37 ----D---- C:\Program Files\WinFax
2008-11-25 11:37:34 ----RSD---- C:\WINDOWS\assembly
2008-11-25 11:28:49 ----D---- C:\Documents and Settings\All Users\Application Data\Intuit
2008-11-21 11:27:21 ----D---- C:\Documents and Settings\Ulises.BNVINVESTMENTS\Application Data\Intuit
2008-11-20 02:46:30 ----A---- C:\WINDOWS\system32\WNASPI32.DLL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-09 31846]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-06 33052]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-05-01 5632]
R1 truecrypt;truecrypt; \??\C:\WINDOWS\system32\Drivers\truecrypt.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-04-02 394952]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2008-11-20 16512]
R2 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 SIODRV;SIODRV; \??\C:\WINDOWS\system32\drivers\SIODRV.SYS []
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2008-06-17 99648]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-02-06 242320]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2005-04-12 4608]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-10-13 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2006-06-26 23472]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2006-06-22 38960]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2006-09-28 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2006-06-22 12080]
R3 PID_08A0;Logitech QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2006-06-22 720176]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2003-05-15 19072]
R3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-09-26 41728]
R3 SMBios;Intel ® System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-11-03 36484]
R3 smbusp;Intel® SMBus 2.0 Driver; C:\WINDOWS\system32\DRIVERS\intelsmb.sys [2006-12-28 45184]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-09-27 1021832]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2007-10-01 11520]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
S2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-07-07 1341466]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-07-07 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-07-07 56648]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HidBatt;HID UPS Battery Driver; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-13 20352]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2007-09-20 41288]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-09-20 62280]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-09-20 79688]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2006-06-26 1587632]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2006-06-26 1952816]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 17792]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-02-27 21504]
S3 MotoSwitchService;MotoSwitch Service; C:\WINDOWS\system32\DRIVERS\motswch.sys [2006-12-06 6400]
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\D:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SUSTUCAP;Susteen USB Cable Port Driver; C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver; C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys []
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2004-01-21 155770]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-09-12 554352]
R2 AWService;Admin Works Agent X8; C:\Program Files\Intel\IDU\awServ.exe [2006-12-27 74520]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-02-28 69632]
R2 IAANTMon;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 86140]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-19 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2006-06-26 99888]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-05-07 4314464]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor; C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe [2007-10-11 131072]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\svcntaux.exe [2007-09-20 742216]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\swdsvc.exe [2007-09-20 1415496]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 StarWindService;StarWind iSCSI Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2008-06-27 1251720]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [2008-04-13 5120]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 VRTSChangeJournalReader;Symantec Backup Exec DLO Agent Change Journal Reader; C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe [2005-09-10 280192]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-04-02 75304]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R2 wfxsvc;WinFax PRO; C:\WINDOWS\system32\WFXSVC.EXE [2000-09-28 129536]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-02-21 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2008-05-07 1558000]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe [2006-06-26 91696]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2008-12-19 11:01:22

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{107254A0-0ADF-11D4-9397-00D0B7020B38}\setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 8 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
APC PowerChute Personal Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
BitComet 1.06-->C:\Program Files\BitComet\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broderbund Business Lawyer 2002-->C:\PROGRA~1\LEGALP~1\BRODER~1\UNWISE.EXE C:\PROGRA~1\LEGALP~1\BRODER~1\INSTALL.LOG
CalyxLoanBridge11-->MsiExec.exe /X{192A3445-56FC-47B3-B706-17D599E3B630}
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Concord WinFax Plugin v3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1008475-75B2-4475-B98C-51FAE8B62960}\setup.exe"
CyberSky-->C:\PROGRA~1\CyberSky\UNWISE.EXE C:\PROGRA~1\CyberSky\INSTALL.LOG
Debugging Tools for Windows-->MsiExec.exe /I{D459A7BB-F85E-4C0E-8AEC-3D90C4549740}
Desktop Sidebar-->MsiExec.exe /I{A92D7264-1A13-45BE-B769-88445DD04FD6}
DVD Ripper Platinum 4-->C:\Program Files\ImTOO\DVD Ripper Platinum 4\Uninstall.exe
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
GDR 3068 for SQL Server Database Services 2005 ENU (KB948109)-->C:\WINDOWS\SQL9_KB948109_ENU\Hotfix.exe /Uninstall
GDR 3068 for SQL Server Tools and Workstation Components 2005 ENU (KB948109)-->C:\WINDOWS\SQLTools9_KB948109_ENU\Hotfix.exe /Uninstall
Glary Utilities 2.4-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HHD Software Free Hex Editor Neo 4.41-->"C:\Program Files\HHD Software\Hex Editor Neo\Setup\uninstHEX.exe" -u
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImTOO DVD Ripper Ultimate-->C:\Program Files\ImTOO\DVD Ripper Ultimate 5\Uninstall.exe
Intel Audio Studio 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}\setup.exe" -l0x9
Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST
Intel® Desktop Utilities-->C:\Program Files\InstallShield Installation Information\{F5982296-84CC-4D5B-B791-B03650F3380E}\setup.exe -runfromtemp -l0x0409
Intel® Network Connections 13.0.42.0-->MsiExec.exe /i{2223FC2F-B862-4F83-BC9E-DDF2DADF2859} ARPREMOVE=1
Intel® SMBus-->C:\WINDOWS\system32\ismbun.exe -uninstall
InterVideo DeviceService-->MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_11-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142110}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LimeWire PRO 4.12.3-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magic ISO Maker v5.3 (build 0221)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
MailWasher Pro-->"C:\Program Files\MailWasher Pro\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft MSDN 2005 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 8\Microsoft MSDN 2005 Express Edition - ENU\install.exe
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SOAP Toolkit 3.0-->MsiExec.exe /I{BCB4C18A-ACA6-4383-8688-E19933A705DD}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)-->MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition-->MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005-->"C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual FoxPro 9.0 Professional - English-->c:\Program Files\Microsoft Visual FoxPro 9\setup\Visual FoxPro 9.0 Professional - English\setup.exe /MaintMode
Microsoft WSE 2.0 SP3 Runtime-->MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
mIRC-->"C:\mIRC\mirc.exe" -uninstall
Motorola Driver Installation-->MsiExec.exe /I{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}
Motorola Phone Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe" -l0x9 -removeonly
MPEG Encoder 3-->C:\Program Files\ImTOO\MPEG Encoder 3\Uninstall.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Ultra Edition-->MsiExec.exe /I{4781569D-5404-1F26-4B2B-6DF444441031}
Norton Ghost-->MsiExec.exe /I{B0255743-165B-4BD5-8DA8-37DFB9930014}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OneTouch 4.0-->MsiExec.exe /I{1DF396A6-8A93-4539-A226-0FFE7301A567}
Password Unmask 2.0-->C:\PROGRA~1\PWUnmask\UNWISE.EXE C:\PROGRA~1\PWUnmask\INSTALL.LOG
PDF2TXT v3.0-->"C:\Program Files\PDF2TXT v3.0\unins000.exe"
PKZIP Command Line-->MsiExec.exe /I{4D37A396-7E00-11D6-99DD-00600815E2D0}
PKZIP Explorer-->MsiExec.exe /I{77BCA488-8514-11D6-99DD-00600815E2D0}
PKZIP for Windows-->MsiExec.exe /I{4D37A3B7-7E00-11D6-99DD-00600815E2D0}
PKZIP Plug-In-->MsiExec.exe /I{B78DFC99-6197-11D6-99DD-00600815E2D0}
PKZIP Shared Components-->MsiExec.exe /I{4D37A36A-7E00-11D6-99DD-00600815E2D0}
Point-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}\SETUP.EXE" -l0x9 -uninst
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QIF to IIF Converter-->C:\WINDOWS\QIF to IIF Converter Uninstaller.exe
QuickBooks Premier: Accountant Edition 2003-->C:\Program Files\Installshield Installation Information\{237a4b23-78c3-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b23-78c3-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Quicken 2009-->MsiExec.exe /X{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealData® Real Estate Calculator, 3.0.01-->C:\RealData\Calculator\unins000.exe
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
ScanSoft PaperPort 11-->MsiExec.exe /I{02E73E50-6513-4802-8600-B5A5BA185BE3}
ScanSoft PDF Create! 3.0-->MsiExec.exe /I{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\Setup.exe" -l0x9 -remove -removeonly
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.1-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SureThing CD Labeler 4 SE-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
Symantec Backup Exec DLO Agent-->MsiExec.exe /I{07DA5DF1-7407-4F8E-AD51-B63673BBB44F}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec WinFax PRO-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WinFax\WFXUNIST.ISU" -c"C:\Program Files\WinFax\UNINSTUB.DLL"
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Task Killer (remove only)-->\uninstall.exe
The Plain-Language Law Dictionary-->C:\PROGRA~1\LEGALP~1\THEPLA~1\UNWISE.EXE C:\PROGRA~1\LEGALP~1\THEPLA~1\INSTALL.LOG
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
TrueCrypt-->C:\WINDOWS\TrueCrypt Setup.exe /u C:\Program Files\TrueCrypt
TurboTax Business 2005-->C:\Program Files\TurboTax\Business 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2005\Uninstall.log" -NoGui
TurboTax Business 2006-->C:\Program Files\TurboTax\Business 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2006\Uninstall.log" -NoGui
TurboTax Business 2007-->C:\Program Files\TurboTax\Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Business 2007\Uninstall.log" -NoGui
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Home & Business 2007-->C:\Program Files\TurboTax\Home & Business 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Home & Business 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
TurboTax Premier Investments 2006-->C:\Program Files\TurboTax\Premier 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2006\Uninstall.log" -NoGui
Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini"
Ulead DVD MovieFactory 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F6E4272-B797-4523-8A4E-9FF01E1E0B16}\setup.exe" -l0x9
Ulead MediaStudio Pro 8.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6E71574-2126-4E95-816E-32B2411C94BA}\setup.exe" -l0x9
Ulead VideoStudio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\Setup.exe" -l0x9
UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
USB-IrDA Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Drive Manager (x86)-->MsiExec.exe /X{51B833D8-66B0-4E72-92B9-4E4977EF37F2}
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WorldUnlock Codes Calculator-->"C:\Program Files\WorldUnlock Codes Calculator\uninst.exe"
Zip Express v 2-->C:\PROGRA~1\ZIPEXP~1\UNWISE.EXE C:\PROGRA~1\ZIPEXP~1\INSTALL.LOG
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: ZoneAlarm Security Suite Antivirus
FW: Norton Internet Worm Protection (disabled)
FW: ZoneAlarm Security Suite Firewall

System event log

Computer Name: ULISES-DESKTOP
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Record Number: 9166
Source Name: W32Time
Time Written: 20081121101735.000000-300
Event Type: error
User:

Computer Name: ULISES-DESKTOP
Event Code: 14
Message: The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 30 minutes.

Record Number: 9165
Source Name: W32Time
Time Written: 20081121101735.000000-300
Event Type: warning
User:

Computer Name: ULISES-DESKTOP
Event Code: 7036
Message: The FLEXnet Licensing Service service entered the running state.

Record Number: 9164
Source Name: Service Control Manager
Time Written: 20081121100610.000000-300
Event Type: information
User:

Computer Name: ULISES-DESKTOP
Event Code: 7035
Message: The FLEXnet Licensing Service service was successfully sent a start control.

Record Number: 9163
Source Name: Service Control Manager
Time Written: 20081121100610.000000-300
Event Type: information
User: BNVINVESTMENTS\ulises

Computer Name: ULISES-DESKTOP
Event Code: 7036
Message: The IMAPI CD-Burning COM Service service entered the stopped state.

Record Number: 9162
Source Name: Service Control Manager
Time Written: 20081121100554.000000-300
Event Type: information
User:

Application event log

Computer Name: ULISES-DESKTOP
Event Code: 17103
Message: All rights reserved.

Record Number: 12197
Source Name: MSSQL$SQLEXPRESS
Time Written: 20081210231144.000000-300
Event Type: information
User:

Computer Name: ULISES-DESKTOP
Event Code: 17101
Message: © 2005 Microsoft Corporation.

Record Number: 12196
Source Name: MSSQL$SQLEXPRESS
Time Written: 20081210231144.000000-300
Event Type: information
User:

Computer Name: ULISES-DESKTOP
Event Code: 17069
Message: Microsoft SQL Server 2005 - 9.00.3068.00 (Intel X86)
Feb 26 2008 18:15:01
Copyright © 1988-2005 Microsoft Corporation
Express Edition on Windows NT 5.1 (Build 2600: Service Pack 3)


Record Number: 12195
Source Name: MSSQL$SQLEXPRESS
Time Written: 20081210231144.000000-300
Event Type: information
User:

Computer Name: ULISES-DESKTOP
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 12194
Source Name: LightScribeService
Time Written: 20081210231133.000000-300
Event Type: information
User:

Computer Name: ULISES-DESKTOP
Event Code: 0
Message:
Record Number: 12193
Source Name: Capture Device Service
Time Written: 20081210231133.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\Samsung\Samsung PC Studio 3;c:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PKSFXDATA"=C:\Program Files\Common Files\PKWARE\Pksfxs.dat
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0604
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"tvdumpflags"=8
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by ulyv, 19 December 2008 - 12:24 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:34 AM

Posted 27 December 2008 - 09:47 AM

Hello ulyv

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 29 December 2008 - 10:16 AM

Thanks for the reply.

Here is the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:12:38 AM, on 12/29/08
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe
C:\Program Files\PKWARE\PKZIPO\PKTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Doctor\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SIDEBAR] "C:\Program Files\Desktop Sidebar\dsidebar.exe"
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher Pro\MailWasher.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: DLO Agent.lnk = C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PKZIP Attachments Status.lnk = C:\Program Files\PKWARE\PKZIPO\PKTray.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {EA7F451B-94DD-4009-A8BF-8F977B0B2696} - http://pbells.broadjump.com/wizlet/Standar...aller_4-2-0.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bnvinvestments.com
O17 - HKLM\Software\..\Telephony: DomainName = bnvinvestments.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bnvinvestments.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bnvinvestments.com
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Symantec Backup Exec DLO Agent Change Journal Reader (VRTSChangeJournalReader) - Symantec Corporation - C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 14585 bytes

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:34 AM

Posted 29 December 2008 - 07:31 PM

You are welcome.
============
Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 30 December 2008 - 12:40 AM

I have posted the "dds.txt" file and uploaded the "attach.txt"


DDS (Version 1.1.0) - NTFSx86
Run by ulises at 0:26:03.56 on 12/30/08
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2365 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe
C:\Program Files\PKWARE\PKZIPO\PKTray.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spyware Doctor\update.exe
C:\WINDOWS\system32\gearsec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Ulises.BNVINVESTMENTS\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SIDEBAR] "c:\program files\desktop sidebar\dsidebar.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [WFXSwtch] c:\progra~1\winfax\WFXSWTCH.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [SW20] c:\windows\system32\sw20.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spyware doctor\SDTrayApp.exe"
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\ulises~1.bnv\startm~1\programs\startup\mailwa~1.lnk - c:\program files\mailwasher pro\MailWasher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dloage~1.lnk - c:\program files\veritas\backup exec\nt\dlo\DLOClientu.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pkzipa~1.lnk - c:\program files\pkware\pkzipo\PKTray.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49}
Trusted Zone: turbotax.com
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\winfax\WfxSeh32.Dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-6-19 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-3-3 394952]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 AWService;Admin Works Agent X8;"c:\program files\intel\idu\awServ.exe" [2006-12-27 74520]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-1 53248]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;"c:\program files\visioneer\onetouch 4.0\OtService.exe" [2007-10-11 131072]
R2 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2006-9-28 11018]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2005-6-30 6784]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2007-12-6 742216]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\swdsvc.exe [2007-12-6 1415496]
R2 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" [2007-1-23 1251720]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe /Processid:{161D17F4-6A56-487C-BCED-58A21FBF087A} [2004-8-3 5120]
R2 VRTSChangeJournalReader;Symantec Backup Exec DLO Agent Change Journal Reader;"c:\program files\veritas\backup exec\nt\dlo\DLOChangeLogSvcu.exe" [2005-9-10 280192]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe" [2008-1-30 106496]
R3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\SymSnapService.exe" [2007-12-20 1558000]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-6-11 11520]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-12-6 41288]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-12-6 62280]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-12-6 79688]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-8-9 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-8-9 7680]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2006-4-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-4-12 20096]

=============== Created Last 30 ================

2008-12-30 00:23 389,120 a------- c:\windows\system32\actskn43.ocx
2008-12-30 00:23 <DIR> --d----- c:\program files\Visiosonic
2008-12-29 11:31 <DIR> --d----- c:\docume~1\ulises~1.bnv\applic~1\MixMeister Technology
2008-12-29 11:30 <DIR> --d----- c:\program files\MixMeister Express 6
2008-12-29 11:13 <DIR> --d----- c:\docume~1\ulises~1.bnv\applic~1\NCH Software
2008-12-29 10:27 2,645 a------- c:\windows\SwSys2.bmp
2008-12-29 10:27 2,645 a------- c:\windows\SwSys1.bmp
2008-12-26 13:39 <DIR> --d----- c:\docume~1\ulises~1.bnv\applic~1\SharePod
2008-12-23 18:09 <DIR> --d-hr-- c:\documents and settings\ulises.bnvinvestments\Recent
2008-12-19 10:55 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-19 10:55 148,888 a------- c:\windows\system32\javaws.exe
2008-12-19 10:55 144,792 a------- c:\windows\system32\javaw.exe
2008-12-19 10:41 <DIR> --d----- C:\rsit
2008-12-18 15:44 212,480 a------- c:\windows\SWXCACLS.exe
2008-12-18 15:44 161,792 a------- c:\windows\SWREG.exe
2008-12-18 15:44 98,816 a------- c:\windows\sed.exe
2008-12-18 15:44 80,412 a------- c:\windows\grep.exe
2008-12-18 15:44 68,096 a------- c:\windows\zip.exe
2008-12-18 15:43 212 a--sh--- C:\BOOT.BAK
2008-12-18 15:42 259,776 ---shr-- C:\cmldr
2008-12-18 15:42 <DIR> --dshr-- C:\cmdcons
2008-12-18 15:42 <DIR> --d----- c:\windows\setup.pss
2008-12-18 15:42 <DIR> --d----- c:\windows\setupupd
2008-12-18 14:24 3,487,051,776 a--sh--- C:\hiberfil.sys
2008-12-18 12:41 <DIR> --d----- c:\program files\Trend Micro
2008-12-18 12:32 <DIR> --d----- C:\VundoFix Backups
2008-12-16 09:25 59,637,762 a------- C:\BLShklm.reg
2008-12-16 09:25 32,458,316 a------- C:\BLShkcu.reg
2008-12-16 09:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MotiveSysIDs
2008-12-16 09:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Motive
2008-12-16 09:23 <DIR> --d----- c:\program files\common files\Motive
2008-12-15 17:35 <DIR> --d----- c:\program files\iPod
2008-12-15 17:35 <DIR> --d----- c:\program files\iTunes
2008-12-15 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 17:35 <DIR> --d----- c:\program files\Bonjour
2008-12-15 17:33 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-15 17:33 1,409 a------- c:\windows\QTFont.for
2008-12-15 17:32 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-13 14:20 <DIR> --d----- c:\program files\Lavasoft
2008-12-13 14:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-12-13 13:30 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-13 13:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-11 01:08 204,800 a------- c:\docume~1\ulises~1.bnv\applic~1\calc.exe
2008-12-11 01:08 2 a------- C:\-795838617
2008-12-11 01:07 37,376 a------- c:\windows\Wkutazayujup.dll
2008-12-10 11:23 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2008-12-03 09:48 67,894 a------- c:\windows\QIF to IIF Converter Uninstaller.exe
2008-12-03 09:47 59 a------- c:\windows\wininit.ini
2008-12-03 08:57 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2008-12-03 08:21 3,523,872 a------- c:\windows\system32\cdintf300.dll
2008-12-03 08:21 1,848,608 a------- c:\windows\system32\acXMLParser.dll

==================== Find3M ====================

2008-12-30 00:24 36,334,624 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-29 09:47 2,048 a--s---- c:\windows\bootstat.dat
2008-12-29 01:18 490,556 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-25 11:57 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-11-20 02:46 45,056 a------- c:\windows\system32\WNASPI32.DLL
2008-11-20 02:46 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2008-11-03 19:10 17,318,336 a------- c:\windows\system32\MRT.exe
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-17 02:08 3,593,216 a------- c:\windows\system32\mshtml.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 15:38 1,160,192 a------- c:\windows\system32\urlmon.dll
2008-10-16 15:38 233,472 a------- c:\windows\system32\webcheck.dll
2008-10-16 15:38 105,984 a------- c:\windows\system32\url.dll
2008-10-16 15:38 477,696 a------- c:\windows\system32\mshtmled.dll
2008-10-16 15:38 193,024 a------- c:\windows\system32\msrating.dll
2008-10-16 15:38 459,264 a------- c:\windows\system32\msfeeds.dll
2008-10-16 15:38 44,544 a------- c:\windows\system32\iernonce.dll
2008-10-16 15:38 133,120 a------- c:\windows\system32\extmgr.dll
2008-10-16 15:38 347,136 a------- c:\windows\system32\dxtmsft.dll
2008-10-16 15:38 214,528 a------- c:\windows\system32\dxtrans.dll
2008-10-16 15:38 124,928 a------- c:\windows\system32\advpack.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\wuweb.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\wuapi.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 a------- c:\windows\system32\wups2.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-24 15:04 41,512 a------- c:\docume~1\ulises~1.bnv\applic~1\GDIPFONTCACHEV1.DAT
2007-05-07 20:53 92,064 a------- c:\documents and settings\ulises.bnvinvestments\mqdmmdm.sys
2007-05-07 20:53 79,328 a------- c:\documents and settings\ulises.bnvinvestments\mqdmserd.sys
2007-05-07 20:53 66,656 a------- c:\documents and settings\ulises.bnvinvestments\mqdmbus.sys
2007-05-07 20:53 25,600 a------- c:\documents and settings\ulises.bnvinvestments\usbsermptxp.sys
2007-05-07 20:53 22,768 a------- c:\documents and settings\ulises.bnvinvestments\usbsermpt.sys
2007-05-07 20:53 9,232 a------- c:\documents and settings\ulises.bnvinvestments\mqdmmdfl.sys
2007-05-07 20:53 6,208 a------- c:\documents and settings\ulises.bnvinvestments\mqdmcmnt.sys
2007-05-07 20:53 5,936 a------- c:\documents and settings\ulises.bnvinvestments\mqdmwhnt.sys
2007-05-07 20:53 4,048 a------- c:\documents and settings\ulises.bnvinvestments\mqdmcr.sys
2004-09-27 22:00 26,240 a------- c:\windows\inf\RAMDSK.SYS
2008-08-27 17:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 0:27:36.46 ===============

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:34 AM

Posted 30 December 2008 - 07:46 AM

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 30 December 2008 - 11:54 AM

Here is the log.

Malwarebytes' Anti-Malware 1.31
Database version: 1577
Windows 5.1.2600 Service Pack 3

12/30/08 11:53:00 AM
mbam-log-2008-12-30 (11-53-00).txt

Scan type: Quick Scan
Objects scanned: 69373
Time elapsed: 6 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:34 AM

Posted 30 December 2008 - 07:10 PM

Please submit the following files to one of these online file scanners.
(All you have to do is copy and paste them in one at a time)

c:\windows\Wkutazayujup.dll
C:\docume~1\ulises~1.bnv\applic~1\calc.exe

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 31 December 2008 - 12:38 AM

Result for "C:\docume~1\ulises~1.bnv\applic~1\calc.exe"

File calc.exe received on 11.01.2008 13:42:50 (CET)
Current status: finished

Result: 6/36 (16.67%)
Compact Print results
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - TR/Dropper.Gen
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - Suspicious File
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Suspicious:W32/XMaib.b!Gemini
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - Trojan:Win32/Cefyns.gen!A
NOD32 - - -
Norman - - -
Panda - - Suspicious file
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - Trojan.Dropper.Gen
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Additional information
MD5: 413f7a0c7a4741263b2e54cdd7a3b228
SHA1: fa3f9da1027c07d838a50d86670f05aa773afe8c
SHA256: 8929a1b8fd08c4e4832336ee31578c2e332bec7ddcc2fba6e9d7d6db5ded4e53
SHA512: 762f8c143c1043e32bd58cb1fbe1246e70869873d97271baa00749b77e28c8efb5fdb5ac7dc8a49f18540d5c2041dabe865cb63674b974b66bd2cfa50985efab

Results for "c:\windows\Wkutazayujup.dll"

File Wkutazayujup.dll_ received on 12.31.2008 06:35:22 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 5/39 (12.83%)
Loading server information...
Your file is queued in position: ___.
Estimated start time is between ___ and ___ .
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.0.0.73 2008.12.31 Trojan.Win32.Hiloti!IK
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.30 -
Authentium 5.1.0.4 2008.12.30 -
Avast 4.8.1281.0 2008.12.30 -
AVG 8.0.0.199 2008.12.30 -
BitDefender 7.2 2008.12.31 -
CAT-QuickHeal 10.00 2008.12.31 -
ClamAV 0.94.1 2008.12.30 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2008.12.31 -
eSafe 7.0.17.0 2008.12.30 -
eTrust-Vet 31.6.6284 2008.12.31 -
Ewido 4.0 2008.12.30 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2008.12.31 -
Fortinet 3.117.0.0 2008.12.31 -
GData 19 2008.12.31 -
Ikarus T3.1.1.45.0 2008.12.31 Trojan.Win32.Hiloti
K7AntiVirus 7.10.571 2008.12.30 -
Kaspersky 7.0.0.125 2008.12.31 -
McAfee 5479 2008.12.30 -
McAfee+Artemis 5479 2008.12.30 -
Microsoft 1.4205 2008.12.31 Trojan:Win32/Hiloti.gen!A
NOD32 3724 2008.12.30 a variant of Win32/Cimag
Norman 5.80.02 2008.12.30 -
Panda 9.0.0.4 2008.12.30 -
PCTools 4.4.2.0 2008.12.30 -
Prevx1 V2 2008.12.31 Malicious Software
Rising 21.10.20.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.30 -
Sophos 4.37.0 2008.12.31 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2008.12.31 -
VBA32 3.12.8.10 2008.12.30 -
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2008.12.30 -
Additional information
File size: 37376 bytes
MD5...: 033fd5e772530b7afc5f216e1b6f96e4
SHA1..: b5697b8e460b0229dbfd993f3adcaa058274b557
SHA256: e0118820432abb4b674b220ee78dfd47543554cb24c12e3b068c21a5bd274f0c
SHA512: b1149fdfd41120a2f1795116c6319841fa8ee5a7db09d0cddde66f2f26eb8078
a8513202a1ab3ca9f8157c9a58120c3dbee5dd01ba6f85947bdb9d76d9900513

ssdeep: 768:SLb4ajnozkT4970HudtOj7rBcGJ7OdwxyAPsHrqdMr5HVmYFfwR:SDToH709
jhO0Pcqd0u

PEiD..: -
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x100059cc
timedatestamp.....: 0x485eccc3 (Sun Jun 22 22:05:55 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7000 0x6200 7.60 f332afd5a5b48007f6aceb4cf34774ca
.data 0x8000 0x2000 0x1a00 6.07 1ba2677d921049864302e3f993125f0a
.rsrc 0xa000 0x1000 0x400 3.24 8a2d6da1a8ddca3ddc2807fe74729fb9
.reloc 0xb000 0x1000 0x200 2.20 409f8a9887c7030ccb86e93445cef6bc

( 5 imports )
> KERNEL32.dll: HeapAlloc, HeapCreate, IsBadReadPtr, RaiseException, ReadProcessMemory, CreateFileMappingA
> msvcrt.dll: _exit, free, malloc, realloc, wcscmp, _wcsicmp
> user32.dll: BeginPaint, GetMessageA, GetUpdateRgn, PeekMessageA, SendMessageTimeoutA, TrackPopupMenu, CheckMenuItem, DestroyWindow, SetCursor
> OLEAUT32.dll: -, -, -, -, -, -
> SHLWAPI.dll: PathCombineA, PathBuildRootA, PathAppendA, PathFileExistsA, SHDeleteValueA, SHQueryInfoKeyA, StrSpnA, StrStrA, StrToIntA, SHDeleteKeyA

( 0 exports )

Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=5E4F481900302A6992E7008F9D791D0041A7B3AC' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=5E4F481900302A6992E7008F9D791D0041A7B3AC</a>

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:34 AM

Posted 31 December 2008 - 08:22 AM

I will need to you show hidden files\folders so we can find the files.
To Set:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK
=======================
We need to upload some Suspicious files to Malwarebytes Anti-Malware
  • Please go to Malwarebytes' UploadNET
  • Under File 1: browse for

    C:\docume~1\ulises~1.bnv\applic~1\calc.exe
    and
    c:\windows\Wkutazayujup.dll

    *Note: If you are asked to upload more files, please repeat these steps for each of the File boxes.
Once you have selected all the files you want to upload, click on the Upload Button.
===========
This location :
C:\docume~1\ulises~1.bnv\applic~1\
Full path is this :
C:\Documents and Settings\ulises.bnvinvestments\application data\calc.exe
============
After that delete those 2 files and areboot and post a new log from dds.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 31 December 2008 - 11:16 AM

Here is the dds Log and I attached the Attach.txt log


DDS (Version 1.1.0) - NTFSx86
Run by ulises at 11:08:45.96 on 12/31/08
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3325.2083 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOChangeLogSvcu.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Intel\IDU\iptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Desktop Sidebar\dsidebar.exe
C:\Program Files\VERITAS\Backup Exec\NT\DLO\DLOClientu.exe
C:\Program Files\PKWARE\PKZIPO\PKTray.exe
C:\Program Files\MailWasher Pro\MailWasher.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msdtc.exe
C:\Documents and Settings\Ulises.BNVINVESTMENTS\Desktop\Trojan.Virtumonde Removal\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [SIDEBAR] "c:\program files\desktop sidebar\dsidebar.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [WFXSwtch] c:\progra~1\winfax\WFXSWTCH.exe
mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio 10\uvPL.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [SW20] c:\windows\system32\sw20.exe
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ipTray.exe] "c:\program files\intel\idu\iptray.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SDTray] "c:\program files\spyware doctor\SDTrayApp.exe"
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\ulises~1.bnv\startm~1\programs\startup\mailwa~1.lnk - c:\program files\mailwasher pro\MailWasher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dloage~1.lnk - c:\program files\veritas\backup exec\nt\dlo\DLOClientu.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pkzipa~1.lnk - c:\program files\pkware\pkzipo\PKTray.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49}
Trusted Zone: turbotax.com
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\winfax\WfxSeh32.Dll

============= SERVICES / DRIVERS ===============

R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-6-19 127768]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-3-3 394952]
R2 AWService;Admin Works Agent X8;"c:\program files\intel\idu\awServ.exe" [2006-12-27 74520]
R2 gearsec;gearsec;c:\windows\system32\gearsec.exe [2003-12-1 53248]
R2 OneTouch 4.0 Monitor;OneTouch 4.0 Monitor;"c:\program files\visioneer\onetouch 4.0\OtService.exe" [2007-10-11 131072]
R2 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2006-9-28 11018]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2005-6-30 6784]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\svcntaux.exe [2007-12-6 742216]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\swdsvc.exe [2007-12-6 1415496]
R2 Symantec Core LC;Symantec Core LC;"c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe" [2007-1-23 1251720]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe /Processid:{161D17F4-6A56-487C-BCED-58A21FBF087A} [2004-8-3 5120]
R2 VRTSChangeJournalReader;Symantec Backup Exec DLO Agent Change Journal Reader;"c:\program files\veritas\backup exec\nt\dlo\DLOChangeLogSvcu.exe" [2005-9-10 280192]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service []
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;"c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe" [2008-1-30 106496]
R3 SymSnapService;SymSnapService;"c:\program files\norton ghost\shared\drivers\SymSnapService.exe" [2007-12-20 1558000]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-6-11 11520]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-12-6 41288]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-12-6 62280]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-12-6 79688]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-8-9 17792]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-8-9 7680]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys []
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2006-4-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2006-4-12 20096]

=============== Created Last 30 ================

2008-12-30 11:44 <DIR> --d----- c:\docume~1\ulises~1.bnv\applic~1\Malwarebytes
2008-12-30 11:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-30 11:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 11:44 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 11:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-30 00:29 116 ---shr-- c:\windows\PCGWIN32.LI3
2008-12-30 00:23 389,120 a------- c:\windows\system32\actskn43.ocx
2008-12-30 00:23 <DIR> --d----- c:\program files\Visiosonic
2008-12-29 11:31 <DIR> --d----- c:\docume~1\ulises~1.bnv\applic~1\MixMeister Technology
2008-12-29 11:30 <DIR> --d----- c:\program files\MixMeister Express 6
2008-12-29 11:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NCH Software
2008-12-29 11:13 <DIR> --d----- c:\docume~1\ulises~1.bnv\applic~1\NCH Software
2008-12-29 10:27 2,645 a------- c:\windows\SwSys2.bmp
2008-12-29 10:27 2,645 a------- c:\windows\SwSys1.bmp
2008-12-26 13:39 <DIR> --d----- c:\docume~1\ulises~1.bnv\applic~1\SharePod
2008-12-19 10:55 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-19 10:55 148,888 a------- c:\windows\system32\javaws.exe
2008-12-19 10:55 144,792 a------- c:\windows\system32\javaw.exe
2008-12-19 10:55 144,792 a------- c:\windows\system32\java.exe
2008-12-18 15:44 161,792 a------- c:\windows\SWREG.exe
2008-12-18 15:44 98,816 a------- c:\windows\sed.exe
2008-12-18 15:44 68,096 a------- c:\windows\zip.exe
2008-12-18 15:44 28,672 a------- c:\windows\NIRCMD.exe
2008-12-18 15:42 259,776 ---shr-- C:\cmldr
2008-12-18 15:42 <DIR> --dshr-- C:\cmdcons
2008-12-18 15:42 <DIR> --d----- c:\windows\setup.pss
2008-12-18 15:42 <DIR> --d----- c:\windows\setupupd
2008-12-18 12:41 <DIR> --d----- c:\program files\Trend Micro
2008-12-18 12:32 <DIR> --d----- C:\VundoFix Backups
2008-12-16 09:25 59,637,762 a------- C:\BLShklm.reg
2008-12-16 09:25 32,458,316 a------- C:\BLShkcu.reg
2008-12-16 09:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MotiveSysIDs
2008-12-16 09:23 <DIR> --d----- c:\program files\common files\Motive
2008-12-15 17:35 <DIR> --d----- c:\program files\iPod
2008-12-15 17:35 <DIR> --d----- c:\program files\iTunes
2008-12-15 17:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-15 17:35 <DIR> --d----- c:\program files\Bonjour
2008-12-15 17:33 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-15 17:33 1,409 a------- c:\windows\QTFont.for
2008-12-15 17:32 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-15 17:31 <DIR> --d----- c:\program files\common files\Apple
2008-12-13 13:30 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-13 13:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-11 01:12 12,582,912 a------- c:\documents and settings\ulises.bnvinvestments\ntuser.dat
2008-12-11 01:08 2 a------- C:\-795838617
2008-12-10 11:23 286,720 -c------ c:\windows\system32\dllcache\gdi32.dll
2008-12-03 09:48 67,894 a------- c:\windows\QIF to IIF Converter Uninstaller.exe
2008-12-03 09:47 59 a------- c:\windows\wininit.ini
2008-12-03 08:57 <DIR> --d----- c:\program files\common files\AnswerWorks 5.0
2008-12-03 08:21 3,523,872 a------- c:\windows\system32\cdintf300.dll
2008-12-03 08:21 1,848,608 a------- c:\windows\system32\acXMLParser.dll

==================== Find3M ====================

2008-12-31 11:02 36,960,032 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-31 11:02 497,420 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-30 10:04 163,528 a------- c:\windows\system32\FNTCACHE.DAT
2008-12-25 11:57 4,212 ----h--- c:\windows\system32\zllictbl.dat
2008-11-20 02:46 45,056 a------- c:\windows\system32\WNASPI32.DLL
2008-11-20 02:46 16,512 a------- c:\windows\system32\drivers\ASPI32.SYS
2008-11-02 12:12 99,170 a------- c:\windows\system32\perfc009.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 15:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 15:38 1,160,192 a------- c:\windows\system32\urlmon.dll
2008-10-16 15:38 671,232 a------- c:\windows\system32\mstime.dll
2008-10-16 15:38 102,912 a------- c:\windows\system32\occache.dll
2008-10-16 15:38 44,544 a------- c:\windows\system32\pngfilt.dll
2008-10-16 15:38 267,776 a------- c:\windows\system32\iertutil.dll
2008-10-16 15:38 52,224 a------- c:\windows\system32\msfeedsbs.dll
2008-10-16 15:38 383,488 a------- c:\windows\system32\ieapfltr.dll
2008-10-16 15:38 133,120 a------- c:\windows\system32\extmgr.dll
2008-10-16 15:38 214,528 a------- c:\windows\system32\dxtrans.dll
2008-10-16 15:38 124,928 a------- c:\windows\system32\advpack.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\wuaueng.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\cdm.dll
2008-10-16 14:09 43,544 a------- c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 a------- c:\windows\system32\wups.dll
2008-10-16 08:11 13,824 a------- c:\windows\system32\ieudinit.exe
2008-10-15 11:34 337,408 a------- c:\windows\system32\netapi32.dll
2008-10-15 02:04 161,792 a------- c:\windows\system32\ieakui.dll
2008-10-03 05:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-24 15:04 41,512 a------- c:\docume~1\ulises~1.bnv\applic~1\GDIPFONTCACHEV1.DAT
2007-05-07 20:53 92,064 a------- c:\documents and settings\ulises.bnvinvestments\mqdmmdm.sys
2007-05-07 20:53 79,328 a------- c:\documents and settings\ulises.bnvinvestments\mqdmserd.sys
2007-05-07 20:53 66,656 a------- c:\documents and settings\ulises.bnvinvestments\mqdmbus.sys
2007-05-07 20:53 25,600 a------- c:\documents and settings\ulises.bnvinvestments\usbsermptxp.sys
2007-05-07 20:53 22,768 a------- c:\documents and settings\ulises.bnvinvestments\usbsermpt.sys
2007-05-07 20:53 9,232 a------- c:\documents and settings\ulises.bnvinvestments\mqdmmdfl.sys
2007-05-07 20:53 6,208 a------- c:\documents and settings\ulises.bnvinvestments\mqdmcmnt.sys
2007-05-07 20:53 5,936 a------- c:\documents and settings\ulises.bnvinvestments\mqdmwhnt.sys
2007-05-07 20:53 4,048 a------- c:\documents and settings\ulises.bnvinvestments\mqdmcr.sys
2004-09-27 22:00 26,240 a------- c:\windows\inf\RAMDSK.SYS
2008-08-27 17:50 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 11:10:37.31 ===============

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:34 AM

Posted 31 December 2008 - 06:05 PM

Looks good please delete this file as ell C:\-795838617 after that empty your recycle bin and let me know how things are running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:34 AM

Posted 02 January 2009 - 03:02 PM

Happy New Year !!!

Thank you for all your help.

The system has been stable. What was the system infected with ?

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:34 AM

Posted 03 January 2009 - 08:22 AM

It appeared to be only a couple of miscellaneous files.
Since they appeared to be relatively new I had you upload them to MAlwareBytes so they could add them to the detection.

Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.microsoft.com/kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingcomputer.com/tutorials/...143.html#manual
=====================================
After that your log is clean. :thumbsup:

The following is a list of tools and utilities that I like to suggest to people.
You do not have to have all or any of them they are only suggestions.
This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy-Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.

Spyware Blaster - Great prevention tool to keep nasties from installing on your system.

Spywareguard-Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users