Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Banker.FS Trojan.SpyAgent.DA infection


  • This topic is locked This topic is locked
7 replies to this topic

#1 vablativ

vablativ

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 31 January 2009 - 03:56 PM

Hi,

My computer appears to have been infected by Win32.Banker.FS Trojan.SpyAgent.DA all of a sudden while I was surfing!

(1) Pop-up notifications at the bottom right of screen: "Warning! Spyware files Win32.Banker.FS Trojan.SpyAgent.DA and other detected on your computer."

(2) Other messages like "Your computer is in danger! Windoes Security Center has detected spyware/adware infection. It is recommended to use special antispyware tools to prevent data loss"

(3) My desktop wallpaper has been replaced by some red-blue-green-yellow squares,

(4) Task Manager is disabled,

(5) Regedit is blocked,


My DDS log is attached below, thank you for helping!!


DDS (Ver_09-01-19.01) - NTFSx86
Run by Administrator at 4:40:56.99 on Sun 02/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.170 [GMT 8:00]

FW: Proventia Desktop *enabled*

============== Running Processes ===============

C:\windows\System32\ibmpmsvc.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
C:\windows\system32\svchost -k rpcss
C:\windows\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\S24EvMon.exe
C:\windows\System32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\NUS-VPN\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\windows\System32\QCONSVC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\windows\System32\svchost.exe -k imgsvc
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe
C:\windows\system32\DRIVERS\WtSrv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\windows\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\windows\system32\ICO.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\windows\svc.exe
C:\windows\svw.exe
C:\windows\wdmon.exe
C:\windows\svx.exe
C:\windows\vlc.exe
svchost.exe "C:\windows\system32\3com_dmiv.exe"
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\windows\svhoster.exe
C:\windows\svzip.exe
C:\windows\system32\ctfmon.exe
C:\windows\sv.exe
C:\windows\runsql.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\windows\System32\alg.exe
C:\windows\odb.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
C:\WINDOWS\System32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.sg/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
mWinlogon: Shell=Explorer.exe work.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\ntos.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: : {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: NTIECatcher Class: {c56cb6b0-0d96-11d6-8c65-b2868b609932} - c:\program files\xi\nettransport 2\NTIEHelper.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [mswindws] mssql.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [UpdateWin] c:\windows\system32\3com_dmiv.exe
uRun: [userinit] c:\windows\system32\ntos.exe
uRunServices: [UpdateWin] c:\windows\system32\3com_dmiv.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TPHOTKEY] c:\progra~1\thinkpad\pkgmgr\hotkey\TPHKMGR.exe
mRun: [BMMLREF] c:\program files\thinkpad\utilities\BMMLREF.EXE
mRun: [BMMMONWND] rundll32.exe c:\progra~1\thinkpad\utilit~1\BatInfEx.dll,BMMAutonomicMonitor
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [UC_Start] c:\program files\ibm\updater\\ucstartup.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [IBMPRC] c:\ibmtools\utils\ibmprc.exe
mRun: [PRONoMgr.exe] c:\program files\intel\prosetwireless\ncs\proset\PRONoMgr.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver3\LVCOMS.EXE
mRun: [LogitechGalleryRepair] c:\program files\logitech\imagestudio\ISStart.exe
mRun: [LogitechImageStudioTray] c:\program files\logitech\imagestudio\LogiTray.exe
mRun: [ZingSpooler] c:\program files\common files\zing\ZingSpooler.exe
mRun: [QCTray] c:\progra~1\thinkpad\connec~1\QCTray.exe
mRun: [QCWLIcon] c:\program files\thinkpad\connectutilities\QCWLICON.EXE
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -onlytray
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [THGuard] "c:\program files\trojanhunter 4.2\THGuard.exe"
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [odb] c:\windows\odb.exe
mRun: [UpdateWin] c:\windows\system32\3com_dmiv.exe
mRun: [netc] c:\windows\svc.exe
mRun: [netw] c:\windows\svw.exe
mRun: [wdmon] c:\windows\wdmon.exe
mRun: [netx] c:\windows\svx.exe
mRun: [vlc] c:\windows\vlc.exe
mRun: [net64] c:\windows\svhoster.exe
mRun: [netzip] c:\windows\svzip.exe
mRun: [netsv32] c:\windows\sv.exe
mRun: [runsql] c:\windows\runsql.exe
mRun: [runsql] c:\windows\runsql.exe
mRunServices: [UpdateWin] c:\windows\system32\3com_dmiv.exe
dRun: [userinit] c:\windows\system32\ntos.exe
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &ICQ Toolbar Search - c:\program files\icqtoolbar\toolbaru.dll/SEARCH.HTML
IE: Download all by Net Transport - c:\program files\xi\nettransport 2\NTAddList.html
IE: Download by Net Transport - c:\program files\xi\nettransport 2\NTAddLink.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\progra~1\icq\ICQ.exe
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - c:\program files\icqlite\ICQLite.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - c:\program files\hello\PicasaCapture.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: Sebring - c:\windows\system32\LgNotify.dll
AppInit_DLLs: c:\windows\system32\rundll32.dll
SSODL: rlXfvRjBecS - {946BD687-3EC1-7C2D-CA3D-08BE93CBEE15} - c:\windows\system32\tnczpk.dll
STS: IPC Configuration Utility - No File
STS: Windows Installer Class: {020487cc-fc04-4b1e-863f-d9801796230b} - c:\docume~1\admini~1\locals~1\temp\wndutl32.dll
SEH: CShellExecuteHookImpl Object: {54d9498b-cf93-414f-8984-8ce7fde0d391} - c:\program files\ewido anti-malware\shellhook.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli pwdmon

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\default user\
FF - prefs.js: browser.search.selectedEngine - Dictionary.com
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2004-7-22 58568]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2004-7-22 9728]
R1 ewido security suite driver;ewido security suite driver;c:\program files\ewido anti-malware\guard.sys [2004-11-22 3072]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2004-7-22 2295]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2004-7-22 15360]
R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [2005-8-21 76849]
R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [2004-8-3 47697]
R3 sysrest.sys;sysrest.sys;c:\windows\system32\sysrest.sys []
R4 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2008-1-4 587096]
R4 black;black;c:\windows\system32\drivers\Blackcat.sys [2005-8-21 196978]
R4 BlackICE;BlackICE;c:\program files\iss\isssensors\desktopprotection\blackd.exe [2004-8-3 2007382]
R4 ewido security suite control;ewido security suite control;c:\program files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R4 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [2004-3-20 63872]
R4 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2004-7-22 4433]
R4 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2003-9-3 190480]
R4 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2003-9-3 31248]
R4 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\iss\isssensors\desktopprotection\Vpatch.exe [2005-8-21 426333]
S3 AM5211;11b/g Wireless LAN Mini PCI Adapter Service;c:\windows\system32\drivers\am5211.sys [2004-5-3 380000]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-3 32512]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [2004-8-3 27088]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [2004-8-3 8704]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [2004-7-22 12288]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2004-8-3 36676]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2004-8-3 24344]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-3-11 189792]
S4 ewido security suite guard;ewido security suite guard;c:\program files\ewido anti-malware\ewidoguard.exe [2005-12-19 151616]

=============== Created Last 30 ================

2009-02-01 03:55 283,136 a------- c:\windows\sv.exe
2009-02-01 03:55 283,136 a------- c:\windows\runsql.exe
2009-02-01 03:55 283,648 a------- c:\windows\svzip.exe
2009-02-01 03:55 281,600 a------- c:\windows\svhoster.exe
2009-02-01 03:55 235,520 a------- c:\windows\vlc.exe
2009-02-01 03:55 235,008 a------- c:\windows\wdmon.exe
2009-02-01 03:55 235,008 a------- c:\windows\svx.exe
2009-02-01 03:55 235,520 a------- c:\windows\svc.exe
2009-02-01 03:55 235,008 a------- c:\windows\svw.exe
2009-02-01 03:53 109 a--sh--- c:\windows\system32\2490095238.dat
2009-02-01 03:53 235,520 a------- c:\windows\odb.exe
2009-02-01 03:53 <DIR> --dsh--- c:\windows\system32\wsnpoem
2009-02-01 03:53 43,008 ---shr-- c:\windows\system32\3com_dmiv.exe
2009-01-28 03:05 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-01-28 03:05 57,344 a------- c:\windows\system32\QuickTime.qts
2009-01-28 03:04 <DIR> --d----- c:\program files\QuickTime Alternative

==================== Find3M ====================

2009-01-31 00:28 14,604 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-25 17:31 9,628 a------- c:\windows\desctemp.dat
2008-09-02 03:15 0 a------- c:\documents and settings\administrator\xl00290.exe
2004-08-14 13:08 457 a------- c:\program files\INSTALL.LOG
2005-05-25 02:37 56 ---shr-- c:\windows\system32\17ABCF3053.sys
2005-10-19 12:53 28,297 ---sh--- c:\windows\system32\hgdca_b74.VIR

============= FINISH: 4:42:15.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 02 February 2009 - 06:06 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 vablativ

vablativ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 05 February 2009 - 11:39 AM

Thanks fenzodahl512 for helping me on this.

Malwarebytes log as follows:

Malwarebytes' Anti-Malware 1.33
Database version: 1730
Windows 5.1.2600 Service Pack 2

2/5/2009 11:47:46 PM
mbam-log-2009-02-05 (23-47-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 217465
Time elapsed: 1 hour(s), 55 minute(s), 27 second(s)

Memory Processes Infected: 10
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 26
Registry Data Items Infected: 16
Folders Infected: 6
Files Infected: 81

Memory Processes Infected:
C:\WINDOWS\svc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\runsql.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\sv.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\svzip.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\svw.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\odb.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\Administrator\Local Settings\Temp\wndutl32.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\hzfel1.bhoapp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2a8d06b4-1b40-009f-e531-629a59080f43} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2a8d06b4-1b40-009f-e531-629a59080f43} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\hzfel1.bhoapp.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Trojan.Peed) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sysrest.sys (Trojan.Peed) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Trojan.Peed) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{946bd687-3ec1-7c2d-ca3d-08be93cbee15} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{020487cc-fc04-4b1e-863f-d9801796230b} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net64 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netc (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runsql (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updatewin (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\updatewin (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\rlxfvrjbecs (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\UpdateWin (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vlc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wdmon (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netsv32 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netzip (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\netw (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\OLE\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa\UpdateWin (Worm.Sdbot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\odb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswindws (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Backdoor.Bot) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\ntos.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\ntos.exe -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe work.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\windows\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Microsoft Security Adviser (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\append.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xlib254.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\google.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\altcmd (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\altcmd\altcmd32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\wndutl32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\altcmd\almd32.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP159\A0011637.sys (Trojan.Peed) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP163\A0011819.sys (Trojan.Peed) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP164\A0013833.sys (Trojan.Peed) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphce9bj0en7a.exe (Trojan.Peed) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest.sys (Trojan.Peed) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AdobeUM\msavsc.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AdobeUM\msctrl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AdobeUM\msfw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AdobeUM\msiemon.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AdobeUM\mssadv.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\AdobeUM\msscan.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\rsyncini.exe (Trojan.Shutdowner) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\001.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\002.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\003.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\004.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\msctrl.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv_sp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Microsoft Security Adviser\mssadv_sp.log (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wsnpoem\audio.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\wsnpoem\video.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\svhoster.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svc.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\runsql.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3com_dmiv.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tnczpk.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\5_odb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\6_ldr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\60325cahp25ca0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\60325cahp25caa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\q1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\q2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\q3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\q4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\q5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\q6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\q7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\q8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\q9.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\teste1_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\teste2_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\teste3_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\teste4_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\avto1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\avto2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\avto3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\avto4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\svx.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\vlc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\wdmon.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\svzip.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\svw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\~tmp.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\system.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wowfx.dll (Trojan.QHost) -> Quarantined and deleted successfully.
C:\WINDOWS\odb.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt18.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt19.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt1B.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt1D.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt1E.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt1F.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt20.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt24.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt29.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\.tt2F.tmp.vbs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssql.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntos.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\Temp\5_odb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teste1_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\teste2_p.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\avto.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\avto1.exe (Trojan.Agent) -> Quarantined and deleted successfully.

#4 vablativ

vablativ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 05 February 2009 - 11:41 AM

Here, RSIT log.txt:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-02-05 23:54:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (7%) free of 23 GB
Total RAM: 767 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:54:56 PM, on 2/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\ibmpmsvc.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\windows\system32\svchost.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\NUS-VPN\cvpnd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\windows\System32\QCONSVC.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe
C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\windows\System32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe
C:\windows\system32\DRIVERS\WtSrv.exe
C:\windows\System32\alg.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\windows\system32\rundll32.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\windows\system32\ICO.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntupd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe work.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [QCWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [mswindws] mssql.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O20 - AppInit_DLLs: C:\WINDOWS\system32\rundll32.dll
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - (no file)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\windows\System32\Ati2evxx.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\NUS-VPN\cvpnd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\windows\System32\ibmpmsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\windows\System32\QCONSVC.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\windows\system32\DRIVERS\WtSrv.exe
O24 - Desktop Component 1: NUS Students Intranet - http://www.nus.edu.sg/students/

--
End of file - 12656 bytes

======Scheduled tasks folder======

C:\windows\tasks\BMMTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll [2003-05-15 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2003-10-22 106548]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-25 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-28 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2003-12-15 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-25 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-25 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=C:\windows\system32\irprops.cpl [2004-08-04 380416]
"TPKMAPHELPER"=C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [2003-10-24 897024]
"TpShocks"=C:\windows\system32\TpShocks.exe [2003-12-18 102400]
"TPHOTKEY"=C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe [2004-03-11 94208]
"BMMLREF"=C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE [2003-12-25 20480]
"BMMMONWND"=C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll [2003-12-25 394752]
"EZEJMNAP"=C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe [2003-12-25 208896]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-02-11 335872]
"UC_Start"=C:\Program Files\IBM\Updater\\ucstartup.exe [2003-10-01 36864]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2003-10-22 114741]
"IBMPRC"=C:\IBMTOOLS\UTILS\ibmprc.exe [2004-03-20 90112]
"PRONoMgr.exe"=C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe [2003-12-10 86016]
"Mouse Suite 98 Daemon"=C:\windows\system32\ICO.EXE [2002-03-15 45056]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2001-08-18 44032]
"MSPY2002"=C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [2002-08-29 59392]
"PHIME2002ASync"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"PHIME2002A"=C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe []
"LVCOMS"=C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022]
"LogitechGalleryRepair"=C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648]
"LogitechImageStudioTray"=C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440]
"ZingSpooler"=C:\Program Files\Common Files\Zing\ZingSpooler.exe [2004-08-05 188416]
"QCTray"=C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe [2004-03-12 663552]
"QCWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE [2004-03-12 49152]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2005-03-22 167936]
"DataLayer"=C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [2005-03-31 1106944]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-11 172032]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2002-12-17 49152]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960]
"THGuard"=C:\Program Files\TrojanHunter 4.2\THGuard.exe [2005-02-19 1089024]
"OfficeScanNT Monitor"=C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2004-05-18 458752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-13 68856]
"ctfmon.exe"=C:\windows\system32\ctfmon.exe [2004-08-04 15360]
"mswindws"=C:\windows\system32\mssql.exe [2009-02-05 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
C:\windows\system32\Ati2mdxx.exe [2001-09-05 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe [2004-01-21 581632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\windows\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
??????????????? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lphce9bj0en7a]
C:\WINDOWS\system32\lphce9bj0en7a.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeScanNT Monitor]
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2004-05-18 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
??????????????? []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3TRAY2]
C:\windows\system32\S3Tray2.exe [2001-10-12 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-11-20 512000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-11-20 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
C:\windows\system32\tp4ex.exe [2002-09-04 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UC_SMB]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WService]
C:\windows\system32\WService.EXE [2002-09-07 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE [2005-06-06 1183744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^National University of Singapore NUS-VPN Client.lnk]
C:\PROGRA~1\NUS-VPN\vpngui.exe [2004-07-22 1470480]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
PowerReg Scheduler V3.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\rundll32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\windows\system32\Ati2evxx.dll [2004-02-11 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll [2003-12-17 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\System32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
IPC Configuration Utility - IPC Configuration Utility

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"=C:\Program Files\ewido anti-malware\shellhook.dll [2004-09-30 39488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
pwdmon

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSetActiveDesktop"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480"
"C:\Program Files\LuDC++\LuDCPlusPlus.exe"="C:\Program Files\LuDC++\LuDCPlusPlus.exe:*:Enabled:LuDC++"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\SketchUp 3.0\SketchUp.exe"="C:\Program Files\SketchUp 3.0\SketchUp.exe:*:Disabled:SketchUp Application"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\3dsmax6\3dsmax.exe"="C:\3dsmax6\3dsmax.exe:*:Enabled:3ds max application"
"C:\Program Files\Bentley\Program\MicroStation\ustation.exe"="C:\Program Files\Bentley\Program\MicroStation\ustation.exe:*:Enabled:MicroStation for Windows x86"
"C:\Program Files\@Last Software\SketchUp 4\SketchUp.exe"="C:\Program Files\@Last Software\SketchUp 4\SketchUp.exe:*:Disabled:SketchUp Application"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\Documents and Settings\Administrator\Local Settings\Temp\.tt23.tmp"="C:\Documents and Settings\Administrator\Local Settings\Temp\.tt23.tmp:*:Enabled:enable"
"C:\windows\system32\sysrest32.exe"="C:\windows\system32\sysrest32.exe:*:Enabled:enable"
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pinnew.exe"="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pinnew.exe:*:Enabled:Enabled"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03d6e7fd-b46f-11dd-a787-101111111111}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{03d6e801-b46f-11dd-a787-101111111111}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ea352e0-f5cb-11dc-a760-101111111111}]
shell\Auto\command - printer.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ea352e1-f5cb-11dc-a760-101111111111}]
shell\Auto\command - F:\printer.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f964560-b5cf-11dc-a75c-101111111111}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f964561-b5cf-11dc-a75c-101111111111}]
shell\Auto\command - G:\printer.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{663ec253-e787-11db-a74d-000e3537c4fa}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6eebe226-c0f7-11d9-a5da-000e3537c4fa}]
shell\Auto\command - F:\printer.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b504aad0-2352-11da-a63d-000e3537c4fa}]
shell\Auto\command - F:\printer.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0872444-0e14-11dd-a76a-101111111111}]
shell\Auto\command - F:\printer.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL printer.exe


======File associations======

.cpl - cplopen - C:\WINDOWS\rundll32.exe shell32.dll,Control_RunDLL "%1",%*

======List of files/folders created in the last 3 months======

2009-02-05 23:54:47 ----D---- C:\rsit
2009-02-05 23:51:03 ----A---- C:\windows\system32\mssql.exe
2009-02-05 23:47:59 ----A---- C:\cvflbvc.txt
2009-02-05 21:48:06 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-02-05 21:48:01 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-05 21:48:00 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-28 03:05:03 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-01-28 03:04:55 ----D---- C:\Program Files\QuickTime Alternative
2008-12-23 23:06:45 ----D---- C:\Program Files\GOMPlayer
2008-12-06 03:56:55 ----D---- C:\Program Files\BroadBand on Mobile

======List of files/folders modified in the last 3 months======

2009-02-05 23:54:56 ----D---- C:\Program Files\Trend Micro
2009-02-05 23:54:50 ----D---- C:\windows\Prefetch
2009-02-05 23:53:29 ----D---- C:\Program Files\Mozilla Firefox
2009-02-05 23:51:03 ----AD---- C:\windows\system32
2009-02-05 23:49:43 ----D---- C:\windows\Temp
2009-02-05 23:49:11 ----SHD---- C:\windows\CSC
2009-02-05 23:49:08 ----D---- C:\windows\Minidump
2009-02-05 23:49:08 ----AD---- C:\WINDOWS
2009-02-05 23:47:59 ----D---- C:\windows\system32\drivers
2009-02-05 23:47:46 ----RD---- C:\Program Files
2009-02-01 04:32:36 ----D---- C:\windows\system32\CatRoot2
2009-02-01 03:58:02 ----A---- C:\windows\SchedLgU.Txt
2009-02-01 03:57:09 ----A---- C:\windows\winamp.ini
2009-02-01 00:46:20 ----D---- C:\transported
2009-01-29 22:58:39 ----SHD---- C:\windows\Installer
2009-01-29 01:30:19 ----D---- C:\Program Files\Trillian
2009-01-28 03:12:00 ----D---- C:\Program Files\Google
2009-01-28 03:03:15 ----D---- C:\windows\system32\QuickTime
2009-01-28 03:03:13 ----D---- C:\Program Files\QuickTime
2009-01-28 01:45:07 ----D---- C:\Program Files\GNU
2009-01-25 05:40:16 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-12 21:45:40 ----RSD---- C:\windows\Fonts
2008-12-21 03:04:39 ----D---- C:\Program Files\mIRC
2008-12-06 03:57:43 ----HD---- C:\windows\inf
2008-11-30 21:05:41 ----A---- C:\windows\thxcfg.ini
2008-11-16 22:50:30 ----D---- C:\downloaded applications 3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ANC;ANC; C:\windows\System32\drivers\ANC.SYS [2004-03-12 9728]
R1 ASPI32;ASPI32; C:\windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 ewido security suite driver;ewido security suite driver; \??\C:\Program Files\ewido anti-malware\guard.sys []
R1 IBMTPCHK;IBMTPCHK; C:\windows\System32\drivers\IBMBLDID.SYS [2004-03-12 2295]
R1 intelppm;Intel Processor Driver; C:\windows\System32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 Smapint;Smapint; C:\windows\System32\drivers\Smapint.sys [2003-10-24 14848]
R1 sscdbhk5;sscdbhk5; C:\windows\system32\drivers\sscdbhk5.sys [2003-07-15 5621]
R1 ssrtln;ssrtln; C:\windows\system32\drivers\ssrtln.sys [2003-07-15 23219]
R1 TDSMAPI;TDSMAPI; C:\windows\System32\drivers\TDSMAPI.SYS [2003-10-24 8831]
R1 TPHKDRV;TPHKDRV; C:\windows\system32\drivers\TPHKDRV.sys [2004-03-11 16195]
R1 TPPWR;TPPWR; C:\windows\System32\drivers\Tppwr.sys [2003-12-25 15360]
R1 TSMAPIP;TSMAPIP; C:\windows\System32\drivers\TSMAPIP.SYS [2003-12-18 7168]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.0.0.8; C:\windows\system32\DRIVERS\AegisP.sys [2005-03-01 16110]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 CVPNDRVA;National University of Singapore IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 drvnddm;drvnddm; C:\windows\system32\drivers\drvnddm.sys [2003-06-20 40448]
R2 EGATHDRV;IBM Access Support; \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS []
R2 ibmfilter;ibmfilter; \??\C:\WINDOWS\System32\drivers\ibmfilter.sys []
R2 irda;IrDA Protocol; C:\windows\System32\DRIVERS\irda.sys [2004-08-04 87424]
R2 mdmxsdk;mdmxsdk; C:\windows\System32\DRIVERS\mdmxsdk.sys [2003-04-10 11043]
R2 PMEM;PMEM; \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS []
R2 s24trans;WLAN Transport; C:\windows\System32\DRIVERS\s24trans.sys [2004-06-02 11258]
R2 ShockMgr;ShockMgr; C:\windows\system32\drivers\ShockMgr.sys [2003-12-16 4433]
R2 tfsnboio;tfsnboio; C:\windows\system32\dla\tfsnboio.sys [2003-10-22 25685]
R2 tfsncofs;tfsncofs; C:\windows\system32\dla\tfsncofs.sys [2003-10-22 34837]
R2 tfsndrct;tfsndrct; C:\windows\system32\dla\tfsndrct.sys [2003-10-22 4117]
R2 tfsndres;tfsndres; C:\windows\system32\dla\tfsndres.sys [2003-10-22 2233]
R2 tfsnifs;tfsnifs; C:\windows\system32\dla\tfsnifs.sys [2003-10-22 83572]
R2 tfsnopio;tfsnopio; C:\windows\system32\dla\tfsnopio.sys [2003-10-22 14229]
R2 tfsnpool;tfsnpool; C:\windows\system32\dla\tfsnpool.sys [2003-10-22 6357]
R2 tfsnudf;tfsnudf; C:\windows\system32\dla\tfsnudf.sys [2003-10-22 98164]
R2 tfsnudfa;tfsnudfa; C:\windows\system32\dla\tfsnudfa.sys [2003-10-22 100373]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 aeaudio;aeaudio; C:\windows\system32\drivers\aeaudio.sys [2003-10-24 100384]
R3 ati2mtag;ati2mtag; C:\windows\System32\DRIVERS\ati2mtag.sys [2004-02-11 672256]
R3 BlueletAudio;Bluetooth Audio Service; C:\windows\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\windows\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\windows\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\windows\System32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\windows\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 E1000;Intel® PRO/1000 Adapter Driver; C:\windows\System32\DRIVERS\e1000325.sys [2003-08-15 125952]
R3 HidUsb;Microsoft HID Class Driver; C:\windows\System32\DRIVERS\hidusb.sys [2001-08-18 9600]
R3 HSF_DP;HSF_DP; C:\windows\System32\DRIVERS\HSF_DP.sys [2004-01-22 1041152]
R3 HSFHWICH;HSFHWICH; C:\windows\System32\DRIVERS\HSFHWICH.sys [2004-01-22 197888]
R3 IBMPMDRV;IBMPMDRV; C:\windows\System32\DRIVERS\ibmpmdrv.sys [2003-07-03 11344]
R3 MakoNT;MakoNT; C:\windows\system32\drivers\MakoNT.sys [2006-10-18 76849]
R3 mouhid;Mouse HID Driver; C:\windows\System32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NSCIRDA;NSC Infrared Device Driver; C:\windows\System32\DRIVERS\nscirda.sys [2004-08-04 28672]
R3 rap;rap; C:\windows\System32\drivers\RapDrv.sys [2006-10-18 47697]
R3 Rasirda;WAN Miniport (IrDA); C:\windows\System32\DRIVERS\rasirda.sys [2001-08-18 19584]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\windows\System32\Drivers\RootMdm.sys [2001-08-18 5888]
R3 smwdm;smwdm; C:\windows\system32\drivers\smwdm.sys [2003-10-28 578432]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\System32\DRIVERS\SynTP.sys [2003-11-20 270288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\windows\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\windows\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VComm;Virtual Serial port driver; C:\windows\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\windows\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 w22n51;Intel® PRO/Wireless 2200 Adapter Driver for Windows XP; C:\windows\system32\DRIVERS\w22n51.sys [2004-08-30 3151232]
R3 winachsf;winachsf; C:\windows\System32\DRIVERS\HSF_CNXT.sys [2004-01-22 675840]
R4 black;black; C:\windows\System32\drivers\BlackCat.sys [2006-10-18 196978]
S1 P3;Intel PentiumIII Processor Driver; C:\windows\System32\DRIVERS\p3.sys [2004-08-04 42496]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\windows\system32\drivers\ac97intc.sys [2001-08-18 96256]
S3 AM5211;11b/g Wireless LAN Mini PCI Adapter Service; C:\windows\System32\DRIVERS\am5211.sys [2004-05-03 380000]
S3 Bridge;MAC Bridge; C:\windows\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\windows\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\windows\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2004-08-04 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2004-08-04 274304]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:\windows\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\windows\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 E100B;Intel® PRO Adapter Driver; C:\windows\System32\DRIVERS\e100b325.sys [2001-08-18 117760]
S3 gv3;Intel GV3 Processor Driver; C:\windows\System32\DRIVERS\gv3.sys [2002-11-19 30976]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2008-03-09 101120]
S3 ltmodem5;LT Modem Driver; C:\windows\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\windows\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\windows\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\windows\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nm;Network Monitor Driver; C:\windows\System32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\windows\system32\drivers\npf.sys [2005-08-03 32512]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDIS5.SYS []
S3 pelmouse;Mouse Suite Driver; C:\windows\System32\DRIVERS\pelmouse.sys [2001-01-10 27088]
S3 pelusblf;USB Mouse Low Filter Driver; C:\windows\System32\DRIVERS\pelusblf.sys [2002-04-30 8704]
S3 psadd;IBM PSA Access Driver; \??\C:\WINDOWS\system32\Drivers\psadd.sys []
S3 QCMerced;Logitech QuickCam Express; C:\windows\System32\DRIVERS\LVCM.sys [2002-09-20 472396]
S3 QCNDISIF;QCNDISIF; C:\windows\System32\drivers\qcndisif.SYS [2004-03-12 12288]
S3 RapFile;RapFile; \??\C:\WINDOWS\System32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINDOWS\System32\drivers\RapNet.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 S3SSavage;S3SSavage; C:\windows\System32\DRIVERS\s3ssavm.sys [2001-11-01 95104]
S3 SLIP;BDA Slip De-Framer; C:\windows\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\windows\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\windows\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\windows\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 STIrUsb;SigmaTel USB-IrDA Dongle; C:\windows\System32\DRIVERS\irstusb.sys [2001-08-17 26624]
S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 Tablet2k;Serial Tablet Port Driver; C:\windows\System32\Drivers\Tablet2k.sys [2000-06-13 15370]
S3 TClass2k;Tablet Class Driver; C:\windows\system32\DRIVERS\TClass2k.sys [2003-03-05 23202]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\windows\System32\DRIVERS\TwoTrack.sys [2001-08-18 11520]
S3 UCTblHid;HID Tablet Port Driver; C:\windows\system32\DRIVERS\UCTblHid.sys [2003-03-05 11090]
S3 usbaudio;USB Audio Driver (WDM); C:\windows\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\windows\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\windows\System32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\windows\System32\DRIVERS\usbscan.sys [2004-08-04 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\windows\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\System32\vsdatant.sys []
S3 w70n51;Intel® PRO/Wireless 7100 Adapter Driver; C:\windows\System32\DRIVERS\w70n51.sys [2004-02-11 2479232]
S3 WSTCODEC;World Standard Teletext Codec; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 agpCPQ;Compaq AGP Bus Filter; C:\windows\System32\DRIVERS\agpCPQ.sys [2004-08-04 44928]
S4 alim1541;ALI AGP Bus Filter; C:\windows\System32\DRIVERS\alim1541.sys [2004-08-04 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\windows\System32\DRIVERS\amdagp.sys [2004-08-04 43008]
S4 cbidf;cbidf; C:\windows\System32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 IntelIde;IntelIde; C:\windows\System32\DRIVERS\intelide.sys [2004-08-04 5504]
S4 mchInjDrv;mchInjDrv; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mc2C.tmp []
S4 sisagp;SIS AGP Bus Filter; C:\windows\System32\DRIVERS\sisagp.sys [2004-08-04 41088]
S4 viaagp;VIA AGP Bus Filter; C:\windows\System32\DRIVERS\viaagp.sys [2004-08-04 42240]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\windows\System32\drivers\ws2ifsl.sys [2001-08-18 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-01-04 587096]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\windows\System32\Ati2evxx.exe [2004-02-11 397312]
R2 BlackICE;BlackICE; C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe [2006-10-18 2007382]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:\windows\system32\svchost.exe [2004-08-04 17408]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2005-03-24 54784]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\NUS-VPN\cvpnd.exe [2004-07-22 1433616]
R2 ewido security suite control;ewido security suite control; C:\Program Files\ewido anti-malware\ewidoctrl.exe [2005-11-30 13888]
R2 IBM Rapid Restore Ultra Service;IBM Rapid Restore Ultra Service; C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe [2004-03-20 339968]
R2 IBMPMSVC;IBM PM Service; C:\windows\System32\ibmpmsvc.exe [2003-07-03 57344]
R2 Irmon;Infrared Monitor; C:\windows\System32\svchost.exe [2004-08-04 17408]
R2 ntrtscan;OfficeScanNT RealTime Scan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2004-05-18 540672]
R2 QCONSVC;QCONSVC; C:\windows\System32\QCONSVC.EXE [2004-03-12 73728]
R2 RapApp;RapApp; C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe [2006-10-18 844126]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2004-10-02 122950]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2004-10-02 286787]
R2 tmlisten;OfficeScanNT Listener; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2004-05-18 282710]
R2 TpKmpSVC;IBM KCU Service; C:\WINDOWS\system32\TpKmpSVC.exe [2003-07-12 32768]
R2 VPatch;ISS Buffer Overflow Exploit Prevention; C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe [2006-10-18 426333]
R2 WinTabService;WinTab Service; C:\windows\system32\DRIVERS\WtSrv.exe [2003-09-30 40960]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-28 137200]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-07-22 68096]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PsaSrv;IBM PSA Access Driver Control; C:\WINDOWS\system32\PsaSrv.exe []
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-03 86016]
S4 ewido security suite guard;ewido security suite guard; C:\Program Files\ewido anti-malware\ewidoguard.exe [2005-12-19 151616]

-----------------EOF-----------------

#5 vablativ

vablativ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 05 February 2009 - 11:42 AM

Next, RSIT info.txt:

info.txt logfile of random's system information tool 1.05 2009-02-05 23:54:58

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{B5D8CCBF-08D8-46C0-8B04-3BC0CAEDA094}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.EXE" -l0x9 ControlPanelAnyText
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll<UNINSTALL_CMD> -l0x9 ControlPanelAnyText
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ds max 6 Architectural Materials-->MsiExec.exe /I{DD8C1183-6548-4A43-B9E5-CD0E970751E4}
3ds max 6 Reference Files-->MsiExec.exe /I{BC14A1F6-0511-4360-8351-FB7964979317}
3ds max 6 Sample Files-->MsiExec.exe /I{EC63CD9C-676B-4384-A280-378842B99DCA}
3ds max 6-->MsiExec.exe /I{69E6A869-8B59-4619-A9E9-58DDFA7C05B8}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Access IBM Message Center-->MsiExec.exe /X{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}
Access IBM-->MsiExec.exe /X{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 6.0 Professional-->MsiExec.exe /I{AC76BA86-1033-0000-7760-000000000001}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe InDesign 2.0.2-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\InDesign 2.0\Uninst.isu" -c"C:\Program Files\Adobe\InDesign 2.0\Uninst.dll"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 6.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Adobe Reader Japanese Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5A76-5A64-7E8A45000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
ALO Video Converter 1.2-->"C:\Program Files\ALO SOFT\ALO Video Converter\unins000.exe"
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Audacity 1.2.2-->"C:\Program Files\Audacity\unins000.exe"
AutoCAD 2004-->MsiExec.exe /I{5783F2D7-0201-0409-0002-0060B0CE6BBA}
Autodesk Express Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Bentley MicroStation (V 08.00.01.19) - 1-->"C:\Program Files\InstallShield Installation Information\GUID.exe" -uninstall -guid"{C1303192-F5A0-11D5-8633-00C04F0134D4}_0"
BlueSoleil-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
BroadBand on Mobile-->C:\Program Files\BroadBand on Mobile\uninst.exe
CDex extraction audio-->"C:\Program Files\CDex_150\uninstall.exe"
character studio 4.2-->MsiExec.exe /I{3191ADFC-5BA3-474D-BCBA-1B5615ABFFC1}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DWGSee DWG Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B40DED06-B52E-4970-8689-578D162638ED}\Setup.exe"
EndNote 9-->MsiExec.exe /I{33CE9398-8C1A-11D9-8BDE-F66BAD1E3F3A}
ewido anti-malware-->C:\Program Files\ewido anti-malware\Uninstall.exe
FLV SPLITTER-->"C:\Program Files\GNU\FLVSPLITTER\Uninstall.exe"
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Free Mp3 Wma Converter V 1.4.0-->"C:\Program Files\audio converter\unins000.exe"
Free Video to Mp3 Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to Mp3 Converter\unins000.exe"
GOM Player-->"C:\Program Files\GOMPlayer\Uninstall.exe"
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Hello (remove only)-->"C:\Program Files\Hello\Uninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
Hijackthis 1.99.1-->"C:\Program Files\Hijackthis\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
hp deskjet 3500-->msiexec /x{8FD62EBB-3175-4907-A326-989B14E5C757}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
HT Fireman-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADEBB98C-DCD0-4369-BC4A-71B342CF55B2}\Setup.exe" -l0x9
IBM 32-bit Runtime Environment for Java 2, v1.4.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C72E14A-C1F3-45E5-8810-83CE3C19ED63} /l1033
IBM Access Connections-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22B71A00-4DED-11D4-A5E5-0004AC564F43}\SETUP.EXE" -l0x9 anything
IBM Active Protection System-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{72806716-7088-41B2-8FA6-717A2A164DAB}\SETUP.EXE" -l0x9 anything
IBM DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
IBM Integrated 56K Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014\HXFSETUP.EXE -U -IVEN_8086&DEV_24C6&SUBSYS_05591014 -S -ISFG
IBM RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
IBM Rescue and Recovery with Rapid Restore-->MsiExec.exe /X{11783F13-C3A9-44A8-929B-21A476F65272}
IBM Themes-->MsiExec.exe /I{6CE96A14-61E2-48CC-837E-22710A953ADE}
IBM ThinkPad Battery MaxiMiser and Power Management Features-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unbmm.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsbmm.dll"
IBM ThinkPad Configuration-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNTPUW.ISU -c"C:\Program Files\ThinkPad\Utilities\Tpinswin.dll"
IBM ThinkPad EasyEject Utility -->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\Unezej.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsej.dll"
IBM ThinkPad Keyboard Customizer Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2111B23F-7FDA-4A41-8309-E5A1663CA296}\SETUP.EXE" -l0x9 anything
IBM ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
IBM ThinkPad Presentation Director-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\ThinkPad\UTILIT~1\UNNPDR.isu -c"C:\Program Files\ThinkPad\Utilities\Tpinsnpd.dll"
IBM ThinkPad UltraNav Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
IBM ThinkPad UltraNav Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}\SETUP.EXE" UNINSTALL
IBM TrackPoint Accessibility Features-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA664480-3844-11D5-8C25-444553540000}\SETUP.EXE"
IBM Update Connector-->MsiExec.exe /X{8D815BF3-2399-459C-B121-49373FEFB9E8}
ICQ Toolbar-->regsvr32 /u /s "C:\Program Files\ICQToolbar\toolbaru.dll"
ICQ 4.1-->C:\Program Files\ICQLite\ICQLiteUninstall.EXE
ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE
ImageStation Easy Upload Tools-->C:\Program Files\Easy Upload Tools\UninstallHelper\UninstallHelper.exe
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wireless-->MsiExec.exe /I{5380063E-2909-4d72-BFA3-625881F2E78B}
Intel® Sebring API -->MsiExec.exe /I{56373057-E823-4DDE-98C3-E89AEF7895B8}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iPassConnect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000005553}\setup.exe"
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
LuDC++-->MsiExec.exe /X{2A7F3F3C-C396-4A5E-B06E-25B4FA49DF5B}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" -l0x9 mmUninstall
Macromedia Fireworks MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E583ED6F-BD99-4066-A420-C815BF692B69}\Setup.exe" -l0x9 UNINSTALL
Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x9 UNINSTALL
Macromedia FreeHand MXa-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{939740B5-0064-4779-854A-8C1086181C05}\Setup.exe" -l0x9 UNINSTALL
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
mIRC-->"C:\Program Files\mIRC\mirc.exe" -uninstall
Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"
Mouse Suite-->Pmuninst.exe MouseSuite98
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPEG2 Codec(libmpeg2/mad)-->"C:\Program Files\GNU\MPEG2\Uninstall.exe"
Net Transport 1.87.258-->"C:\Program Files\Xi\NetTransport 2\unins000.exe"
Nokia Connectivity Cable Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}
Nokia PC Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1267949C-73FC-4692-AA22-176F5E909647}
OpD2d-->C:\WINDOWS\unvise32.exe C:\Program Files\OpD2d\uninstal.log
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
QuickTime Alternative 2.8.0-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.7.5 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
SafeCast Shared Components-->C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x9 -removeonly
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
SketchUp 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADAD0FFE-B2C4-4A2C-B4C8-2467B5A25EF0}\Setup.exe" -l0x9
SketchUp 4 Bonus Pack for Architecture-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0800A11-4257-47F0-A6F4-0091DBC389C2}\setup.exe" -l0x9
SketchUp 4 Bonus Pack for Interior Design-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{78491AAA-4955-4ACF-9350-E0B1E425514F}\setup.exe" -l0x9
SketchUp 4 Bonus Pack for Landscape Architecture-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E65D713-931C-4929-B5CE-E2968038468F}\setup.exe" -l0x9
SketchUp 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9421EB49-B1C8-496F-A307-FF0E4F43E6F5}\setup.exe" -l0x9
SketchUp 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B357C4B4-9024-4B64-9B3F-A6729031C3DD}\setup.exe" -l0x9
SketchUp Viewer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AE16DD0-7253-11D5-94D9-0050DA73EEF2}\setup.exe" -l0x9
Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe"
Skype add-on for IE-->rundll32 "C:\Program Files\Skype\Phone\IEPlugin\SkypeIEPlugin.dll",FriendlyUnregisterServer 0
Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
ThinkPad FullScreen Magnifier-->RunDll32 setupapi.dll,InstallHinfSection DefaultUninstall.NT 132 C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.inf
ThinkPad Software Installer-->_tpiu000.exe /U
Trend Micro OfficeScan Client-->"C:\Program Files\Trend Micro\OfficeScan Client\ntrmv.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
TrojanHunter 4.2-->"C:\Program Files\TrojanHunter 4.2\unins000.exe"
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
URL Snooper v2.04.04-->"C:\Program Files\URLSnooper2\unins000.exe"
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
Wallpapers-->MsiExec.exe /I{F386C340-DF4B-4BBA-9503-420FB7EDB395}
WebCam for MSN Messenger-->Rundll32.exe setupapi,InstallHinfSection DefaultUnInstall 128 C:\WINDOWS\INF\Athena.inf
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

FW: Proventia Desktop

System event log

Computer Name: U0205733
Event Code: 20
Message: Printer Driver Canon MF5700 Series for Windows NT x86 Version-3 was added or updated. Files:- CNAR0M_D80D7.DLL, CNAR0MUI_D80D7.DLL, MF5700AK.XPD, CNAR0K_D80D7.HLP, CNAR0809_D80D7.DLL, CNAR0K_D80D7.CNT, MF5700AK.UPD, CNAR80D7.DAT, CNXP0RSX.DLL, CNXP0LOG.DLL, CPC10S.DLL, CPC10D.EXE, CPC10Q.EXE, CPC1UK.DLL, UCS32P.DLL, CNXPTN32.DLL, CNXPVT32.DLL, CNXPCP32.DLL, CPC10E.DLL, CPC1UK.CNT, CPC1UK.HLP, CPC10V.EXE, CNARCM32.DLL, CNARLMNT.DLL, CNLK.PRF.

Record Number: 23311
Source Name: Print
Time Written: 20080627185531.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: U0205733
Event Code: 20
Message: Printer Driver Canon MF5700 Series for Windows NT x86 Version-3 was added or updated. Files:- CNAR0M_D80D7.DLL, CNAR0MUI_D80D7.DLL, MF5700AK.XPD, CNAR0K_D80D7.HLP, CNAR0809_D80D7.DLL, CNAR0K_D80D7.CNT, MF5700AK.UPD, CNAR80D7.DAT, CNXP0RSX.DLL, CNXP0LOG.DLL, CPC10S.DLL, CPC10D.EXE, CPC10Q.EXE, CPC1UK.DLL, UCS32P.DLL, CNXPTN32.DLL, CNXPVT32.DLL, CNXPCP32.DLL, CPC10E.DLL, CPC1UK.CNT, CPC1UK.HLP, CPC10V.EXE, CNARCM32.DLL, CNARLMNT.DLL, CNLK.PRF.

Record Number: 23310
Source Name: Print
Time Written: 20080627184059.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: U0205733
Event Code: 20
Message: Printer Driver Canon MF5700 Series for Windows NT x86 Version-3 was added or updated. Files:- CNAR0M_D80D7.DLL, CNAR0MUI_D80D7.DLL, MF5700AK.XPD, CNAR0K_D80D7.HLP, CNAR0809_D80D7.DLL, CNAR0K_D80D7.CNT, MF5700AK.UPD, CNAR80D7.DAT, CNXP0RSX.DLL, CNXP0LOG.DLL, CPC10S.DLL, CPC10D.EXE, CPC10Q.EXE, CPC1UK.DLL, UCS32P.DLL, CNXPTN32.DLL, CNXPVT32.DLL, CNXPCP32.DLL, CPC10E.DLL, CPC1UK.CNT, CPC1UK.HLP, CPC10V.EXE, CNARCM32.DLL, CNARLMNT.DLL, CNLK.PRF.

Record Number: 23309
Source Name: Print
Time Written: 20080627184058.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: U0205733
Event Code: 20
Message: Printer Driver HP DeskJet 930C/932C/935C for Windows NT x86 Version-3 was added or updated. Files:- UNIDRV.DLL, UNIDRVUI.DLL, HPFDJ930.GPD, UNIDRV.HLP, HPFUD50.DLL, UNIRES.DLL, HPFDJ50.INI, HPFUI50.DLL, HPFIMG50.DLL, HPF900AL.DLL, HPFDJ95X.GPD, HPFDJ97X.GPD, HPFDJ200.HLP, HPFNAM50.GPD, STDNAMES.GPD.

Record Number: 23308
Source Name: Print
Time Written: 20080627004431.000000+480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: U0205733
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 23307
Source Name: Windows Update Agent
Time Written: 20080626170923.000000+480
Event Type: error
User:

Application event log

Computer Name: U0205733
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 5
Source Name: SecurityCenter
Time Written: 20080908124739.000000+480
Event Type: information
User:

Computer Name: U0205733
Event Code: 1
Message: VpatchService: 'C:\Program Files\ISS\issSensors\DesktopProtection\vpatch.exe' authentication successful.

Record Number: 4
Source Name: VPatch
Time Written: 20080908124738.000000+480
Event Type: information
User:

Computer Name: U0205733
Event Code: 1
Message: Rogue Application Monitor started

Record Number: 3
Source Name: RapApp
Time Written: 20080908124737.000000+480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: U0205733
Event Code: 0
Message:
Record Number: 2
Source Name: RegSrvc
Time Written: 20080908124737.000000+480
Event Type: information
User:

Computer Name: U0205733
Event Code: 0
Message:
Record Number: 1
Source Name: IBM Rapid Restore Ultra Service
Time Written: 20080908124732.000000+480
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\PROGRAM FILES\THINKPAD\UTILITIES;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\WINDOWS\Downloaded Program Files;%SystemDrive%\IBMTOOLS\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\backburner 2\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.pyo;.pyc;.py;.pyw
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RRU"=C:\Program Files\IBM\IBM Rapid Restore Ultra\
"PYTHONPATH"=%SystemDrive%\IBMTOOLS\utils\support;%SystemDrive%\IBMTOOLS\utils\logger
"IBMSHARE"=%SystemDrive%\IBMSHARE
"TCL_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tcl8.4
"TK_LIBRARY"=%SystemDrive%\IBMTOOLS\Python22\tcl\tk8.4
"PYTHONCASEOK"=1
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

#6 vablativ

vablativ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 05 February 2009 - 11:45 AM

GMER results attached

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 05 February 2009 - 12:02 PM

Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\WINDOWS\system32\rundll32.dll
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.


Repeat with C:\windows\system32\cftmons.exe file

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:07:43 AM

Posted 18 February 2009 - 05:55 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users