Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

SWP 2009 Demo HELP ASAP please


  • This topic is locked This topic is locked
18 replies to this topic

#1 DavidBaustert

DavidBaustert

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 27 November 2009 - 04:24 PM

Last night after arriving home from thanksgiving I got online and immediately recieved a popup from my task bar saying my computer was at risk. An unfarmiliar program icon appeared in the task bar and began scanning. It was SWP 2009. I've downloaded SAS and Spybot S&D but neither of them are able to update their definitions. What do I need to do to get rid of this mess? Thanks.

Dave

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:48 PM, on 11/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesSymantec AntiVirusSmc.exe
C:Program FilesCommon FilesMicrosoft SharedInkKeyboardSurrogate.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32svchost.exe
c:WINDOWSsystem32lkcitdl.exe
c:WINDOWSsystem32lkads.exe
C:WINDOWSSYSTEM32WISPTIS.EXE
c:WINDOWSsystem32lktsrv.exe
C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSSystem32tabbtnu.exe
C:Program FilesCommon FilesMotiveMcciCMService.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:Program Fileslotusnotesntmulti.exe
C:Program FilesCiscoCisco NAC AgentNACAgent.exe
C:WINDOWSExplorer.EXE
c:Program FilesSharedSecuritynidmsrv.exe
c:WINDOWSsystem32nisvcloc.exe
C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
C:Program FilesCiscoCisco NAC AgentNACAgentUI.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesSymantec AntiVirusRtvscan.exe
C:Program FilesNovellZENworksAsset ManagementbinCClientSvc.exe
C:Program FilesViewpointCommonViewpointService.exe
C:Program FilesNovellZENworksAsset ManagementbinCClient.exe
C:Program FilesCommon FilesMicrosoft SharedInkTCServer.exe
C:Program FilesMicrosoft ActiveSyncwcescomm.exe
C:PROGRA~1MI3AA1~1rapimgr.exe
C:Program FilesSymantec AntiVirusSmcGui.exe
C:Program FileslotusnotesNLNOTES.EXE
C:Program Fileslotusnotesntaskldr.EXE
C:WINDOWSsystem32rundll32.exe
C:Program FilesMicrosoft ActiveSyncWCESMgr.exe
C:WINDOWSSystem32svchost.exe
C:Program FilesWindows Media Playerwmplayer.exe
C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ondemand5.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_02binssv.dll
O4 - HKLM..Run: [yvydqlvv] C:Documents and SettingsbaustedeLocal SettingsApplication Datamfybffalqpsysguard.exe
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe" /background
O4 - HKCU..Run: [Aim6] "C:Program FilesAIM6aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [H/PC Connection Agent] "C:Program FilesMicrosoft ActiveSyncwcescomm.exe"
O4 - HKCU..Run: [yvydqlvv] C:Documents and SettingsbaustedeLocal SettingsApplication Datamfybffalqpsysguard.exe
O4 - HKCU..Run: [SUPERAntiSpyware] C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe
O4 - HKUSS-1-5-18..RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%Local SettingsTemp" (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SYSTEM')
O4 - HKUSS-1-5-18..RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%Local SettingsTemp" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~1MICROS~4Office12EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_02binssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~4Office12ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:PROGRA~1MICROS~4Office12ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:PROGRA~1MI3AA1~1INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~4Office12REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://web-student-1.udayton.edu/iNotes6W.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183123664671
O17 - HKLMSystemCS1ServicesTcpipParameters: SearchList = udayton.edu
O17 - HKLMSystemCCSServicesTcpipParameters: SearchList = udayton.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:Program FilesSUPERAntiSpywareSASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportbinAppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program FilesCommon FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~1SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - c:WINDOWSsystem32lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - c:WINDOWSsystem32lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - c:WINDOWSsystem32lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVCOMSERLVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:Program FilesCommon FilesMotiveMcciCMService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:Program Fileslotusnotesntmulti.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:Program FilesCiscoCisco NAC AgentNACAgent.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - c:Program FilesSharedSecuritynidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - c:Program FilesSharedLicense ManagerBinlmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - c:WINDOWSsystem32nisvcloc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:Program FilesCommon FilesNew BoundaryPrismXLPRISMXL.SYS
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Symantec Corporation - C:Program FilesSymantec AntiVirusSmcLUSetupsmcinst.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:Program FilesSymantec AntiVirusSmc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:Program FilesSymantec AntiVirusSNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:Program FilesSymantec AntiVirusRtvscan.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:Program FilesNovellZENworksAsset ManagementbinCClientSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:Program FilesViewpointCommonViewpointService.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 10481 bytes

Merged posts. ~ OB

Edited by Orange Blossom, 27 November 2009 - 10:36 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:37 AM

Posted 02 December 2009 - 11:10 AM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 DavidBaustert

DavidBaustert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 02 December 2009 - 04:42 PM

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by baustede at 2009-12-02 16:41:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (17%) free of 114 GB
Total RAM: 2046 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:34 PM, on 12/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\lkcitdl.exe
c:\WINDOWS\system32\lkads.exe
c:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Shared\Security\nidmsrv.exe
c:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\lotus\notes\NLNOTES.EXE
C:\Program Files\lotus\notes\ntaskldr.EXE
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Documents and Settings\baustede\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\baustede.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ondemand5.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://web-student-1.udayton.edu/iNotes6W.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183123664671
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = udayton.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = udayton.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - c:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - c:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - c:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - c:\Program Files\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - c:\Program Files\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - c:\WINDOWS\system32\nisvcloc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 10085 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe /background []
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-03-10 115560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\PROGRA~1\MI3AA1~1\wcescomm.exe [2006-06-26 1207080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]
C:\WINDOWS\system32\iprntlgn.exe [2009-06-24 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
C:\WINDOWS\system32\iprntctl.exe [2009-06-24 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NACAgentUI]
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe [2009-06-22 446088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]
C:\WINDOWS\system32\dpmw32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service]
c:\Program Files\Shared\Update Service\BackgroundService.exe [2008-04-03 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
NWTRAY.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-12-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [2005-02-25 68296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-18 688218]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007-06-18 98394]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2005-04-25 271872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
C:\WINDOWS\help\SplshWrp.exe [2004-08-04 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZENRC Tray Icon]
C:\WINDOWS\system32\zentray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Application Explorer.lnk]
C:\PROGRA~1\Novell\ZENworks\NalView.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-19 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2004-08-04 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2006-11-01 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\dpmw32.exe"="C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener"
"C:\Program Files\Maple 11\jre\bin\maple.exe"="C:\Program Files\Maple 11\jre\bin\maple.exe:*:Enabled:Maple 11"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\CCleaner\CCleaner.exe"="C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"
"C:\Program Files\Symantec AntiVirus\SymCorpUI.exe"="C:\Program Files\Symantec AntiVirus\SymCorpUI.exe:*:Enabled:Symantec Endpoint Protection"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpmw32.exe"="C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM and Notification Listener"
"C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe"="C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe:*:Enabled:ZENworks Remote Management agent"
"C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe"="C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe:*:Enabled:Lotus Sametime Connect"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16118eee-730e-11dd-9e49-001b7753c089}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f52ff48a-64cd-11dc-9cb8-001b7753c089}]
shell\AutoRun\command - setupSNK.exe


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-12-02 16:41:22 ----D---- C:\rsit
2009-11-30 00:20:56 ----D---- C:\Program Files\Free Music Zilla
2009-11-27 16:28:54 ----D---- C:\Program Files\Trend Micro
2009-11-27 00:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-27 00:23:13 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-27 00:23:13 ----D---- C:\Documents and Settings\baustede\Application Data\SUPERAntiSpyware.com
2009-11-26 23:48:02 ----D---- C:\b07064b69f0377e73d
2009-11-26 23:46:38 ----SHD---- C:\WINDOWS\CSC
2009-11-26 23:46:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-26 23:44:24 ----D---- C:\239c1203e400d108917e5299
2009-11-18 15:23:47 ----D---- C:\Documents and Settings\baustede\Application Data\SharePod
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\clauth2.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\clauth1.dll
2009-11-12 14:11:48 ----D---- C:\Program Files\WorkingModel2005

======List of files/folders modified in the last 1 months======

2009-12-02 16:41:29 ----D---- C:\WINDOWS\Prefetch
2009-12-02 16:34:12 ----D---- C:\WINDOWS\Temp
2009-12-02 16:29:00 ----SHD---- C:\WINDOWS\Installer
2009-12-02 16:28:47 ----D---- C:\WINDOWS\system32
2009-12-02 16:28:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-02 16:27:05 ----D---- C:\Program Files\Mozilla Firefox
2009-12-02 16:24:38 ----D---- C:\WINDOWS
2009-12-02 13:29:32 ----D---- C:\Documents and Settings\baustede\Application Data\LimeWire
2009-12-01 19:20:49 ----A---- C:\WINDOWS\hpbafd.ini
2009-11-30 19:59:25 ----D---- C:\Program Files\Symantec AntiVirus
2009-11-30 00:21:03 ----D---- C:\Documents and Settings\baustede\Application Data\FMZilla
2009-11-30 00:20:56 ----RD---- C:\Program Files
2009-11-30 00:18:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-30 00:17:56 ----D---- C:\Program Files\Total Video Converter
2009-11-30 00:17:01 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-11-30 00:15:25 ----D---- C:\NDPS
2009-11-28 07:27:02 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-27 17:22:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-27 16:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\CraigsPal
2009-11-27 15:49:30 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-11-27 00:23:16 ----HD---- C:\Config.Msi
2009-11-27 00:22:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-26 23:33:32 ----D---- C:\Program Files\Common Files
2009-11-26 23:31:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-26 23:31:23 ----D---- C:\WINDOWS\system32\drivers
2009-11-26 23:09:53 ----D---- C:\WINDOWS\WinSxS
2009-11-18 15:35:13 ----D---- C:\Documents and Settings\baustede\Application Data\Apple Computer
2009-11-17 05:03:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-16 19:03:51 ----D---- C:\WINDOWS\system32\Macromed
2009-11-10 17:47:34 ----HD---- C:\WINDOWS\inf
2009-11-10 05:01:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-10 05:00:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-05 09:36:22 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 nipplpt2;Novell iCapture Lpt Redirector 2; C:\WINDOWS\system32\drivers\nipplpt.sys [2009-06-24 34592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-03-10 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-03-10 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-03-10 191536]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-10-23 4096]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\System32\Drivers\WGX.SYS [2009-03-10 38056]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R2 WNTHW;WNTHW; \??\C:\WINDOWS\system32\DRIVERS\WNTHW.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-19 1578496]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-14 179200]
R3 FinePnt;FinePoint Innovations HID Driver; C:\WINDOWS\system32\DRIVERS\FpHidDrv.sys [2007-06-18 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-07-26 25624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MSTabBtn;Tablet PC Buttons HID Driver; C:\WINDOWS\system32\DRIVERS\MSTabBtn.sys [2006-06-14 9600]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091202.006\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091202.006\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-06-18 893952]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-06-15 1179784]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-18 185824]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2009-03-10 49536]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-06-18 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2007-06-18 1428096]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-03-21 333620]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 EraserUtilDrvI9;EraserUtilDrvI9; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-15 47360]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
S3 Ser2pl;RadioShack USB to Serial Cable; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-10-20 48640]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-03-10 319792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-03-10 27696]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-19 409600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-10 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-10 108392]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LkCitadelServer;Lookout Citadel Server; c:\WINDOWS\system32\lkcitdl.exe [2007-11-27 695136]
R2 lkClassAds;National Instruments PSP Server Locator; c:\WINDOWS\system32\lkads.exe [2007-11-27 40488]
R2 lkTimeSync;National Instruments Time Synchronization; c:\WINDOWS\system32\lktsrv.exe [2007-11-27 50736]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-01-26 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2006-09-27 53248]
R2 NACAgent;Cisco NAC Agent; C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe [2009-06-22 715400]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NIDomainService;National Instruments Domain Service; c:\Program Files\Shared\Security\nidmsrv.exe [2007-11-27 213552]
R2 niSvcLoc;NI Service Locator; c:\WINDOWS\system32\nisvcloc.exe [2007-07-19 48704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-06-29 196608]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec AntiVirus\Smc.exe [2009-03-10 1799496]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2009-03-10 2440120]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client; C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe [2007-08-31 49152]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-09-06 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-26 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-12-10 3093880]
S3 NILM License Manager;NILM License Manager; c:\Program Files\Shared\License Manager\Bin\lmgrd.exe [2007-01-29 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Smcinst;Symantec Auto-upgrade Agent; C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe [2009-12-02 669000]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2009-03-10 320840]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Lotus Notes Single Logon;Lotus Notes Single Logon; C:\Program Files\lotus\notes\nslsvice.exe [2006-09-27 7680]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.06 2009-12-02 16:41:38

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BD4FF5E7-06CA-41E1-AFC1-CCA8F5B686B5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AEMPro-->C:\PROGRA~1\AEM\UNWISE.EXE C:\PROGRA~1\AEM\INSTALL.LOG
Agilix GoBinder Lite-->MsiExec.exe /I{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alarm 2.0.2-->"C:\Program Files\Alarm\unins000.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{75E72BD0-6133-43BB-BFA4-87221FC6DC94}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
ATT-PRT22-->C:\PROGRA~1\ATT-PR~1\UNWISE.EXE C:\PROGRA~1\ATT-PR~1\INSTALL.LOG
AutoCAD 2010 - English-->C:\Program Files\AutoCAD 2010\Setup\Setup.exe /P {5783F2D7-8001-0409-0002-0060B0CE6BBA} /M ACAD /language en-US
AutoCAD 2010 - English-->C:\Program Files\AutoCAD 2010\Setup\Setup.exe /P {5783F2D7-8001-0409-0002-0060B0CE6BBA} /M ACAD /language en-US
Autodesk Inventor Professional 2008-->MsiExec.exe /I{7F4DD591-1200-0409-0000-7107D70F3DB4}
Autodesk Mechanical Desktop 2008-->C:\Program Files\Autodesk\MDT 2008\Setup\Setup.exe /P {5783F2D7-6013-0409-0002-0060B0CE6BBA} /M MDT
Bonjour Core for Windows-->MsiExec.exe /I{56DF5C9E-6392-46D3-B366-297B14E1DAAF}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Cisco NAC Agent -->MsiExec.exe /X{3AE76A6A-DE52-4920-9814-905CA5551C2D}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DIYAutoTune's Tuning Software Package - MT225P3 061208-->"C:\Program Files\MegaSquirt\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
EasyTherm4f-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\EasyTherm\ST6UNST.LOG"
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
Free Music Zilla-->"C:\Program Files\Free Music Zilla\unins000.exe"
FTDI USB Serial Converter Drivers-->C:\WINDOWS\system32\ftdiunin.exe C:\WINDOWS\system32\ftdiun2k.ini
HijackThis 2.0.2-->"C:\Documents and Settings\baustede\Desktop\HijackThis.exe" /uninstall
HI-TECH C51-lite V9.60PL0-->"C:\Program Files\HI-TECH Software\HC51\lite\9.60\resources\setup.exe"
HI-TECH PICC lite V9.60PL0-->"C:\Program Files\HI-TECH Software\PICC\lite\9.60\resources\setup.exe"
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for MSXML 2 (KB887606)-->"C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB319740)-->"C:\WINDOWS\$NtUninstallKB319740$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB889527)-->"C:\WINDOWS\$NtUninstallKB889527$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895953)-->"C:\WINDOWS\$NtUninstallKB895953$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB897338)-->"C:\WINDOWS\$NtUninstallKB897338$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB898900)-->"C:\WINDOWS\$NtUninstallKB898900$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB903234)-->"C:\WINDOWS\$NtUninstallKB903234$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB904412)-->"C:\WINDOWS\$NtUninstallKB904412$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB907865)-->"C:\WINDOWS\$NtUninstallKB907865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB909394)-->"C:\WINDOWS\$NtUninstallKB909394$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912461)-->"C:\WINDOWS\$NtUninstallKB912461$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912817)-->"C:\WINDOWS\$NtUninstallKB912817$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB913538)-->"C:\WINDOWS\$NtUninstallKB913538$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB917021)-->"C:\WINDOWS\$NtUninstallKB917021$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB918005)-->"C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB918093)-->"C:\WINDOWS\$NtUninstallKB918093$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB918997)-->"C:\WINDOWS\$NtUninstallKB918997$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB924867)-->"C:\WINDOWS\$NtUninstallKB924867$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB924941)-->"C:\WINDOWS\$NtUninstallKB924941$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB927544)-->"C:\WINDOWS\$NtUninstallKB927544$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Deskjet 3900 series-->C:\Program Files\HP\Digital Imaging\{3819891A-030B-4a4e-98ED-B28A649E48AB}\setup\hpzscr01.exe -datfile hpfscr05.dat
HP Deskjet All-In-One Software 8.0-->C:\Program Files\HP\Digital Imaging\{24557DC0-0839-496f-82F9-C4EB72EFE4FA}\setup\hpzscr01.exe -datfile hposcr12.dat
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IBM Lotus Sametime Connect 7.5.1-->MsiExec.exe /X{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}
Ink Art-->MsiExec.exe /I{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443}
Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Intel® PRO Network Connections Drivers-->Prounstl.exe
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JAW Deploy 1.15-->"C:\Program Files\JAW Deploy\unins000.exe"
LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech QuickCam Driver Package-->"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe" -remove -instdir"C:\Program Files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\" -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkey"lvdrivers_11.80" /clone_wait /hide_progress
Logitech QuickCam-->MsiExec.exe /X{3AF8FCCD-F51A-4014-9002-F195E1CBC876}
LogWorks3-->"C:\WINDOWS\LogWorks3 Uninstaller.exe"
Lotus Notes 7.0.2-->MsiExec.exe /I{3DFB275E-92F1-4D4A-A546-C5475917FA41}
Macromedia Authorware Web Player-->C:\WINDOWS\system32\Macromed\AUTHORWA\UNWISE.EXE C:\WINDOWS\system32\Macromed\AUTHORWA\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MegaLogViewer-->MsiExec.exe /I{83DD1F73-644C-42DE-9951-D9996C486530}
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Hotfix (KB925168)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M925168\M925168Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Education Pack for Windows XP Tablet PC Edition-->MsiExec.exe /I{40FFC202-F842-44C7-ACBE-8B0EA690B1A3}
Microsoft Ink Crossword-->MsiExec.exe /I{1759CACC-6CF9-4C3C-92C5-39668679AB17}
Microsoft Ink Desktop-->MsiExec.exe /I{0759CACC-6CF9-4C3C-92C5-39668679AB16}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007 Get Started Tab-->MsiExec.exe /I{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Word 2007 Get Started Tab-->MsiExec.exe /I{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Snipping Tool 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8853C080-7F5C-4020-B663-C57FE29BB858}\setup.exe" -l0x9 -removeonly
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola SM56 Data Fax Modem-->rundll32.exe sm56coin.dll,SM56UnInstaller
Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
National Instruments Software-->"c:\Program Files\Shared\NIUninstaller\uninst.exe"
Nero 7 Essentials-->MsiExec.exe /I{35BABCAD-0593-9B89-D6A6-A48F19781033}
NIStune 0.9.3.6.1-->"C:\Program Files\NIStune\unins000.exe"
Novell iPrint Client v05.20.00-->C:\WINDOWS\system32\iprint\setupipp.exe /uninstall
Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
RealPlayer Enterprise-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealOneEnt|6.0
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Skype™ Beta 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033
TunerPro RT v4.14-->"C:\Program Files\TunerPro RT\unins000.exe"
TunerPro v4.14-->"C:\Program Files\TunerPro\unins000.exe"
TunerStudioMS-->MsiExec.exe /I{2F0F483C-0861-4639-B4F0-546EB51052EF}
Undelete Plus 2.95-->"C:\Program Files\TouchStoneSoftware\UndeletePlus\unins000.exe"
uninstall-->"C:\Program Files\MegaSquirt\MegaTune2.25\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Office 2007 (KB932080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe"
Update for Windows XP (KB897663)-->"C:\WINDOWS\$NtUninstallKB897663$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB907265)-->"C:\WINDOWS\$NtUninstallKB907265$\spuninst\spuninst.exe"
Update for Windows XP (KB908521)-->"C:\WINDOWS\$NtUninstallKB908521$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB916846)-->"C:\WINDOWS\$NtUninstallKB916846$\spuninst\spuninst.exe"
Update for Windows XP (KB920142)-->"C:\WINDOWS\$NtUninstallKB920142$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922120)-->"C:\WINDOWS\$NtUninstallKB922120$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
WIBU-KEY Setup (WIBU-KEY Remove)-->C:\Program Files\WIBUKEY\Setup\SETUP32.EXE /R:{00060000-0000-1004-8002-0000C06B5161}
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInstx86.exe /u C:\WINDOWS\system32\DRVSTORE\ftdibus_F9D1F4910991ABE4918AD2ABF2DAB8068EFDFB3C\ftdibus.inf
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInstx86.exe /u C:\WINDOWS\system32\DRVSTORE\ftdiport_745D520DF638303276F55060BD180F0C477D1727\ftdiport.inf
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstx86.exe /u C:\WINDOWS\system32\DRVSTORE\ftdibus_1EFE8ACE84BF7FF75302177777293E12CA62079A\ftdibus.inf
Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInstx86.exe /u C:\WINDOWS\system32\DRVSTORE\ftdiport_E3FE268552211CE3257EFBEE0E69543753506151\ftdiport.inf
Windows Driver Package - Intel (w29n51) net (09/12/2005 9.0.3.9)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\w29n51_B4DB085D140C6265DCA5E78CC26122444CD2D577\w29n51.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB884020-->C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
Windows XP Hotfix - KB884883-->"C:\WINDOWS\$NtUninstallKB884883$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885222-->"C:\WINDOWS\$NtUninstallKB885222$\spuninst\spuninst.exe"
Windows XP Hotfix - KB885453-->C:\WINDOWS\$NtUninstallKB885453$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB886677-->C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Windows XP Hotfix - KB886716-->"C:\WINDOWS\$NtUninstallKB886716$\spuninst\spuninst.exe"
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB889673-->C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB894395-->"C:\WINDOWS\$NtUninstallKB894395$\spuninst\spuninst.exe"
Windows XP Hotfix - KB896626-->"C:\WINDOWS\$NtUninstallKB896626$\spuninst\spuninst.exe"
Write-N-Cite-->C:\PROGRA~1\Refworks\UNWISE.EXE C:\PROGRA~1\Refworks\INSTALL.LOG

=====HijackThis Backups=====

O4 - HKLM\..\Run: [yvydqlvv] C:\Documents and Settings\baustede\Local Settings\Application Data\mfybff\alqpsysguard.exe [2009-11-30]
O4 - HKCU\..\Run: [yvydqlvv] C:\Documents and Settings\baustede\Local Settings\Application Data\mfybff\alqpsysguard.exe [2009-11-30]

======Security center information======

AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection

======System event log======

Computer Name: BAUSTEDE-WS
Event Code: 1002
Message: The IP address lease 64.93.245.54 for the Network Card with network address 001B7753C089 has been
denied by the DHCP server 10.254.254.5 (The DHCP Server sent a DHCPNACK message).

Record Number: 62086
Source Name: Dhcp
Time Written: 20091112145127.000000-300
Event Type: error
User:

Computer Name: BAUSTEDE-WS
Event Code: 32003
Message: The Network Address Translator (NAT) was unable to request an operation
of the kernel-mode translation module.
This may indicate misconfiguration, insufficient resources, or
an internal error.
The data is the error code.

Record Number: 62073
Source Name: ipnathlp
Time Written: 20091112140021.000000-300
Event Type: error
User:

Computer Name: BAUSTEDE-WS
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001B7753C089. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 62072
Source Name: Dhcp
Time Written: 20091112140021.000000-300
Event Type: warning
User:

Computer Name: BAUSTEDE-WS
Event Code: 1002
Message: The IP address lease 192.168.1.100 for the Network Card with network address 001B7753C089 has been
denied by the DHCP server 10.10.75.100 (The DHCP Server sent a DHCPNACK message).

Record Number: 62051
Source Name: Dhcp
Time Written: 20091112110245.000000-300
Event Type: error
User:

Computer Name: BAUSTEDE-WS
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 001B7753C089. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 62038
Source Name: Dhcp
Time Written: 20091112092057.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: BAUSTEDE-WS
Event Code: 13
Message:
LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Record Number: 2903
Source Name: SescLU
Time Written: 20091020145242.000000-240
Event Type: error
User:

Computer Name: BAUSTEDE-WS
Event Code: 10005
Message: Product: Symantec Endpoint Protection -- Symantec Endpoint Protection has detected that there are pending system changes that require a reboot. Please reboot the system and rerun the installation.

Record Number: 2899
Source Name: MsiInstaller
Time Written: 20091020134906.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BAUSTEDE-WS
Event Code: 10005
Message: Product: Symantec Endpoint Protection -- Symantec Endpoint Protection has detected that there are pending system changes that require a reboot. Please reboot the system and rerun the installation.

Record Number: 2878
Source Name: MsiInstaller
Time Written: 20091020112647.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BAUSTEDE-WS
Event Code: 1001
Message: Detection of product '{5783F2D7-8001-0409-0002-0060B0CE6BBA}', feature 'MS_Core' failed during request for component '{FC3E0B6E-F62B-11D1-B144-00C04F990B2B}'

Record Number: 2859
Source Name: MsiInstaller
Time Written: 20091020093003.000000-240
Event Type: warning
User: BAUSTEDE-WS\baustede

Computer Name: BAUSTEDE-WS
Event Code: 1004
Message: Detection of product '{5783F2D7-8001-0409-0002-0060B0CE6BBA}', feature 'P', component '{488ECE06-420F-4538-AF28-AA2F69FD7E6B}' failed. The resource 'C:\Program Files\Common Files\Autodesk Shared\AcIpps16.dll' does not exist.

Record Number: 2858
Source Name: MsiInstaller
Time Written: 20091020093003.000000-240
Event Type: warning
User: BAUSTEDE-WS\baustede

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\program files\ati technologies\ati.ace;c:\program files\novell\zenworks;c:\program files\autodesk\dwg trueview;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"UDManufacturer"=Gateway
"UDModel"=Tablet
"UDTerm"=Aug
"UDYear"=2007
"UDSerial"=0039431773
"OMP_NUM_THREADS"=2
"KMP_DUPLICATE_LIB_OK"=TRUE
"MKL_SERIAL"=YES
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"LSHOST"=wmlic.engr.udayton.edu
"LSPORT"=5093

-----------------EOF-----------------


thanks

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:37 AM

Posted 02 December 2009 - 05:34 PM

Hi,

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 DavidBaustert

DavidBaustert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 02 December 2009 - 06:15 PM

MBAM would not update but here is the log:

Malwarebytes' Anti-Malware 1.30
Database version: 1423
Windows 5.1.2600 Service Pack 2

12/2/2009 6:01:47 PM
mbam-log-2009-12-02 (18-01-47).txt

Scan type: Quick Scan
Objects scanned: 64396
Time elapsed: 8 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Also when I went to run the second program I got blue screened twice. I shut my anti virus off and disconnected from the internet as well as closed all programs. Is there a solution to this?

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:37 AM

Posted 03 December 2009 - 09:45 AM

Go here and download MBAM offline database file, then update Malwarebytes and run another scan.


Please try running Gmer again, this time untick the following boxes on the right side of the Gmer screen.

Sections
IAT/EAT
Show All

If it still doesn't work try it in safe mode.

unite.jpg


#7 DavidBaustert

DavidBaustert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 03 December 2009 - 01:42 PM

Logfile of random's system information tool 1.06 (written by random/random)
Run by baustede at 2009-12-03 13:37:34
Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (17%) free of 114 GB
Total RAM: 2046 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:37:36 PM, on 12/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\lkcitdl.exe
c:\WINDOWS\system32\lkads.exe
c:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
c:\Program Files\Shared\Security\nidmsrv.exe
c:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\baustede\Desktop\Un Used Stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\baustede.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ondemand5.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://web-student-1.udayton.edu/iNotes6W.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183123664671
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = udayton.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = udayton.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - c:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - c:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - c:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - c:\Program Files\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - c:\Program Files\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - c:\WINDOWS\system32\nisvcloc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 10118 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-09-10 420176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe /background []
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-03-10 115560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\PROGRA~1\MI3AA1~1\wcescomm.exe [2006-06-26 1207080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]
C:\WINDOWS\system32\iprntlgn.exe [2009-06-24 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
C:\WINDOWS\system32\iprntctl.exe [2009-06-24 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NACAgentUI]
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe [2009-06-22 446088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]
C:\WINDOWS\system32\dpmw32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service]
c:\Program Files\Shared\Update Service\BackgroundService.exe [2008-04-03 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
NWTRAY.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-12-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [2005-02-25 68296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-18 688218]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007-06-18 98394]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2005-04-25 271872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
C:\WINDOWS\help\SplshWrp.exe [2004-08-04 16384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZENRC Tray Icon]
C:\WINDOWS\system32\zentray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Application Explorer.lnk]
C:\PROGRA~1\Novell\ZENworks\NalView.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-19 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2004-08-04 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2006-11-01 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\dpmw32.exe"="C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener"
"C:\Program Files\Maple 11\jre\bin\maple.exe"="C:\Program Files\Maple 11\jre\bin\maple.exe:*:Enabled:Maple 11"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\CCleaner\CCleaner.exe"="C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"
"C:\Program Files\Symantec AntiVirus\SymCorpUI.exe"="C:\Program Files\Symantec AntiVirus\SymCorpUI.exe:*:Enabled:Symantec Endpoint Protection"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpmw32.exe"="C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM and Notification Listener"
"C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe"="C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe:*:Enabled:ZENworks Remote Management agent"
"C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe"="C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe:*:Enabled:Lotus Sametime Connect"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16118eee-730e-11dd-9e49-001b7753c089}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f52ff48a-64cd-11dc-9cb8-001b7753c089}]
shell\AutoRun\command - setupSNK.exe


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-12-02 16:41:22 ----D---- C:\rsit
2009-11-30 00:20:56 ----D---- C:\Program Files\Free Music Zilla
2009-11-27 16:28:54 ----D---- C:\Program Files\Trend Micro
2009-11-27 00:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-27 00:23:13 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-27 00:23:13 ----D---- C:\Documents and Settings\baustede\Application Data\SUPERAntiSpyware.com
2009-11-26 23:48:02 ----D---- C:\b07064b69f0377e73d
2009-11-26 23:46:38 ----SHD---- C:\WINDOWS\CSC
2009-11-26 23:46:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-26 23:44:24 ----D---- C:\239c1203e400d108917e5299
2009-11-18 15:23:47 ----D---- C:\Documents and Settings\baustede\Application Data\SharePod
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\clauth2.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\clauth1.dll
2009-11-12 14:11:48 ----D---- C:\Program Files\WorkingModel2005

======List of files/folders modified in the last 1 months======

2009-12-03 13:37:06 ----D---- C:\WINDOWS\Temp
2009-12-03 13:36:20 ----D---- C:\WINDOWS\Prefetch
2009-12-03 10:05:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-03 10:05:52 ----D---- C:\WINDOWS\system32\drivers
2009-12-03 10:03:51 ----D---- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2009-12-03 09:54:43 ----D---- C:\Program Files\Mozilla Firefox
2009-12-03 09:02:21 ----D---- C:\WINDOWS\system32
2009-12-03 09:02:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-02 18:26:44 ----SHD---- C:\WINDOWS\Installer
2009-12-02 18:10:07 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-02 18:09:20 ----D---- C:\WINDOWS
2009-12-02 18:08:55 ----D---- C:\WINDOWS\Minidump
2009-12-02 16:55:08 ----A---- C:\WINDOWS\hpbafd.ini
2009-12-02 16:55:07 ----D---- C:\NDPS
2009-12-02 13:29:32 ----D---- C:\Documents and Settings\baustede\Application Data\LimeWire
2009-11-30 19:59:25 ----D---- C:\Program Files\Symantec AntiVirus
2009-11-30 00:21:03 ----D---- C:\Documents and Settings\baustede\Application Data\FMZilla
2009-11-30 00:20:56 ----RD---- C:\Program Files
2009-11-30 00:18:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-30 00:17:56 ----D---- C:\Program Files\Total Video Converter
2009-11-30 00:17:01 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-11-27 17:22:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-27 16:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\CraigsPal
2009-11-27 15:49:30 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-11-27 00:23:16 ----HD---- C:\Config.Msi
2009-11-27 00:22:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-26 23:33:32 ----D---- C:\Program Files\Common Files
2009-11-26 23:31:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-26 23:09:53 ----D---- C:\WINDOWS\WinSxS
2009-11-18 15:35:13 ----D---- C:\Documents and Settings\baustede\Application Data\Apple Computer
2009-11-17 05:03:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-16 19:03:51 ----D---- C:\WINDOWS\system32\Macromed
2009-11-10 17:47:34 ----HD---- C:\WINDOWS\inf
2009-11-10 05:01:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-10 05:00:44 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-05 09:36:22 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 nipplpt2;Novell iCapture Lpt Redirector 2; C:\WINDOWS\system32\drivers\nipplpt.sys [2009-06-24 34592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-03-10 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-03-10 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-03-10 191536]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-10-23 4096]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\System32\Drivers\WGX.SYS [2009-03-10 38056]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R2 WNTHW;WNTHW; \??\C:\WINDOWS\system32\DRIVERS\WNTHW.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-19 1578496]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-14 179200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FinePnt;FinePoint Innovations HID Driver; C:\WINDOWS\system32\DRIVERS\FpHidDrv.sys [2007-06-18 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-07-26 25624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MSTabBtn;Tablet PC Buttons HID Driver; C:\WINDOWS\system32\DRIVERS\MSTabBtn.sys [2006-06-14 9600]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091202.024\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091202.024\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-06-18 893952]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-06-15 1179784]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-18 185824]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2009-03-10 49536]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-06-18 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2007-06-18 1428096]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-03-21 333620]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 fwryiuog;fwryiuog; \??\C:\DOCUME~1\baustede\LOCALS~1\Temp\fwryiuog.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-15 47360]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
S3 Ser2pl;RadioShack USB to Serial Cable; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-10-20 48640]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-03-10 319792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-03-10 27696]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-19 409600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-10 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-10 108392]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LkCitadelServer;Lookout Citadel Server; c:\WINDOWS\system32\lkcitdl.exe [2007-11-27 695136]
R2 lkClassAds;National Instruments PSP Server Locator; c:\WINDOWS\system32\lkads.exe [2007-11-27 40488]
R2 lkTimeSync;National Instruments Time Synchronization; c:\WINDOWS\system32\lktsrv.exe [2007-11-27 50736]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-01-26 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2006-09-27 53248]
R2 NIDomainService;National Instruments Domain Service; c:\Program Files\Shared\Security\nidmsrv.exe [2007-11-27 213552]
R2 niSvcLoc;NI Service Locator; c:\WINDOWS\system32\nisvcloc.exe [2007-07-19 48704]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-06-29 196608]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec AntiVirus\Smc.exe [2009-03-10 1799496]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2009-03-10 2440120]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client; C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe [2007-08-31 49152]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 NACAgent;Cisco NAC Agent; C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe [2009-06-22 715400]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-09-06 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-26 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-12-10 3093880]
S3 NILM License Manager;NILM License Manager; c:\Program Files\Shared\License Manager\Bin\lmgrd.exe [2007-01-29 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Smcinst;Symantec Auto-upgrade Agent; C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe [2009-12-02 669000]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2009-03-10 320840]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Lotus Notes Single Logon;Lotus Notes Single Logon; C:\Program Files\lotus\notes\nslsvice.exe [2006-09-27 7680]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------


GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-03 13:35:54
Windows 5.1.2600 Service Pack 2
Running: 91sxek0w.exe; Driver: C:\DOCUME~1\baustede\LOCALS~1\Temp\fwryiuog.sys


---- System - GMER 1.0.15 ----

SSDT 893F5B28 ZwAlertResumeThread
SSDT 88EE4E68 ZwAlertThread
SSDT 8A34BEB0 ZwAllocateVirtualMemory
SSDT 887BF150 ZwConnectPort
SSDT 88EE65D8 ZwCreateMutant
SSDT 88F0DC40 ZwCreateThread
SSDT 8A34A4A8 ZwFreeVirtualMemory
SSDT 892D22B8 ZwImpersonateAnonymousToken
SSDT 8A35F200 ZwImpersonateThread
SSDT 892F1DA8 ZwMapViewOfSection
SSDT 893E75B8 ZwOpenEvent
SSDT 893190B8 ZwOpenProcessToken
SSDT 89A0CFC0 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xA79DC840]
SSDT 88757040 ZwResumeThread
SSDT 8879CB78 ZwSetContextThread
SSDT 89A05D00 ZwSetInformationProcess
SSDT 88694CA0 ZwSetInformationThread
SSDT 893BDB00 ZwSuspendProcess
SSDT 8876C2D0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA73220B0]
SSDT 88790108 ZwTerminateThread
SSDT 88759480 ZwUnmapViewOfSection
SSDT 89A08850 ZwWriteVirtualMemory

INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A4D6716D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) A4D66FC2

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\SYMTDI \Device\SymTDI wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

12/3/2009 10:13:27 AM
mbam-log-2009-12-03 (10-13-27).txt

Scan type: Quick Scan
Objects scanned: 112360
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:37 AM

Posted 03 December 2009 - 06:59 PM

Can you tell me what problems you are currently having?

Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box

    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.

unite.jpg


#9 DavidBaustert

DavidBaustert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 03 December 2009 - 07:59 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
kernel: MBR read successfully
user & kernel MBR OK

I use firefox as my current browser but I cannot get IE to connect to the internet and none of my anti virus or malware will update. I'll get errors suchs as "cannot connect to 127.0.0.1 (my computer I'm assuming) and server connect errors. I went through and found where the SWP2009 added files and deleted them before I came to you for help. My firewalls have exceptions for the programs but they still won't connect. I fear something has gone wrong in the computer. I'm not sure what to do really. Thanks again for all your help.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:37 AM

Posted 05 December 2009 - 12:43 PM

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.
You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Reg
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "KernelFaultCheck"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZENRC Tray Icon]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Application Explorer.lnk]
    :Files
    C:\Documents and Settings\baustede\Local Settings\Application Data\mfybff
    :Commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Download Security Check by screen317 from here or here.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt.
Please post the contents of that document.


Please post back here with the following logs:
  • OTM results
  • checkup.txt
  • New Rsit log
Thanks

Edited by syler, 06 December 2009 - 07:06 AM.

unite.jpg


#11 DavidBaustert

DavidBaustert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 06 December 2009 - 01:12 PM

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZENRC Tray Icon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Application Explorer.lnk\ deleted successfully.
========== FILES ==========
File/Folder C:\Documents and Settings\baustede\Local Settings\Application Data\mfybff not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: baustede
->Temp folder emptied: 4521904 bytes
->Temporary Internet Files folder emptied: 4895422 bytes
->Java cache emptied: 15742711 bytes
->FireFox cache emptied: 96718438 bytes
->Apple Safari cache emptied: 74941320 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 5451737 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12674722 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 111826 bytes
RecycleBin emptied: 1279179 bytes

Total Files Cleaned = 206.40 mb


OTM by OldTimer - Version 3.1.2.2 log created on 12062009_130218

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_b58.dat not found!

Registry entries deleted on Reboot...


Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 2
Out of date service pack!!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec Endpoint Protection
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware Free Edition
HijackThis 2.0.2
CCleaner (remove only)
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Japanese Fonts Support For Adobe Reader 8
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Symantec AntiVirus Smc.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus SmcGui.exe
``````````````````````````````
DNS Vulnerability Check:

Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````


Logfile of random's system information tool 1.06 (written by random/random)
Run by baustede at 2009-12-06 13:10:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 21 GB (18%) free of 114 GB
Total RAM: 2046 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:11:01 PM, on 12/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\ctfmon.exe
c:\WINDOWS\system32\lkads.exe
C:\WINDOWS\Explorer.EXE
c:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Shared\Security\nidmsrv.exe
c:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
C:\Program Files\Novell\ZENworks\Asset Management\bin\CClient.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\baustede\Desktop\Un Used Stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\baustede.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ondemand5.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_02] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlpo_03] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlpo_01] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'Default user')
O4 - S-1-5-18 Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://web-student-1.udayton.edu/iNotes6W.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1183123664671
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = udayton.edu
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = udayton.edu
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - c:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments Corporation - c:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments Corporation - c:\WINDOWS\system32\lktsrv.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments Corporation - c:\Program Files\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - c:\Program Files\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - c:\WINDOWS\system32\nisvcloc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec Auto-upgrade Agent (Smcinst) - Unknown owner - C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ZENworks Asset Management - Collection Client (TSCensus Collection Client) - Novell, Inc. - C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe
O24 - Desktop Component 0: Ink Desktop - {80E95280-2D38-3CB8-A215-FB5F14C4343E}

--
End of file - 10334 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll [2007-07-12 501136]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Aim6"=C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-06-26 1207080]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2009-05-19 49968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-03-10 115560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
C:\PROGRA~1\MI3AA1~1\wcescomm.exe [2006-06-26 1207080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]
C:\WINDOWS\system32\iprntlgn.exe [2009-06-24 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
C:\WINDOWS\system32\iprntctl.exe [2009-06-24 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NACAgentUI]
C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe [2009-06-22 446088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service]
c:\Program Files\Shared\Update Service\BackgroundService.exe [2008-04-03 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-12-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [2005-02-25 68296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-06-18 688218]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2007-06-18 98394]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2005-04-25 271872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
C:\WINDOWS\help\SplshWrp.exe [2004-08-04 16384]

C:\Documents and Settings\baustede\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-19 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey]
C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2004-08-04 47104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL]
C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify]
C:\WINDOWS\system32\tpgwlnot.dll [2006-11-01 32256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"AllowLegacyWebView"=
"AllowUnhashedWebView"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\dpmw32.exe"="C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM & Notification Listener"
"C:\Program Files\Maple 11\jre\bin\maple.exe"="C:\Program Files\Maple 11\jre\bin\maple.exe:*:Enabled:Maple 11"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Symantec AntiVirus\Smc.exe"="C:\Program Files\Symantec AntiVirus\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec AntiVirus\SNAC.EXE"="C:\Program Files\Symantec AntiVirus\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\CCleaner\CCleaner.exe"="C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe:*:Enabled:SUPERAntiSpyware Free Edition"
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"
"C:\Program Files\Symantec AntiVirus\SymCorpUI.exe"="C:\Program Files\Symantec AntiVirus\SymCorpUI.exe:*:Enabled:Symantec Endpoint Protection"
"C:\Program Files\Free Music Zilla\FMZilla.exe"="C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpmw32.exe"="C:\WINDOWS\system32\dpmw32.exe:*:Enabled:NDPS RPM and Notification Listener"
"C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe"="C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe:*:Enabled:ZENworks Remote Management agent"
"C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe"="C:\Program Files\IBM\Sametime Connect\jre\bin\sametime75.exe:*:Enabled:Lotus Sametime Connect"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16118eee-730e-11dd-9e49-001b7753c089}]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f52ff48a-64cd-11dc-9cb8-001b7753c089}]
shell\AutoRun\command - setupSNK.exe


======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-12-06 13:02:18 ----D---- C:\_OTM
2009-12-06 13:01:01 ----D---- C:\Program Files\ERUNT
2009-12-02 16:41:22 ----D---- C:\rsit
2009-11-30 00:20:56 ----D---- C:\Program Files\Free Music Zilla
2009-11-27 16:28:54 ----D---- C:\Program Files\Trend Micro
2009-11-27 00:23:18 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-27 00:23:13 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-27 00:23:13 ----D---- C:\Documents and Settings\baustede\Application Data\SUPERAntiSpyware.com
2009-11-26 23:48:02 ----D---- C:\b07064b69f0377e73d
2009-11-26 23:46:38 ----SHD---- C:\WINDOWS\CSC
2009-11-26 23:46:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-26 23:44:24 ----D---- C:\239c1203e400d108917e5299
2009-11-18 15:23:47 ----D---- C:\Documents and Settings\baustede\Application Data\SharePod
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\ssprs.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\grcauth2.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\grcauth1.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\clauth2.dll
2009-11-12 14:13:11 ----A---- C:\WINDOWS\system32\clauth1.dll
2009-11-12 14:11:48 ----D---- C:\Program Files\WorkingModel2005

======List of files/folders modified in the last 1 months======

2009-12-06 13:10:31 ----D---- C:\WINDOWS\Temp
2009-12-06 13:09:46 ----D---- C:\WINDOWS\Prefetch
2009-12-06 13:08:32 ----D---- C:\WINDOWS\system32
2009-12-06 13:08:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-12-06 13:06:41 ----D---- C:\Program Files\Mozilla Firefox
2009-12-06 13:04:54 ----D---- C:\WINDOWS\ERDNT
2009-12-06 13:04:33 ----D---- C:\WINDOWS
2009-12-06 13:02:51 ----D---- C:\WINDOWS\system32\CatRoot2
2009-12-06 13:02:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-12-06 13:01:01 ----RD---- C:\Program Files
2009-12-06 02:43:14 ----A---- C:\WINDOWS\hpbafd.ini
2009-12-04 11:24:32 ----D---- C:\Program Files\Symantec AntiVirus
2009-12-04 10:30:06 ----D---- C:\NDPS
2009-12-03 14:27:47 ----D---- C:\Documents and Settings\baustede\Application Data\LimeWire
2009-12-03 10:05:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-12-03 10:05:52 ----D---- C:\WINDOWS\system32\drivers
2009-12-03 10:03:51 ----D---- C:\Documents and Settings\All Users\Application Data\Prism Deploy
2009-12-02 18:26:44 ----SHD---- C:\WINDOWS\Installer
2009-12-02 18:08:55 ----D---- C:\WINDOWS\Minidump
2009-11-30 00:21:03 ----D---- C:\Documents and Settings\baustede\Application Data\FMZilla
2009-11-30 00:18:20 ----A---- C:\WINDOWS\NeroDigital.ini
2009-11-30 00:17:56 ----D---- C:\Program Files\Total Video Converter
2009-11-30 00:17:01 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-11-27 16:44:23 ----D---- C:\Documents and Settings\All Users\Application Data\CraigsPal
2009-11-27 15:49:30 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2009-11-27 00:23:16 ----HD---- C:\Config.Msi
2009-11-27 00:22:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-26 23:33:32 ----D---- C:\Program Files\Common Files
2009-11-26 23:31:34 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-26 23:09:53 ----D---- C:\WINDOWS\WinSxS
2009-11-18 15:35:13 ----D---- C:\Documents and Settings\baustede\Application Data\Apple Computer
2009-11-17 05:03:11 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-16 19:03:51 ----D---- C:\WINDOWS\system32\Macromed
2009-11-10 17:47:34 ----HD---- C:\WINDOWS\inf
2009-11-10 05:01:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-10 05:00:44 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 nipplpt2;Novell iCapture Lpt Redirector 2; C:\WINDOWS\system32\drivers\nipplpt.sys [2009-06-24 34592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-03-10 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-03-10 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-03-10 191536]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-10-23 4096]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2006-11-08 62336]
R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\System32\Drivers\WGX.SYS [2009-03-10 38056]
R2 WIBUKEY;WIBU-KEY Kernel Driver; C:\WINDOWS\SYSTEM32\DRIVERS\Wibukey.sys [2001-12-27 67072]
R2 WNTHW;WNTHW; \??\C:\WINDOWS\system32\DRIVERS\WNTHW.SYS []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-19 1578496]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-06-14 179200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FinePnt;FinePoint Innovations HID Driver; C:\WINDOWS\system32\DRIVERS\FpHidDrv.sys [2007-06-18 18816]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 LVPr2Mon;LVPr2Mon Driver; C:\WINDOWS\system32\Drivers\LVPr2Mon.sys [2008-07-26 25624]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MSTabBtn;Tablet PC Buttons HID Driver; C:\WINDOWS\system32\DRIVERS\MSTabBtn.sys [2006-06-14 9600]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091206.005\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091206.005\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2007-06-18 893952]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-06-15 1179784]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-06-18 185824]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2009-03-10 49536]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-06-18 162432]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-10-23 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-10-23 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-10-23 20608]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2007-06-18 1428096]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2005-03-21 333620]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-15 47360]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2008-07-26 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\WINDOWS\system32\DRIVERS\LV302V32.SYS [2008-07-26 2570520]
S3 Ser2pl;RadioShack USB to Serial Cable; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-10-20 48640]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-03-10 319792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-03-10 27696]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2005-10-20 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-04-10 104576]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-19 409600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-10 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-10 108392]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 LkCitadelServer;Lookout Citadel Server; c:\WINDOWS\system32\lkcitdl.exe [2007-11-27 695136]
R2 lkClassAds;National Instruments PSP Server Locator; c:\WINDOWS\system32\lkads.exe [2007-11-27 40488]
R2 lkTimeSync;National Instruments Time Synchronization; c:\WINDOWS\system32\lktsrv.exe [2007-11-27 50736]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2009-01-26 303104]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Program Files\lotus\notes\ntmulti.exe [2006-09-27 53248]
R2 NACAgent;Cisco NAC Agent; C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe [2009-06-22 715400]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 NIDomainService;National Instruments Domain Service; c:\Program Files\Shared\Security\nidmsrv.exe [2007-11-27 213552]
R2 niSvcLoc;NI Service Locator; c:\WINDOWS\system32\nisvcloc.exe [2007-07-19 48704]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-06-29 196608]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec AntiVirus\Smc.exe [2009-03-10 1799496]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2009-03-10 2440120]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client; C:\Program Files\Novell\ZENworks\Asset Management\bin\CClientSvc.exe [2007-08-31 49152]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2007-09-06 79360]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-26 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-12-10 3093880]
S3 NILM License Manager;NILM License Manager; c:\Program Files\Shared\License Manager\Bin\lmgrd.exe [2007-01-29 1007616]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Smcinst;Symantec Auto-upgrade Agent; C:\Program Files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe []
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec AntiVirus\SNAC.EXE [2009-03-10 320840]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Lotus Notes Single Logon;Lotus Notes Single Logon; C:\Program Files\lotus\notes\nslsvice.exe [2006-09-27 7680]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:37 AM

Posted 07 December 2009 - 09:56 AM

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#13 DavidBaustert

DavidBaustert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 07 December 2009 - 06:40 PM

ComboFix 09-12-07.01 - baustede 12/07/2009 18:33.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1367 [GMT -5:00]
Running from: c:\documents and settings\baustede\My Documents\Downloads\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\ATI Technologies\ATI.ACE\atIAcmxx.dll
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\system32\clrviddc.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\ssprs.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 23:32 . 2009-12-08 09:05 -------- d-----w- C:\32788R22FWJFW
2009-12-06 18:02 . 2009-12-06 18:02 -------- d-----w- C:\_OTM
2009-12-06 18:01 . 2009-12-06 18:01 -------- d-----w- c:\program files\ERUNT
2009-12-02 21:41 . 2009-12-02 21:41 -------- d-----w- C:\rsit
2009-11-30 05:20 . 2009-11-30 05:25 -------- d-----w- c:\program files\Free Music Zilla
2009-11-27 21:28 . 2009-11-27 21:28 -------- d-----w- c:\program files\Trend Micro
2009-11-27 05:23 . 2009-11-27 21:03 117760 ----a-w- c:\documents and settings\baustede\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-27 05:23 . 2009-11-27 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-27 05:23 . 2009-11-27 05:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-27 05:23 . 2009-11-27 05:23 -------- d-----w- c:\documents and settings\baustede\Application Data\SUPERAntiSpyware.com
2009-11-27 04:48 . 2009-11-27 04:48 -------- d-----w- C:\b07064b69f0377e73d
2009-11-27 04:44 . 2009-11-27 04:44 -------- d-----w- C:\239c1203e400d108917e5299
2009-11-18 20:23 . 2009-11-18 20:23 -------- d-----w- c:\documents and settings\baustede\Application Data\SharePod
2009-11-12 19:13 . 2009-11-12 19:13 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-11-12 19:13 . 2009-11-12 19:13 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-11-12 19:13 . 2009-11-12 19:13 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-11-12 19:13 . 2009-11-12 19:13 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-11-12 19:11 . 2009-11-17 22:55 -------- d-----w- c:\program files\WorkingModel2005

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 23:21 . 2007-06-29 14:02 765584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-04 16:24 . 2007-12-11 21:00 -------- d-----w- c:\program files\Symantec AntiVirus
2009-12-03 19:27 . 2007-08-21 01:13 -------- d-----w- c:\documents and settings\baustede\Application Data\LimeWire
2009-12-03 15:05 . 2008-11-25 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 15:03 . 2007-06-29 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Prism Deploy
2009-11-30 19:50 . 2008-01-29 23:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-30 05:21 . 2009-01-28 02:51 -------- d-----w- c:\documents and settings\baustede\Application Data\FMZilla
2009-11-30 05:17 . 2008-08-13 22:25 -------- d-----w- c:\program files\Total Video Converter
2009-11-30 05:17 . 2009-06-13 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-27 21:44 . 2009-01-22 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\CraigsPal
2009-11-27 20:49 . 2007-12-11 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-11-27 05:22 . 2008-09-08 15:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-27 04:31 . 2007-10-24 02:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-18 20:35 . 2007-08-09 18:58 -------- d-----w- c:\documents and settings\baustede\Application Data\Apple Computer
2009-11-17 10:03 . 2007-06-29 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 22:08 . 2009-10-27 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-10-27 04:30 . 2007-08-23 02:58 -------- d-----w- c:\program files\Ruckus Player
2009-10-27 04:28 . 2007-06-29 12:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 04:28 . 2007-10-16 01:25 -------- d-----w- c:\program files\Common Files\Vernier Software
2009-10-25 18:00 . 2009-10-25 18:00 -------- d-----w- c:\program files\Shock Utility
2009-10-25 18:00 . 2009-10-25 18:00 65536 ----a-w- c:\windows\IFinst27.exe
2009-10-22 01:21 . 2009-08-06 23:54 -------- d-----w- c:\documents and settings\baustede\Application Data\Image Zone Express
2009-10-20 13:30 . 2007-09-04 23:52 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-10-20 01:21 . 2007-09-04 23:52 -------- d-----w- c:\program files\Autodesk
2009-10-20 01:21 . 2007-09-04 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-10-20 01:14 . 2007-09-07 00:19 -------- d-----w- c:\program files\AutoCAD 2008
2009-10-20 01:05 . 2007-09-04 23:54 -------- d-----w- c:\documents and settings\baustede\Application Data\Autodesk
2009-09-26 00:25 . 2007-12-10 06:18 131019 ----a-w- c:\windows\hpoins12.dat
2009-09-26 00:24 . 2009-09-26 00:20 78752 ----a-w- c:\windows\hpfins05.dat
2009-09-11 14:03 . 2006-06-19 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2008-11-25 19:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-11-25 19:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 22:03 . 2007-07-24 22:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.

------- Sigcheck -------

[-] 2006-06-14 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll

[7] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll

c:\windows\System32\termsrv.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-12-07_23.23.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-07 23:29 . 2009-12-07 23:29 17396 c:\windows\SoftwareDistribution\EventCache\{84387F48-DB9C-4DFB-AB19-9CECBD1462E9}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"="md" [X]
"nlpo_02"="advpack.dll" [2009-08-29 124928]
"nlpo_03"="advpack.dll" [2009-08-29 124928]

c:\documents and settings\baustede\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 08:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 07:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2006-11-01 14:18 32256 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 00:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2009-03-10 20:09 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 08:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-26 20:13 1207080 ----a-w- c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]
2009-06-24 20:13 57344 ----a-w- c:\windows\system32\iprntlgn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
2009-06-24 20:13 53248 ----a-w- c:\windows\system32\iprntctl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 18:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 21:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 21:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NACAgentUI]
2009-06-22 14:24 446088 ----a-w- c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service]
2008-04-03 14:38 77824 ----a-w- c:\program files\Shared\Update Service\BackgroundService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 07:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-12-27 15:20 413696 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
2005-02-25 17:20 68296 ----a-w- c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-06-18 21:24 688218 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2007-06-18 21:24 98394 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
2005-04-26 03:10 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
2004-08-04 08:00 16384 ----a-w- c:\windows\Help\splshwrp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\Program Files\\Symantec AntiVirus\\SymCorpUI.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1761:TCP"= 1761:TCP:ZENworks Remote Management port
"1761:UDP"= 1761:UDP:ZENworks Remote Management port
"2967:TCP"= 2967:TCP:Symantec Antivirus v10 Client
"50000:TCP"= 50000:TCP:Webroot SpySweeper Client Service
"50001:TCP"= 50001:TCP:Webroot SpySweeper Sweep Now Function
"50002:TCP"= 50002:TCP:Webroot SpySweeper Poll Now Function
"50003:TCP"= 50003:TCP:Webroot SpySweeper Webroot Client Service
"7460:TCP"= 7460:TCP:ZENworks Asset Manager (Collection Server)
"7460:UDP"= 7460:UDP:ZENworks Asset Manager (Collection Server)
"7461:TCP"= 7461:TCP:ZENworks Asset Manager (Client Application)
"7461:UDP"= 7461:UDP:ZENworks Asset Manager (Client Application)
"7462:TCP"= 7462:TCP:ZENworks Asset Manager (Management Manager)
"7462:UDP"= 7462:UDP:ZENworks Asset Manager (Management Manager)
"7465:TCP"= 7465:TCP:ZENworks Asset Manager (Task Server)
"7465:UDP"= 7465:UDP:ZENworks Asset Manager (Task Server)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 eeCtrl;Symantec Eraser Control driver;c:\program files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [12/11/2007 4:02 PM 371248]
R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [8/31/2009 4:33 PM 34592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R1 SPBBCDrv;SPBBCDrv;c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [3/10/2009 3:09 PM 421424]
R1 SRTSP;SRTSP;c:\windows\system32\drivers\srtsp.sys [3/10/2009 3:09 PM 280112]
R1 SRTSPX;SRTSPX;c:\windows\system32\drivers\srtspx.sys [3/10/2009 3:09 PM 43824]
R2 Apple Mobile Device;Apple Mobile Device;c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [7/9/2009 11:22 AM 144712]
R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [10/23/2007 9:00 AM 4096]
R2 Hardlock;Hardlock;c:\windows\system32\drivers\hardlock.sys [10/20/2007 10:49 AM 670208]
R2 Haspnt;Haspnt;c:\windows\system32\drivers\Haspnt.sys [4/14/2009 2:13 PM 47616]
R2 hpqddsvc;HP CUE DeviceDiscovery Service;c:\windows\system32\svchost.exe -k hpdevmgmt [6/19/2006 11:46 AM 14336]
R2 LkCitadelServer;Lookout Citadel Server;c:\windows\system32\lkcitdl.exe [11/27/2007 2:38 PM 695136]
R2 lkClassAds;National Instruments PSP Server Locator;c:\windows\system32\lkads.exe [11/27/2007 12:56 PM 40488]
R2 lkTimeSync;National Instruments Time Synchronization;c:\windows\system32\lktsrv.exe [11/27/2007 12:57 PM 50736]
R2 LVCOMSer;LVCOMSer;c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [7/26/2008 7:23 AM 186904]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service;c:\program files\lotus\notes\ntmulti.exe [9/27/2006 5:38 AM 53248]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [6/22/2009 9:24 AM 715400]
R2 Net Driver HPZ12;Net Driver HPZ12;c:\windows\System32\svchost.exe -k HPZ12 [6/19/2006 11:46 AM 14336]
R2 NIDomainService;National Instruments Domain Service;c:\program files\Shared\Security\nidmsrv.exe [11/27/2007 12:57 PM 213552]
R2 niSvcLoc;NI Service Locator;c:\windows\system32\nisvcloc.exe -s --> c:\windows\system32\nisvcloc.exe -s [?]
R2 rspndr;Link-Layer Topology Discovery Responder;c:\windows\system32\drivers\rspndr.sys [6/28/2007 4:58 PM 62336]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe [8/30/2007 12:30 PM 49152]
R2 WGX;Extend WG Protocol Driver;c:\windows\system32\drivers\WGX.SYS [8/4/2009 9:41 AM 38056]
R2 WIBUKEY;WIBU-KEY Kernel Driver;c:\windows\system32\drivers\Wibukey.sys [11/26/2008 2:34 PM 67072]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [8/30/2007 12:30 PM 9176]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver;c:\windows\system32\drivers\e1e5132.sys [6/19/2006 11:46 AM 179200]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/2/2009 2:19 PM 102448]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [6/19/2006 11:46 AM 18816]
R3 hpqcxs08;hpqcxs08;c:\windows\system32\svchost.exe -k hpdevmgmt [6/19/2006 11:46 AM 14336]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [6/19/2006 11:46 AM 9600]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
R3 smserial;smserial;c:\windows\system32\drivers\smserial.sys [6/29/2007 7:20 AM 893952]
R3 STHDA;SigmaTel High Definition Audio CODEC;c:\windows\system32\drivers\sthda.sys [6/29/2007 7:19 AM 1179784]
R3 SynTP;Synaptics TouchPad Driver;c:\windows\system32\drivers\SynTP.sys [6/29/2007 7:21 AM 185824]
R3 tifm21;tifm21;c:\windows\system32\drivers\tifm21.sys [6/18/2007 10:50 AM 162432]
R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver;c:\windows\system32\drivers\w39n51.sys [6/29/2007 7:23 AM 1428096]
R3 WinDriver6;WinDriver6;c:\windows\system32\drivers\windrvr6.sys [10/15/2007 8:26 PM 333620]
S2 LVPrcSrv;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [7/26/2008 7:25 AM 150040]
S2 McciCMService;McciCMService;c:\program files\Common Files\Motive\McciCMService.exe [8/25/2009 9:49 PM 303104]
S3 Autodesk Licensing Service;Autodesk Licensing Service;c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [9/6/2007 6:36 PM 79360]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [3/10/2009 3:09 PM 23888]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [8/26/2009 3:56 PM 651720]
S3 FTDIBUS;USB Serial Converter Driver;c:\windows\system32\drivers\ftdibus.sys [10/15/2007 8:25 PM 57672]
S3 FTSER2K;USB Serial Port Driver;c:\windows\system32\drivers\ftser2k.sys [10/15/2007 8:25 PM 72520]
S3 LVRS;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs.sys [8/24/2008 4:11 PM 627864]
S3 MREMP50;MREMP50 NDIS Protocol Driver;c:\progra~1\COMMON~1\Motive\MREMP50.SYS [8/25/2009 9:49 PM 21248]
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MREMP50a64.SYS --> c:\progra~1\COMMON~1\Motive\MREMP50a64.SYS [?]
S3 MRESP50;MRESP50 NDIS Protocol Driver;c:\progra~1\COMMON~1\Motive\MRESP50.SYS [8/25/2009 9:49 PM 20096]
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver;\??\c:\progra~1\COMMON~1\Motive\MRESP50a64.SYS --> c:\progra~1\COMMON~1\Motive\MRESP50a64.SYS [?]
S3 NdisIP;Microsoft TV/Video Connection;c:\windows\system32\drivers\NdisIP.sys [8/21/2008 11:20 PM 10880]
S3 NILM License Manager;NILM License Manager;c:\program files\Shared\License Manager\Bin\lmgrd.exe [1/29/2007 2:19 PM 1007616]
S3 odserv;Microsoft Office Diagnostics Service;c:\program files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [10/26/2006 6:49 PM 441136]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [8/15/2008 1:08 PM 47360]
S3 pepifilter;Volume Adapter;c:\windows\system32\drivers\lv302af.sys [8/21/2008 11:19 PM 13848]
S3 PID_PEPI;Logitech QuickCam IM(PID_PEPI);c:\windows\system32\drivers\LV302V32.SYS [8/21/2008 11:19 PM 2570520]
S3 Ser2pl;RadioShack USB to Serial Cable;c:\windows\system32\drivers\ser2pl.sys [7/29/2009 6:16 PM 48640]
S3 SLIP;BDA Slip De-Framer;c:\windows\system32\drivers\SLIP.sys [8/21/2008 11:20 PM 11136]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe [?]
S3 SRTSPL;SRTSPL;c:\windows\system32\drivers\srtspl.sys [3/10/2009 3:09 PM 319792]
S3 TIEHDUSB;TIEHDUSB;c:\windows\system32\drivers\tiehdusb.sys [10/15/2007 8:26 PM 49536]
S3 usb_rndisx;USB RNDIS Adapter;c:\windows\system32\drivers\usb8023x.sys [8/10/2009 8:14 PM 12800]
S3 USBAAPL;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl.sys [7/27/2009 9:24 AM 39424]
S3 wceusbsh;Windows CE USB Serial Host Driver;c:\windows\system32\drivers\wceusbsh.sys [4/10/2006 5:05 PM 104576]
S4 Lotus Notes Single Logon;Lotus Notes Single Logon;c:\program files\lotus\notes\nslsvice.exe [9/27/2006 5:38 AM 7680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ondemand5.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\baustede\Application Data\Mozilla\Firefox\Profiles\b2d7mcsi.default\
FF - prefs.js: browser.startup.homepage - hxxps://udportal.udayton.edu/ExpressPortal/portal/cn/AnonContainer/Anon_Welcome
FF - component: c:\documents and settings\baustede\Application Data\Mozilla\Firefox\Profiles\b2d7mcsi.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
FF - plugin: c:\windows\system32\npnipp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus
AddRemove-HijackThis - c:\documents and settings\baustede\Desktop\HijackThis.exe
AddRemove-lvdrivers_11.80 - c:\program files\Common Files\LogiShrd\LogiDriverStore\lvdrivers\11.80.1048\LgDrvInst.exe -remove -instdirc:\program files\Common Files\LogiShrd\LogiDriverStore\lvdrivers -enumdelay=2000 -enabledifx -forcedelete -usbhubsfirst -forceremove -cumulativeremove -promptuninstall -arpregkeylvdrivers_11.80
AddRemove-ErrorStyleTeam - c:\docume~1\baustede\APPLIC~1\64FUNK~1\bore chic book.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1268)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2716)
c:\windows\system32\WININET.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL

- - - - - - - > 'explorer.exe'(2500)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\browselc.dll
c:\windows\system32\ieframe.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
Completion time: 2009-12-07 18:39
ComboFix-quarantined-files.txt 2009-12-07 23:39
ComboFix2.txt 2008-11-25 21:18
ComboFix3.txt 2008-11-25 20:32

Pre-Run: 21,566,136,320 bytes free
Post-Run: 21,552,406,528 bytes free

- - End Of File - - A38052C8CC7CE7D2101BF15B4B7C62AC

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:37 AM

Posted 08 December 2009 - 10:37 AM

I can see that you are not running combofix from the desktop, please delete the copy you have then download a new copy and save it to your desktop.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlpo_01"=-
"nlpo_02"=-
"nlpo_03"=-
FCopy::
c:\windows\system32\dllcache\termsrv.dll | c:\windows\System32\termsrv.dll

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#15 DavidBaustert

DavidBaustert
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 08 December 2009 - 10:04 PM

ComboFix 09-12-08.03 - baustede 12/08/2009 21:54:37.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1286 [GMT -5:00]
Running from: c:\documents and settings\baustede\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\baustede\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://windowsupdate.udayton.edu
.
--------------- FCopy ---------------

c:\windows\system32\dllcache\termsrv.dll --> c:\windows\System32\termsrv.dll
.
((((((((((((((((((((((((( Files Created from 2009-11-09 to 2009-12-09 )))))))))))))))))))))))))))))))
.

2009-12-09 02:54 . 2004-08-04 08:00 295424 -c--a-w- c:\windows\system32\dllcache\termsrv.dll
2009-12-09 02:54 . 2004-08-04 08:00 295424 ----a-w- c:\windows\system32\termsrv.dll
2009-12-06 18:02 . 2009-12-06 18:02 -------- d-----w- C:\_OTM
2009-12-06 18:01 . 2009-12-06 18:01 -------- d-----w- c:\program files\ERUNT
2009-12-02 21:41 . 2009-12-02 21:41 -------- d-----w- C:\rsit
2009-11-30 05:20 . 2009-11-30 05:25 -------- d-----w- c:\program files\Free Music Zilla
2009-11-27 21:28 . 2009-11-27 21:28 -------- d-----w- c:\program files\Trend Micro
2009-11-27 05:23 . 2009-11-27 21:03 117760 ----a-w- c:\documents and settings\baustede\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-27 05:23 . 2009-11-27 05:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-27 05:23 . 2009-11-27 05:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-27 05:23 . 2009-11-27 05:23 -------- d-----w- c:\documents and settings\baustede\Application Data\SUPERAntiSpyware.com
2009-11-27 04:48 . 2009-11-27 04:48 -------- d-----w- C:\b07064b69f0377e73d
2009-11-27 04:44 . 2009-11-27 04:44 -------- d-----w- C:\239c1203e400d108917e5299
2009-11-18 20:23 . 2009-11-18 20:23 -------- d-----w- c:\documents and settings\baustede\Application Data\SharePod
2009-11-12 19:13 . 2009-11-12 19:13 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-11-12 19:13 . 2009-11-12 19:13 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-11-12 19:13 . 2009-11-12 19:13 1024 ----a-w- c:\windows\system32\grcauth2.dll
2009-11-12 19:13 . 2009-11-12 19:13 1024 ----a-w- c:\windows\system32\grcauth1.dll
2009-11-12 19:11 . 2009-11-17 22:55 -------- d-----w- c:\program files\WorkingModel2005

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 23:21 . 2007-06-29 14:02 765584 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-04 16:24 . 2007-12-11 21:00 -------- d-----w- c:\program files\Symantec AntiVirus
2009-12-03 19:27 . 2007-08-21 01:13 -------- d-----w- c:\documents and settings\baustede\Application Data\LimeWire
2009-12-03 15:05 . 2008-11-25 19:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-03 15:03 . 2007-06-29 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Prism Deploy
2009-11-30 19:50 . 2008-01-29 23:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-30 05:21 . 2009-01-28 02:51 -------- d-----w- c:\documents and settings\baustede\Application Data\FMZilla
2009-11-30 05:17 . 2008-08-13 22:25 -------- d-----w- c:\program files\Total Video Converter
2009-11-30 05:17 . 2009-06-13 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-11-27 21:44 . 2009-01-22 15:47 -------- d-----w- c:\documents and settings\All Users\Application Data\CraigsPal
2009-11-27 20:49 . 2007-12-11 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2009-11-27 05:22 . 2008-09-08 15:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-27 04:31 . 2007-10-24 02:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-18 20:35 . 2007-08-09 18:58 -------- d-----w- c:\documents and settings\baustede\Application Data\Apple Computer
2009-11-17 10:03 . 2007-06-29 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 22:08 . 2009-10-27 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Chat Republic Games
2009-10-27 04:30 . 2007-08-23 02:58 -------- d-----w- c:\program files\Ruckus Player
2009-10-27 04:28 . 2007-06-29 12:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-27 04:28 . 2007-10-16 01:25 -------- d-----w- c:\program files\Common Files\Vernier Software
2009-10-25 18:00 . 2009-10-25 18:00 -------- d-----w- c:\program files\Shock Utility
2009-10-25 18:00 . 2009-10-25 18:00 65536 ----a-w- c:\windows\IFinst27.exe
2009-10-22 01:21 . 2009-08-06 23:54 -------- d-----w- c:\documents and settings\baustede\Application Data\Image Zone Express
2009-10-20 13:30 . 2007-09-04 23:52 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-10-20 01:21 . 2007-09-04 23:52 -------- d-----w- c:\program files\Autodesk
2009-10-20 01:21 . 2007-09-04 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk
2009-10-20 01:14 . 2007-09-07 00:19 -------- d-----w- c:\program files\AutoCAD 2008
2009-10-20 01:05 . 2007-09-04 23:54 -------- d-----w- c:\documents and settings\baustede\Application Data\Autodesk
2009-09-26 00:25 . 2007-12-10 06:18 131019 ----a-w- c:\windows\hpoins12.dat
2009-09-26 00:24 . 2009-09-26 00:20 78752 ----a-w- c:\windows\hpfins05.dat
2009-09-11 14:03 . 2006-06-19 16:46 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2008-11-25 19:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2008-11-25 19:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 22:03 . 2007-07-24 22:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.

------- Sigcheck -------

[-] 2006-06-14 . 6E266AAF4168B3569A330C61AB01F6B4 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-12-07_23.23.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-08 19:49 . 2009-12-08 19:49 16384 c:\windows\temp\Perflib_Perfdata_bf8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

c:\documents and settings\baustede\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 08:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 07:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2006-11-01 14:18 32256 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-05-19 05:23 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-05-14 00:58 177472 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 21:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
2009-03-10 20:09 115560 ----a-w- c:\program files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 08:00 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-06-26 20:13 1207080 ----a-w- c:\progra~1\MI3AA1~1\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor]
2009-06-24 20:13 57344 ----a-w- c:\windows\system32\iprntlgn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray]
2009-06-24 20:13 53248 ----a-w- c:\windows\system32\iprntctl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 18:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 21:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 21:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NACAgentUI]
2009-06-22 14:24 446088 ----a-w- c:\program files\Cisco\Cisco NAC Agent\NACAgentUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Background Service]
2008-04-03 14:38 77824 ----a-w- c:\program files\Shared\Update Service\BackgroundService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-01-12 07:01 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-12-27 15:20 413696 ----a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snippet]
2005-02-25 17:20 68296 ----a-w- c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-06-18 21:24 688218 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2007-06-18 21:24 98394 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletTip]
2005-04-26 03:10 271872 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\tabtip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TabletWizard]
2004-08-04 08:00 16384 ----a-w- c:\windows\Help\splshwrp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Symantec AntiVirus\\Smc.exe"=
"c:\\Program Files\\Symantec AntiVirus\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\CCleaner\\CCleaner.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\Program Files\\Symantec AntiVirus\\SymCorpUI.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1761:TCP"= 1761:TCP:ZENworks Remote Management port
"1761:UDP"= 1761:UDP:ZENworks Remote Management port
"2967:TCP"= 2967:TCP:Symantec Antivirus v10 Client
"50000:TCP"= 50000:TCP:Webroot SpySweeper Client Service
"50001:TCP"= 50001:TCP:Webroot SpySweeper Sweep Now Function
"50002:TCP"= 50002:TCP:Webroot SpySweeper Poll Now Function
"50003:TCP"= 50003:TCP:Webroot SpySweeper Webroot Client Service
"7460:TCP"= 7460:TCP:ZENworks Asset Manager (Collection Server)
"7460:UDP"= 7460:UDP:ZENworks Asset Manager (Collection Server)
"7461:TCP"= 7461:TCP:ZENworks Asset Manager (Client Application)
"7461:UDP"= 7461:UDP:ZENworks Asset Manager (Client Application)
"7462:TCP"= 7462:TCP:ZENworks Asset Manager (Management Manager)
"7462:UDP"= 7462:UDP:ZENworks Asset Manager (Management Manager)
"7465:TCP"= 7465:TCP:ZENworks Asset Manager (Task Server)
"7465:UDP"= 7465:UDP:ZENworks Asset Manager (Task Server)
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [8/31/2009 4:33 PM 34592]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [6/22/2009 9:24 AM 715400]
R2 TSCensus Collection Client;ZENworks Asset Management - Collection Client;c:\program files\Novell\ZENworks\Asset Management\Bin\CClientSvc.exe [8/30/2007 12:30 PM 49152]
R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [8/30/2007 12:30 PM 9176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/2/2009 2:19 PM 102448]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [6/19/2006 11:46 AM 18816]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [6/19/2006 11:46 AM 9600]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [3/10/2009 3:09 PM 23888]
S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec AntiVirus\SmcLU\Setup\smcinst.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ondemand5.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\baustede\Application Data\Mozilla\Firefox\Profiles\b2d7mcsi.default\
FF - prefs.js: browser.startup.homepage - hxxps://udportal.udayton.edu/ExpressPortal/portal/cn/AnonContainer/Anon_Welcome
FF - component: c:\documents and settings\baustede\Application Data\Mozilla\Firefox\Profiles\b2d7mcsi.default\extensions\refractor@developer.mozilla.org\components\prism.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
FF - plugin: c:\windows\system32\npnipp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-08 22:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1268)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-08 22:02:17
ComboFix-quarantined-files.txt 2009-12-09 03:02
ComboFix2.txt 2009-12-07 23:39
ComboFix3.txt 2008-11-25 21:18
ComboFix4.txt 2008-11-25 20:32

Pre-Run: 21,422,927,872 bytes free
Post-Run: 21,387,448,320 bytes free

- - End Of File - - 75214F32E8572CA256ACC17E9D60A709




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users