Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win32/Spy.Ursnif.A Virus - How do I get rid of it??

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Phishermaneto » August 14th, 2009, 11:19 am

My eset NOD32 has found the virus Win32/Spy.Ursnif.A
It can't get rid of it. Apparently, according to their website, http://www.eset.eu/encyclopaedia/win32-spy-ursnif-a-trojan-win32-inject-kzl-spy-ursnif-gen-h-patch-zgm, it's a trojan that steals sensitive information and sends it to a remote terminal.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:13:03 AM, on 8/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phisherman.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: autobahn.lnk = C:\Program Files\Autobahn\autobahn.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2712008921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11137 bytes

Thanks for your much anticipated help. :)

-Erik
Phishermaneto
Active Member
 
Posts: 8
Joined: August 14th, 2009, 11:14 am
Advertisement
Register to Remove

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby MWR 3 day Mod » August 18th, 2009, 12:08 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Cyborg » August 19th, 2009, 11:26 am

Hi,
/// Welcome to MalWare Removal ///
My nickname is Cyborg, and I'll be helping you with your malware problems.
HijackThis logs can take a while to research, so please be patient.

I am currently under the guidance of the MRU teachers, everything I post to you, are being reviewed by them.
This will add some time to my responses, but not to a great extent...


Before we begin, please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  • Please, if you have questions about something...ASK, don't guess or assume.
  • Only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  • Only- reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean"
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Cyborg » August 21st, 2009, 10:54 am

Hi Phishermaneto,

// RSIT (Random's System Information Tool) //


Please download RSIT by random/random... save it to your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", will be maximized
  • The second one, "info.txt", will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)

Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


// Log from NOD32 Antivirus //


  • Open the main program window by clicking the icon in the Windows notification area or by clicking Start → All Programs → ESET → ESET Smart Security or ESET NOD32 Antivirus.
  • Toggle to Advanced Mode by clicking Toggle Advanced mode in the lower left corner or by pressing CTRL + M on your keyboard.

    Image
  • Click Tools → Log files. From the Log drop-down menu, select Detected Threats.
  • Right-click the line representing the most recently completed scan (top line). Click Export. Name the file 'Scan log', and save the file to the Desktop for easy access.

Please copy paste this file in your reply.




SUMMARY

Please post the following in your reply :

  • Both logs from RSIT
  • Log from GMER.
  • Log from NOD32.
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Phishermaneto » August 21st, 2009, 1:58 pm

RSIT Log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Erik at 2009-08-21 13:57:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (8%) free of 112 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:24 PM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Erik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phisherman.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: autobahn.lnk = C:\Program Files\Autobahn\autobahn.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2712008921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11300 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-28 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-28 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - Systran50premi.IEPlugIn - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll [2004-06-21 253952]
{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Verizon Broadband Toolbar - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [2007-05-25 1904128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-08-22 184320]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2006-05-31 921600]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-03-02 185896]
"USB Storage Toolbox"=C:\Program Files\USBToolbox\Res.EXE [2002-01-15 118784]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
autobahn.lnk - C:\Program Files\Autobahn\autobahn.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Autobahn\autobahn.exe"="C:\Program Files\Autobahn\autobahn.exe:*:Enabled:Autobahn"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Streamer\streamer.exe"="C:\Program Files\Streamer\streamer.exe:*:Enabled:streamer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"D:\setup\HPZnui01.exe"="D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

======List of files/folders created in the last 3 months======

2009-08-21 13:57:16 ----D---- C:\rsit
2009-08-19 00:32:57 ----D---- C:\Documents and Settings\Administrator\Application Data\LEAPS
2009-08-19 00:20:29 ----D---- C:\Program Files\Pegasys Inc
2009-08-19 00:20:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
2009-08-15 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-14 11:12:50 ----D---- C:\Program Files\Trend Micro
2009-08-14 09:34:00 ----D---- C:\7940d4a626a81a6c20b4
2009-08-14 09:33:22 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-14 09:26:47 ----D---- C:\WINDOWS\ie8updates
2009-08-14 09:21:03 ----HDC---- C:\WINDOWS\ie8
2009-08-14 09:17:45 ----SHD---- C:\RECYCLER
2009-08-13 22:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 22:44:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 22:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 22:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 22:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 22:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 22:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 22:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 22:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 22:41:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 22:14:59 ----A---- C:\ComboFix.txt
2009-08-13 22:03:40 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\zip.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\SWREG.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\sed.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\PEV.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\grep.exe
2009-08-13 22:03:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-13 22:03:37 ----A---- C:\WINDOWS\SWSC.exe
2009-08-13 22:03:31 ----D---- C:\WINDOWS\ERDNT
2009-08-13 22:03:23 ----SD---- C:\ComboFix
2009-08-13 22:01:37 ----D---- C:\Qoobox
2009-07-17 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-17 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-17 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-06-10 05:56:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 05:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 05:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 05:52:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-29 17:34:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Xbins

======List of files/folders modified in the last 3 months======

2009-08-21 13:57:24 ----D---- C:\WINDOWS\Prefetch
2009-08-21 13:56:44 ----D---- C:\WINDOWS\Temp
2009-08-21 13:09:13 ----D---- C:\Program Files\Mozilla Firefox
2009-08-21 12:58:34 ----D---- C:\WINDOWS
2009-08-21 12:57:37 ----D---- C:\WINDOWS\Registration
2009-08-21 12:56:36 ----D---- C:\MDT
2009-08-21 12:56:03 ----D---- C:\Documents and Settings\Administrator\Application Data\WTablet
2009-08-21 04:22:34 ----A---- C:\WINDOWS\ModemLog_Bluetooth Null Modem.txt
2009-08-21 04:22:21 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-08-21 04:22:19 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2009-08-21 04:22:19 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2009-08-20 11:18:14 ----A---- C:\WINDOWS\win.ini
2009-08-20 01:38:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-20 01:37:40 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-08-19 00:20:58 ----SHD---- C:\WINDOWS\Installer
2009-08-19 00:20:58 ----HD---- C:\Config.Msi
2009-08-19 00:20:29 ----RD---- C:\Program Files
2009-08-15 03:02:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-15 03:02:04 ----HD---- C:\WINDOWS\inf
2009-08-15 03:01:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-15 03:01:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-14 11:58:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-14 11:57:52 ----RSD---- C:\WINDOWS\assembly
2009-08-14 10:43:38 ----D---- C:\WINDOWS\system32
2009-08-14 10:41:26 ----D---- C:\WINDOWS\system32\en-US
2009-08-14 10:41:24 ----D---- C:\WINDOWS\Media
2009-08-14 10:41:24 ----D---- C:\Program Files\Internet Explorer
2009-08-14 10:41:23 ----D---- C:\WINDOWS\Help
2009-08-14 09:40:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-14 09:39:56 ----D---- C:\WINDOWS\WinSxS
2009-08-14 09:35:20 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-14 09:35:08 ----RSD---- C:\WINDOWS\Fonts
2009-08-14 09:27:41 ----A---- C:\WINDOWS\imsins.BAK
2009-08-14 09:27:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 22:44:11 ----D---- C:\Program Files\Outlook Express
2009-08-13 22:41:22 ----D---- C:\WINDOWS\system32\drivers
2009-08-13 22:12:25 ----A---- C:\WINDOWS\system.ini
2009-08-13 22:10:27 ----D---- C:\WINDOWS\AppPatch
2009-08-13 22:10:18 ----D---- C:\Program Files\Common Files
2009-08-12 19:23:52 ----D---- C:\Documents and Settings\Administrator\Application Data\HPAppData
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-27 16:04:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Vso
2009-07-24 14:46:39 ----D---- C:\Program Files\Mozilla Thunderbird
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 15:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-03 13:09:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 13:09:27 ----N---- C:\WINDOWS\system32\occache.dll
2009-07-03 13:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 13:09:24 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 13:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 13:09:23 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 13:09:21 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 07:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-16 03:06:49 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-06-12 08:31:40 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-06-12 08:31:39 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-10 10:13:29 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-06-10 09:19:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 02:14:49 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-03 15:09:37 ----A---- C:\WINDOWS\system32\quartz.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-09 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2005-02-16 18816]
S3 aq7cv7rf;aq7cv7rf; C:\WINDOWS\system32\drivers\aq7cv7rf.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 avn657am;avn657am; C:\WINDOWS\system32\drivers\avn657am.sys []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-04-16 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-04-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-04-16 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-08-03 380928]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2006-05-31 507904]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 FreePOPs;FreePOPs; C:\Program Files\FreePOPs\freepopsservice.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Phishermaneto
Active Member
 
Posts: 8
Joined: August 14th, 2009, 11:14 am

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Phishermaneto » August 21st, 2009, 1:59 pm

RSIT info.txt

info.txt logfile of random's system information tool 1.06 2009-08-21 13:57:29

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
abgx360 v1.0.1-->"C:\Program Files\abgx360\uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Autobahn-->C:\Program Files\Autobahn\Uninstall.exe
AVI Splitter-->"C:\Program Files\avisplit\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
ConvertXtoDVD 3.3.4.107-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
dBpoweramp [Calculate Audio CRC] Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
dBpowerAMP Arrange Music-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Arrange Music.dat
dBpowerAMP Channel Split-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Channel Split.dat
dBpowerAMP DirectShow Decoder Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP DirectShow Decoder Codec.dat
dBpoweramp FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Monkeys Audio Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBPowerAMP Mp2 and BwfMp2 codec r4-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec r4.dat
dBpoweramp Mp2 and BwfMp2 codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
dBpoweramp mp3 (Fraunhofer IIS) Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
dBpowerAMP Mp4 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBPowerAMP Real Audio Encoder R3-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.dat
dBpowerAMP Rename Extension-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Rename Extension.dat
dBpoweramp Shorten Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Shorten Codec.dat
dBpowerAMP Tag From Filename-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Tag From Filename.dat
dBpowerAMP Update ID Tag-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Update ID Tag.dat
dBpoweramp WavPack Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
dBpowerAMP WMA V9.1 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digidesign Free Bomb Factory Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Digidesign Shared Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{AFE354A5-640F-4A23-94C8-0B441E8967CA}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dMC Generic CLI Encoder-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dMC Generic CLI Encoder.dat
dMC Power Pack-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dMC Power Pack.dat
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Freez Screen Video Capture v1.2-->"C:\Program Files\Smallvideosoft\Freez Screen Video Capture\unins000.exe"
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
HHD Software Free Hex Editor Neo 4.01-->"C:\Program Files\HHD Software\Hex Editor Neo\Setup\uninstHEX.exe" -u
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
LimeWire PRO 4.12.6-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Magic ISO Maker v5.3 (build 0229)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager-->MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3 To Ringtone Gold 5.20-->"C:\Program Files\AnMing\unins000.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicnotes Player V1.22.3-->"C:\Program Files\Musicnotes\Player\unins000.exe"
Nero 7 Premium-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
OCR Software by I.R.I.S. 11.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Peggle Deluxe 1.0-->C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
Pen Tablet-->C:\Program Files\Tablet\Pen\Remove.exe /u
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Replay AV 8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstall8.ini"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 9.0-->MsiExec.exe /X{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}
Streamer (remove only)-->"C:\Program Files\Streamer\uninstall.exe"
SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SYSTRAN Premium 5.0-->MsiExec.exe /I{53595300-0624-0001-3530-007072656D69}
TMPGEnc 4.0 XPress-->MsiExec.exe /I{485C28E6-7E8C-40E4-BCFE-6E85B1F46D7A}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wnjiper-->MsiExec.exe /I{923CAE62-30C9-425E-B4ED-F5E9C09C5C4A}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Premier 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Premier 2007-->C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB Mass Storage Toolbox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62B002C5-1AB3-11D8-8092-00E018B21FC0}\Setup.exe"
Verizon Broadband Toolbar-->C:\Program Files\vol_toolbar\uninstall.exe
VST Bridge 1.1-->"C:\Program Files\Audacity\Plug-ins\VST Bridge\unins000.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wisdom-soft ScreenHunter 5.0 Pro-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG

Hosts File Missing
======Security center information======

AV: Eset NOD32 antivirus system 2.51

======System event log======

Computer Name: ERIK-LAPTOP
Event Code: 1002
Message: The IP address lease 192.168.1.3 for the Network Card with network address 00197D37E1FB has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 66011
Source Name: Dhcp
Time Written: 20090506180244.000000-240
Event Type: error
User:

Computer Name: ERIK-LAPTOP
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 65992
Source Name: Service Control Manager
Time Written: 20090506180230.000000-240
Event Type: error
User:

Computer Name: ERIK-LAPTOP
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 65991
Source Name: Windows Update Agent
Time Written: 20090506180202.000000-240
Event Type: error
User:

Computer Name: ERIK-LAPTOP
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by -52707602 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.3:123->207.46.232.182:123) is working properly.

Record Number: 65983
Source Name: W32Time
Time Written: 20110105213354.000000-300
Event Type: error
User:

Computer Name: ERIK-LAPTOP
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 65979
Source Name: W32Time
Time Written: 20110105212510.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 92
Source Name: Userenv
Time Written: 20090428185809.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 77
Source Name: Userenv
Time Written: 20090428075853.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 59
Source Name: Userenv
Time Written: 20090427172730.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 44
Source Name: Userenv
Time Written: 20090427083017.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15
Source Name: Userenv
Time Written: 20090423161823.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
Phishermaneto
Active Member
 
Posts: 8
Joined: August 14th, 2009, 11:14 am

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Phishermaneto » August 21st, 2009, 4:00 pm

GMER

GMER 1.0.15.15077 [jj1hlpi3.exe] - http://www.gmer.net
Rootkit scan 2009-08-21 15:57:30
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xBA6BE0D0]
SSDT sptd.sys ZwEnumerateKey [0xBA6C3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xBA6C4340]
SSDT sptd.sys ZwOpenKey [0xBA6BE0B0]
SSDT sptd.sys ZwQueryKey [0xBA6C4418]
SSDT sptd.sys ZwQueryValueKey [0xBA6C4298]
SSDT sptd.sys ZwSetValueKey [0xBA6C44AA]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83FC51E8

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 83DF3790
Device \Driver\dmio \Device\DmControl\DmIoDaemon 83FC71E8
Device \Driver\dmio \Device\DmControl\DmConfig 83FC71E8
Device \Driver\dmio \Device\DmControl\DmPnP 83FC71E8
Device \Driver\dmio \Device\DmControl\DmInfo 83FC71E8
Device \Driver\usbuhci \Device\USBPDO-1 83DF3790
Device \Driver\usbuhci \Device\USBPDO-2 83DF3790
Device \Driver\usbuhci \Device\USBPDO-3 83DF3790
Device \Driver\usbehci \Device\USBPDO-4 83DF11E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 83F561E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 83F561E8
Device \Driver\Cdrom \Device\CdRom1 83E14790
Device \Driver\Ftdisk \Device\HarddiskVolume3 83F561E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C46F98AB-AFBA-437D-81C2-F71CB1DE68B7} 837811E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 837811E8
Device \Driver\NetBT \Device\NetbiosSmb 837811E8
Device \Driver\PCI_NTPNP6076 \Device\0000005b sptd.sys
Device \Driver\PCI_NTPNP6076 \Device\0000005c sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 83DF3790
Device \Driver\usbuhci \Device\USBFDO-1 83DF3790
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 837775D0
Device \Driver\usbuhci \Device\USBFDO-2 83DF3790
Device \FileSystem\MRxSmb \Device\LanmanRedirector 837775D0
Device \Driver\usbuhci \Device\USBFDO-3 83DF3790
Device \Driver\usbehci \Device\USBFDO-4 83DF11E8
Device \Driver\Ftdisk \Device\FtControl 83F561E8
Device \Driver\avn657am \Device\Scsi\avn657am1Port2Path0Target0Lun0 83C9E1E8
Device \Driver\aq7cv7rf \Device\Scsi\aq7cv7rf1 83D091E8
Device \Driver\avn657am \Device\Scsi\avn657am1 83C9E1E8
Device \Driver\Cdrom \Device\CdRom0 83E14790
Device \FileSystem\Fastfat \Fat 83C6E568
Device \FileSystem\Fastfat \Fat ACF70297

AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

Device \FileSystem\Cdfs \Cdfs 83AF6790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -483757994
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1206570753
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xF7 0x8F 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE7 0x5F 0x37 0x5C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEA 0x81 0x55 0x20 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x45 0xA3 0xBA 0x0A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xD7 0x28 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x23 0xD7 0x28 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x23 0xD7 0x28 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xF7 0x8F 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE7 0x5F 0x37 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEA 0x81 0x55 0x20 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0x5D 0xF0 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xD7 0x28 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x23 0xD7 0x28 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x23 0xD7 0x28 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5C 0xF7 0x8F 0x3B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE7 0x5F 0x37 0x5C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEA 0x81 0x55 0x20 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x45 0xA3 0xBA 0x0A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x23 0xD7 0x28 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x23 0xD7 0x28 0xAD ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x23 0xD7 0x28 0xAD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{A211FD50-104A-552A-E783321B77B5C9DA}\{4E700FFC-D5B6-D24A-08D9C51A05E3FA14}\{72F82311-8741-4D82-9043D22F7FAD5282}
Reg HKLM\SOFTWARE\Classes\CLSID\{A211FD50-104A-552A-E783321B77B5C9DA}\{4E700FFC-D5B6-D24A-08D9C51A05E3FA14}\{72F82311-8741-4D82-9043D22F7FAD5282}@GG2KGGPNIIGO4BVBD4BQHYVQFA1 0x01 0x00 0x01 0x00 ...

---- EOF - GMER 1.0.15 ----
Phishermaneto
Active Member
 
Posts: 8
Joined: August 14th, 2009, 11:14 am

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Phishermaneto » August 21st, 2009, 4:05 pm

using nod32 2.5 w/ an updated virus database. not sure how to acquire a log from it.

maybe this will help. i copied the threats detected this week.

Time Module Object Name Threat Action User Information
8/21/2009 14:57:15 PM Kernel file c:\windows\system32\winlogon.exe Win32/Spy.Ursnif.A virus Alert was generated during the system startup file check.
8/21/2009 12:56:50 PM Kernel file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus Alert was generated during the system startup file check.
8/21/2009 12:56:49 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe.
8/21/2009 12:56:48 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/21/2009 12:56:45 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe.
8/21/2009 12:56:42 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe.
8/21/2009 12:56:41 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 12:56:39 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/21/2009 12:56:30 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe.
8/21/2009 12:56:28 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 12:56:27 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\stsystra.exe.
8/21/2009 12:56:27 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Dell\MediaDirect\PCMService.exe.
8/21/2009 12:56:26 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 12:56:23 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 12:56:20 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 12:56:08 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
8/21/2009 12:56:07 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 12:56:01 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/21/2009 12:55:57 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/21/2009 12:55:53 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe.
8/21/2009 12:55:45 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred when attempting to access the file.
8/21/2009 12:55:44 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
8/21/2009 12:55:41 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe.
8/21/2009 12:55:39 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/21/2009 12:55:38 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.
8/21/2009 3:20:27 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe.
8/21/2009 3:20:26 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe.
8/21/2009 3:20:24 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 3:20:23 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 3:20:18 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe.
8/21/2009 3:20:16 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Dell\MediaDirect\PCMService.exe.
8/21/2009 3:20:15 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\stsystra.exe.
8/21/2009 3:20:13 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 3:20:11 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 3:20:10 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 3:20:09 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 3:20:08 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\imapi.exe.
8/21/2009 3:20:08 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\imapi.exe.
8/21/2009 3:20:07 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\eHome\ehmsas.exe.
8/21/2009 3:20:06 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 3:20:05 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 3:20:00 AM AMON file \Device\HarddiskVolume2\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/21/2009 3:20:00 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WgaTray.exe.
8/21/2009 3:19:51 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
8/21/2009 3:19:50 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/21/2009 3:19:49 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/21/2009 3:19:46 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/21/2009 3:19:44 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/21/2009 3:17:54 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/21/2009 3:17:52 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
8/21/2009 3:17:50 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\dllhost.exe.
8/21/2009 3:17:49 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/21/2009 3:17:10 AM AMON file \Device\HarddiskVolume2\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/21/2009 3:17:07 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/21/2009 3:17:07 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/21/2009 3:16:25 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe.
8/21/2009 3:16:20 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\ehome\mcrdsvc.exe.
8/21/2009 3:16:19 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
8/21/2009 3:16:18 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe.
8/21/2009 3:16:17 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.
8/20/2009 19:56:33 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 19:56:32 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 19:56:25 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe.
8/20/2009 19:56:22 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe.
8/20/2009 19:56:19 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 19:56:19 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\stsystra.exe.
8/20/2009 19:56:17 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 19:56:16 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\eHome\ehRec.exe.
8/20/2009 19:56:14 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/20/2009 19:56:12 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/20/2009 19:56:11 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 19:56:10 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 19:56:09 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\ehome\ehtray.exe.
8/20/2009 19:56:02 PM AMON file \Device\HarddiskVolume2\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/20/2009 19:56:02 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WgaTray.exe.
8/20/2009 19:55:53 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
8/20/2009 19:55:51 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/20/2009 19:55:49 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/20/2009 19:55:48 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 19:21:33 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/20/2009 17:40:31 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/20/2009 17:35:39 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/20/2009 17:09:12 PM AMON file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/20/2009 17:08:57 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/20/2009 16:41:16 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/20/2009 16:24:20 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\DfrgNtfs.exe.
8/20/2009 16:24:18 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\defrag.exe.
8/20/2009 16:24:18 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\defrag.exe.
8/20/2009 15:59:46 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\System32\alg.exe.
8/20/2009 15:59:43 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
8/20/2009 15:59:43 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\dllhost.exe.
8/20/2009 15:59:41 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/20/2009 15:58:41 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/20/2009 15:58:41 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/20/2009 15:58:07 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe.
8/20/2009 15:57:57 PM AMON file \Device\HarddiskVolume2\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/20/2009 15:57:51 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe.
8/20/2009 15:57:49 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.
8/20/2009 10:48:01 AM Kernel file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus Alert was generated during the system startup file check.
8/20/2009 10:48:00 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe.
8/20/2009 10:47:50 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe.
8/20/2009 10:47:49 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 10:47:46 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Dell\MediaDirect\PCMService.exe.
8/20/2009 10:47:43 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 10:47:42 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/20/2009 10:47:41 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\ehome\ehtray.exe.
8/20/2009 10:47:21 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/20/2009 10:47:20 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/20/2009 10:47:04 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
8/20/2009 10:47:00 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/20/2009 10:46:58 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/20/2009 10:46:57 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/20/2009 10:46:56 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/20/2009 10:46:44 AM AMON file \Device\HarddiskVolume2\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/20/2009 10:46:40 AM AMON file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred when attempting to access the file.
8/20/2009 10:46:29 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe.
8/20/2009 10:46:25 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\ehome\mcrdsvc.exe.
8/20/2009 10:46:24 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe.
8/20/2009 10:46:22 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.
8/20/2009 1:37:11 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/19/2009 21:14:19 PM Kernel file c:\windows\system32\winlogon.exe Win32/Spy.Ursnif.A virus Alert was generated during the system startup file check.
8/17/2009 23:36:46 PM Kernel file c:\windows\system32\winlogon.exe Win32/Spy.Ursnif.A virus Alert was generated during the system startup file check.
8/16/2009 19:45:40 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe.
8/16/2009 19:45:38 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Messenger\msmsgs.exe.
8/16/2009 19:45:36 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe.
8/16/2009 19:45:32 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe.
8/16/2009 19:45:30 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/16/2009 19:45:27 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe.
8/16/2009 19:45:20 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe.
8/16/2009 19:45:15 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Dell\MediaDirect\PCMService.exe.
8/16/2009 19:45:11 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/16/2009 19:45:09 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\stsystra.exe.
8/16/2009 19:45:07 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WLTRAY.exe.
8/16/2009 19:45:07 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/16/2009 19:45:06 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\eHome\ehmsas.exe.
8/16/2009 19:45:04 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\imapi.exe.
8/16/2009 19:45:04 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/16/2009 19:45:03 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\ehome\ehtray.exe.
8/16/2009 19:44:57 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WgaTray.exe.
8/16/2009 19:44:50 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
8/16/2009 19:44:45 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/16/2009 19:44:41 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/16/2009 19:44:40 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/16/2009 19:43:10 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\System32\alg.exe.
8/16/2009 19:43:08 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\dllhost.exe.
8/16/2009 19:43:04 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/16/2009 19:42:26 PM AMON file \Device\HarddiskVolume2\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/16/2009 19:42:25 PM AMON file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred when attempting to access the file.
8/16/2009 19:42:23 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/16/2009 19:41:37 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe.
8/16/2009 19:41:31 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\ehome\mcrdsvc.exe.
8/16/2009 19:41:30 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
8/16/2009 19:41:27 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
8/16/2009 19:41:25 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/16/2009 19:41:23 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.
8/16/2009 18:58:30 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe.
8/16/2009 16:56:03 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe.
8/16/2009 16:56:01 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/16/2009 16:55:53 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/16/2009 16:55:51 PM Kernel file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus Alert was generated during the system startup file check.
8/16/2009 16:55:50 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe.
8/16/2009 16:55:45 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/16/2009 16:55:42 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/16/2009 16:55:41 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\stsystra.exe.
8/16/2009 16:55:40 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WLTRAY.exe.
8/16/2009 16:55:38 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/16/2009 16:55:34 PM AMON file \Device\HarddiskVolume2\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/16/2009 16:55:33 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WgaTray.exe.
8/16/2009 16:55:27 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
8/16/2009 16:55:27 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/16/2009 16:55:17 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/16/2009 16:55:14 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/16/2009 16:54:50 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\DfrgNtfs.exe.
8/16/2009 16:54:49 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\defrag.exe.
8/16/2009 16:54:48 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\defrag.exe.
8/16/2009 16:43:38 PM Kernel file c:\windows\system32\winlogon.exe Win32/Spy.Ursnif.A virus Alert was generated during the system startup file check.
8/16/2009 16:42:07 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/16/2009 16:42:06 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred when attempting to access the file.
8/16/2009 16:42:04 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/16/2009 16:41:13 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/16/2009 16:40:35 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe.
8/16/2009 16:40:27 PM AMON file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred when attempting to access the file.
8/16/2009 16:40:26 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\ehome\mcrdsvc.exe.
8/16/2009 16:40:25 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe.
8/16/2009 16:40:24 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.
8/15/2009 22:09:33 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus Event occurred at an attempt to access the file by the application: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe.
8/15/2009 16:01:59 PM Kernel file c:\windows\system32\winlogon.exe Win32/Spy.Ursnif.A virus Alert was generated during the system startup file check.
8/14/2009 18:27:42 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe.
8/14/2009 18:27:40 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/14/2009 18:27:40 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe.
8/14/2009 18:27:25 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe.
8/14/2009 18:27:23 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Dell\MediaDirect\PCMService.exe.
8/14/2009 18:27:20 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WLTRAY.exe.
8/14/2009 18:27:20 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/14/2009 18:27:03 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
8/14/2009 18:27:00 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 18:26:57 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/14/2009 18:26:55 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/14/2009 18:26:54 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 18:26:53 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/14/2009 18:26:44 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe.
8/14/2009 18:26:30 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/14/2009 18:26:28 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe.
8/14/2009 18:26:27 PM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.
8/14/2009 18:23:03 PM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 13:01:23 PM Kernel file c:\windows\system32\winlogon.exe Win32/Spy.Ursnif.A virus Alert was generated during the system startup file check.
8/14/2009 10:45:15 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe.
8/14/2009 10:45:13 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 10:45:06 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/14/2009 10:45:03 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe.
8/14/2009 10:45:02 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\ehome\ehtray.exe.
8/14/2009 10:45:00 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 10:44:57 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\stsystra.exe.
8/14/2009 10:44:56 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 10:44:54 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\imapi.exe.
8/14/2009 10:44:52 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WLTRAY.exe.
8/14/2009 10:44:51 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 10:44:44 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WgaTray.exe.
8/14/2009 10:44:05 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\System32\alg.exe.
8/14/2009 10:44:04 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred when attempting to access the file.
8/14/2009 10:43:58 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\dllhost.exe.
8/14/2009 10:43:56 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/14/2009 10:43:49 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
8/14/2009 10:43:46 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 10:43:42 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/14/2009 10:43:41 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/14/2009 10:43:39 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/14/2009 10:43:38 AM AMON file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred when attempting to access the file.
8/14/2009 10:43:18 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/14/2009 10:42:24 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe.
8/14/2009 10:42:20 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\ehome\mcrdsvc.exe.
8/14/2009 10:42:19 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
8/14/2009 10:42:14 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
8/14/2009 10:42:13 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred when attempting to access the file.
8/14/2009 10:42:12 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe.
8/14/2009 10:42:12 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.
8/14/2009 10:38:49 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\iTunes\iTunesHelper.exe.
8/14/2009 8:23:59 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe.
8/14/2009 8:23:58 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 8:23:56 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe.
8/14/2009 8:23:55 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Messenger\msmsgs.exe.
8/14/2009 8:23:44 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe.
8/14/2009 8:23:43 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe.
8/14/2009 8:23:42 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 8:23:33 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Common Files\Real\Update_OB\realsched.exe.
8/14/2009 8:23:33 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\stsystra.exe.
8/14/2009 8:23:32 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\Program Files\Dell\MediaDirect\PCMService.exe.
8/14/2009 8:23:30 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 8:23:29 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 8:23:26 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WLTRAY.exe.
8/14/2009 8:23:24 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\imapi.exe.
8/14/2009 8:23:22 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/14/2009 8:23:20 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/14/2009 8:23:19 AM AMON file \Device\HarddiskVolume2\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\NETWORK SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wbem\wmiprvse.exe.
8/14/2009 8:23:19 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\eHome\ehmsas.exe.
8/14/2009 8:23:18 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\WgaTray.exe.
8/14/2009 8:23:16 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/14/2009 8:23:07 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/14/2009 8:23:01 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
8/14/2009 8:22:59 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred when attempting to access the file.
8/14/2009 8:22:58 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/14/2009 8:22:55 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus ERIK-LAPTOP\Erik Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\Ati2evxx.exe.
8/14/2009 8:22:55 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.
8/14/2009 8:15:20 AM AMON file C:\System Volume Information\_restore{FC6EFB28-A9DB-413C-BC1B-9D1A8ACE87BA}\RP659\A0280114.exe a variant of Win32/Kryptik.KA trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window.
8/14/2009 8:14:09 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\DfrgNtfs.exe.
8/14/2009 8:14:08 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\defrag.exe.
8/14/2009 8:14:07 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/14/2009 8:01:13 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\LOCAL SERVICE Event occurred at an attempt to access the file by the application: C:\WINDOWS\System32\alg.exe.
8/14/2009 8:01:12 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\dllhost.exe.
8/14/2009 8:01:10 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred when attempting to access the file.
8/14/2009 8:01:09 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
8/14/2009 8:00:23 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/14/2009 8:00:23 AM AMON file C:\WINDOWS\SYSTEM32\WINLOGON.EXE Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\system32\wuauclt.exe.
8/14/2009 7:59:37 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe.
8/14/2009 7:59:35 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe.
8/14/2009 0:19:36 AM AMON file C:\WINDOWS\system32\winlogon.exe Win32/Spy.Ursnif.A virus Event occurred at an attempt to access the file by the application: C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe.
Phishermaneto
Active Member
 
Posts: 8
Joined: August 14th, 2009, 11:14 am

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Cyborg » August 23rd, 2009, 12:08 pm

P2P Warning

I must draw your attention to the >MalWare Removal policy regarding P2P programs. You must uninstall all P2P programs and post a fresh HijackThis log before I can continue with cleaning your computer.


go to Start > Control Panel > Add/Remove Programs
If present, remove the following program:


Limewire


*NOTE* Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.



If you continue to use P2P programs, we see no purpose in cleaning your machine as it is pretty much certain that, if you continue to use them, your computer will get infected again.

Please go to C:\ and delete the folder : RSIT.

Now, please re-use these instructions to re-run RSIT :

  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... 2 logs files...will be produced.
  • The first one, "log.txt", will be maximized
  • The second one, "info.txt", will be minimized.
Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Phishermaneto » August 23rd, 2009, 3:00 pm

fwiw, this shouldn't change much as I haven't run limewire in 2 years.

log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Erik at 2009-08-23 14:58:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 9 GB (8%) free of 112 GB
Total RAM: 2046 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:48 PM, on 8/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Autobahn\autobahn.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Erik.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phisherman.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://local.swarmcast.net:8001/proxy.pac
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll
O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: autobahn.lnk = C:\Program Files\Autobahn\autobahn.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open and Translate in Word - res://C:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1B9B97D0-C0F4-4045-9B42-50A4535C9041} (WCLoaderCtl Class) - http://download.paltalk.com/wcloader_prod/wcloader.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {42D06124-98A2-47EC-8098-3778B58CE7D5} (SupportSoft External Control) - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2712008921
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FreePOPs - Unknown owner - C:\Program Files\FreePOPs\freepopsservice.exe (file missing)
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11584 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2008-03-28 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2008-03-28 501056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - Systran50premi.IEPlugIn - C:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll [2004-06-21 253952]
{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - Verizon Broadband Toolbar - C:\PROGRA~1\VOL_TO~1\VOL_TO~1.DLL [2007-05-25 1904128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"PCMService"=C:\Program Files\Dell\MediaDirect\PCMService.exe [2006-08-22 184320]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-11-01 1392640]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-03-08 761947]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2006-05-31 921600]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-03-02 185896]
"USB Storage Toolbox"=C:\Program Files\USBToolbox\Res.EXE [2002-01-15 118784]
"ddoctorv2"=C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-03-13 81920]
"CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2006-09-28 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2006-11-12 157592]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-01-15 147456]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
autobahn.lnk - C:\Program Files\Autobahn\autobahn.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-23 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Autobahn\autobahn.exe"="C:\Program Files\Autobahn\autobahn.exe:*:Enabled:Autobahn"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Streamer\streamer.exe"="C:\Program Files\Streamer\streamer.exe:*:Enabled:streamer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"D:\setup\HPZnui01.exe"="D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"

======List of files/folders created in the last 3 months======

2009-08-23 14:58:45 ----D---- C:\rsit
2009-08-19 00:32:57 ----D---- C:\Documents and Settings\Administrator\Application Data\LEAPS
2009-08-19 00:20:29 ----D---- C:\Program Files\Pegasys Inc
2009-08-19 00:20:28 ----D---- C:\Documents and Settings\Administrator\Application Data\Pegasys Inc
2009-08-15 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-14 11:12:50 ----D---- C:\Program Files\Trend Micro
2009-08-14 09:34:00 ----D---- C:\7940d4a626a81a6c20b4
2009-08-14 09:33:22 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-14 09:26:47 ----D---- C:\WINDOWS\ie8updates
2009-08-14 09:21:03 ----HDC---- C:\WINDOWS\ie8
2009-08-14 09:17:45 ----SHD---- C:\RECYCLER
2009-08-13 22:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 22:44:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 22:44:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 22:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 22:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 22:44:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 22:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 22:43:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 22:41:32 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-13 22:41:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 22:14:59 ----A---- C:\ComboFix.txt
2009-08-13 22:03:40 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\zip.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\SWREG.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\sed.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\PEV.exe
2009-08-13 22:03:38 ----A---- C:\WINDOWS\grep.exe
2009-08-13 22:03:37 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-13 22:03:37 ----A---- C:\WINDOWS\SWSC.exe
2009-08-13 22:03:31 ----D---- C:\WINDOWS\ERDNT
2009-08-13 22:03:23 ----SD---- C:\ComboFix
2009-08-13 22:01:37 ----D---- C:\Qoobox
2009-07-17 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-17 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-17 03:01:03 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-06-10 05:56:12 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 05:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 05:53:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 05:52:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-05-29 17:34:38 ----D---- C:\Documents and Settings\Administrator\Application Data\Xbins

======List of files/folders modified in the last 3 months======

2009-08-23 14:57:53 ----D---- C:\WINDOWS\Prefetch
2009-08-23 14:53:29 ----RD---- C:\Program Files
2009-08-23 13:58:56 ----D---- C:\WINDOWS\Temp
2009-08-23 10:11:53 ----D---- C:\Program Files\Mozilla Firefox
2009-08-23 10:03:49 ----A---- C:\WINDOWS\ModemLog_Bluetooth Modem.txt
2009-08-23 10:03:49 ----A---- C:\WINDOWS\ModemLog_Bluetooth Fax Modem.txt
2009-08-23 10:03:45 ----A---- C:\WINDOWS\ModemLog_Bluetooth Null Modem.txt
2009-08-23 10:03:44 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D110 MDC V.92 Modem.txt
2009-08-23 09:03:16 ----A---- C:\WINDOWS\win.ini
2009-08-23 09:00:52 ----D---- C:\WINDOWS
2009-08-23 08:59:51 ----D---- C:\WINDOWS\Registration
2009-08-23 08:59:04 ----D---- C:\MDT
2009-08-23 08:58:17 ----D---- C:\Documents and Settings\Administrator\Application Data\WTablet
2009-08-23 05:53:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-20 01:37:40 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-08-19 00:20:58 ----SHD---- C:\WINDOWS\Installer
2009-08-19 00:20:58 ----HD---- C:\Config.Msi
2009-08-15 03:02:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-15 03:02:04 ----HD---- C:\WINDOWS\inf
2009-08-15 03:01:58 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-15 03:01:44 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-14 11:58:00 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-14 11:57:52 ----RSD---- C:\WINDOWS\assembly
2009-08-14 10:43:38 ----D---- C:\WINDOWS\system32
2009-08-14 10:41:26 ----D---- C:\WINDOWS\system32\en-US
2009-08-14 10:41:24 ----D---- C:\WINDOWS\Media
2009-08-14 10:41:24 ----D---- C:\Program Files\Internet Explorer
2009-08-14 10:41:23 ----D---- C:\WINDOWS\Help
2009-08-14 09:40:24 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-14 09:39:56 ----D---- C:\WINDOWS\WinSxS
2009-08-14 09:35:20 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-14 09:35:08 ----RSD---- C:\WINDOWS\Fonts
2009-08-14 09:27:41 ----A---- C:\WINDOWS\imsins.BAK
2009-08-14 09:27:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-13 22:44:11 ----D---- C:\Program Files\Outlook Express
2009-08-13 22:41:22 ----D---- C:\WINDOWS\system32\drivers
2009-08-13 22:12:25 ----A---- C:\WINDOWS\system.ini
2009-08-13 22:10:27 ----D---- C:\WINDOWS\AppPatch
2009-08-13 22:10:18 ----D---- C:\Program Files\Common Files
2009-08-12 19:23:52 ----D---- C:\Documents and Settings\Administrator\Application Data\HPAppData
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-27 16:04:35 ----D---- C:\Documents and Settings\Administrator\Application Data\Vso
2009-07-24 14:46:39 ----D---- C:\Program Files\Mozilla Thunderbird
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 09:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 15:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 23:43:24 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-03 13:09:28 ----A---- C:\WINDOWS\system32\wininet.dll
2009-07-03 13:09:27 ----N---- C:\WINDOWS\system32\occache.dll
2009-07-03 13:09:27 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 13:09:25 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-07-03 13:09:24 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-07-03 13:09:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-07-03 13:09:23 ----N---- C:\WINDOWS\system32\iepeers.dll
2009-07-03 13:09:21 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-07-03 07:01:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-16 03:06:49 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-06-12 08:31:40 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-06-12 08:31:39 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-10 10:13:29 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-06-10 09:19:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 02:14:49 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-03 15:09:37 ----A---- C:\WINDOWS\system32\quartz.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-23 1578496]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-10-12 604928]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2006-05-24 328237]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2006-05-24 30427]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2006-05-24 851434]
R3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2006-05-24 30285]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2006-05-24 66488]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-15 34760]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-01-09 47360]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-03-08 191872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 12848]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-15 11440]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 abpt6fkp;abpt6fkp; C:\WINDOWS\system32\drivers\abpt6fkp.sys []
S3 APLMp50;APLMp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\APLMp50.sys [2005-02-16 18816]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ayhj1ekx;ayhj1ekx; C:\WINDOWS\system32\drivers\ayhj1ekx.sys []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2006-05-24 148900]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2006-05-24 45683]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2008-04-16 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2008-04-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2008-04-16 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-23 409600]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2006-05-24 266295]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2006-08-03 380928]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2006-05-31 507904]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 1373480]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-11-01 20480]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-01-15 266240]
S2 FreePOPs;FreePOPs; C:\Program Files\FreePOPs\freepopsservice.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-01-15 774144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-11-06 92792]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Phishermaneto
Active Member
 
Posts: 8
Joined: August 14th, 2009, 11:14 am

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Phishermaneto » August 23rd, 2009, 3:00 pm

info

info.txt logfile of random's system information tool 1.06 2009-08-23 14:58:50

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
abgx360 v1.0.1-->"C:\Program Files\abgx360\uninstall.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Autobahn-->C:\Program Files\Autobahn\Uninstall.exe
AVI Splitter-->"C:\Program Files\avisplit\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
ConvertXtoDVD 3.3.4.107-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
dBpoweramp [Calculate Audio CRC] Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat
dBpowerAMP Arrange Music-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Arrange Music.dat
dBpowerAMP Channel Split-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Channel Split.dat
dBpowerAMP DirectShow Decoder Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP DirectShow Decoder Codec.dat
dBpoweramp FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
dBpoweramp m4a Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
dBpoweramp Monkeys Audio Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat
dBPowerAMP Mp2 and BwfMp2 codec r4-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Mp2 and BwfMp2 codec r4.dat
dBpoweramp Mp2 and BwfMp2 codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat
dBpoweramp mp3 (Fraunhofer IIS) Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat
dBpowerAMP Mp4 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
dBpoweramp Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
dBpoweramp Ogg Vorbis Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
dBPowerAMP Real Audio Encoder R3-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBPowerAMP Real Audio Encoder R3.dat
dBpowerAMP Rename Extension-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Rename Extension.dat
dBpoweramp Shorten Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Shorten Codec.dat
dBpowerAMP Tag From Filename-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Tag From Filename.dat
dBpowerAMP Update ID Tag-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Update ID Tag.dat
dBpoweramp WavPack Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp WavPack Codec.dat
dBpowerAMP WMA V9.1 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP WMA V9.1 Codec.dat
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digidesign Free Bomb Factory Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
Digidesign Shared Plug-Ins 7.4-->C:\Program Files\InstallShield Installation Information\{AFE354A5-640F-4A23-94C8-0B441E8967CA}\Setup.exe -runfromtemp -l0x0009 FromUninstall -removeonly
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dMC Generic CLI Encoder-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dMC Generic CLI Encoder.dat
dMC Power Pack-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dMC Power Pack.dat
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
Freez Screen Video Capture v1.2-->"C:\Program Files\Smallvideosoft\Freez Screen Video Capture\unins000.exe"
Full Tilt Poker-->"C:\Program Files\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
HHD Software Free Hex Editor Neo 4.01-->"C:\Program Files\HHD Software\Hex Editor Neo\Setup\uninstHEX.exe" -u
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Update-->MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
Interlok driver setup x32-->MsiExec.exe /X{25613C10-27D2-410B-942B-D922D5C3A7BE}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
K-Lite Codec Pack 4.1.7 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Magic ISO Maker v5.3 (build 0229)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager-->MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3 To Ringtone Gold 5.20-->"C:\Program Files\AnMing\unins000.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicnotes Player V1.22.3-->"C:\Program Files\Musicnotes\Player\unins000.exe"
Nero 7 Premium-->MsiExec.exe /I{FC98FBE9-E931-494C-8717-497185371033}
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
OCR Software by I.R.I.S. 11.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Peggle Deluxe 1.0-->C:\Program Files\PopCap Games\Peggle Deluxe\PopUninstall.exe "C:\Program Files\PopCap Games\Peggle Deluxe\Install.log"
Pen Tablet-->C:\Program Files\Tablet\Pen\Remove.exe /u
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Replay AV 8-->C:\WINDOWS\iun6002.exe "C:\Program Files\Replay AV 8\uninstall8.ini"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sony Noise Reduction Plug-In 2.0h-->MsiExec.exe /X{06A1BE8A-4CA4-4A39-B9E4-E815AA8FE05C}
Sony Sound Forge 9.0-->MsiExec.exe /X{CCA51496-49D4-4FBF-9866-A2E2F40FAC7A}
Streamer (remove only)-->"C:\Program Files\Streamer\uninstall.exe"
SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
SYSTRAN Premium 5.0-->MsiExec.exe /I{53595300-0624-0001-3530-007072656D69}
TMPGEnc 4.0 XPress-->MsiExec.exe /I{485C28E6-7E8C-40E4-BCFE-6E85B1F46D7A}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wnjiper-->MsiExec.exe /I{923CAE62-30C9-425E-B4ED-F5E9C09C5C4A}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->C:\Program Files\TurboTax\Premier 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Premier 2007-->C:\Program Files\TurboTax\Premier 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Premier 2007\Uninstall.log" -NoGui
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
USB Mass Storage Toolbox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{62B002C5-1AB3-11D8-8092-00E018B21FC0}\Setup.exe"
Verizon Broadband Toolbar-->C:\Program Files\vol_toolbar\uninstall.exe
VST Bridge 1.1-->"C:\Program Files\Audacity\Plug-ins\VST Bridge\unins000.exe"
WIDCOMM Bluetooth Software-->MsiExec.exe /X{3F4EC965-28EF-45C3-B063-04B25D4E9679}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0.2-->C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wisdom-soft ScreenHunter 5.0 Pro-->C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG

Hosts File Missing
======Security center information======

AV: Eset NOD32 antivirus system 2.51

======System event log======

Computer Name: ERIK-LAPTOP
Event Code: 1002
Message: The IP address lease 192.168.1.3 for the Network Card with network address 00197D37E1FB has been
denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

Record Number: 66011
Source Name: Dhcp
Time Written: 20090506180244.000000-240
Event Type: error
User:

Computer Name: ERIK-LAPTOP
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 65992
Source Name: Service Control Manager
Time Written: 20090506180230.000000-240
Event Type: error
User:

Computer Name: ERIK-LAPTOP
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Record Number: 65991
Source Name: Windows Update Agent
Time Written: 20090506180202.000000-240
Event Type: error
User:

Computer Name: ERIK-LAPTOP
Event Code: 34
Message: The time service has detected that the system time needs to be
changed by -52707602 seconds. The time service will not change the system
time by more than -54000 seconds. Verify that your time and time zone
are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.3:123->207.46.232.182:123) is working properly.

Record Number: 65983
Source Name: W32Time
Time Written: 20110105213354.000000-300
Event Type: error
User:

Computer Name: ERIK-LAPTOP
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 65979
Source Name: W32Time
Time Written: 20110105212510.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 92
Source Name: Userenv
Time Written: 20090428185809.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 77
Source Name: Userenv
Time Written: 20090428075853.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 59
Source Name: Userenv
Time Written: 20090427172730.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 44
Source Name: Userenv
Time Written: 20090427083017.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ERIK-LAPTOP
Event Code: 1517
Message: Windows saved user ERIK-LAPTOP\Erik registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15
Source Name: Userenv
Time Written: 20090423161823.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
Phishermaneto
Active Member
 
Posts: 8
Joined: August 14th, 2009, 11:14 am

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Cyborg » August 25th, 2009, 11:38 am

Download and Run ComboFix

  • Please download ComboFix, and find instructions on how to properly run it from Here
    Make sure you install the recovery console if asked to.
    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time and can be a lifesaver later.
    Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • Run ComboFix as instructed by the tutorial. Normal scan time is 10-20 minutes. When ComboFix is finished running, a log will be opened. Include this log in your next reply.
User avatar
Cyborg
Regular Member
 
Posts: 1143
Joined: September 8th, 2007, 12:45 pm

Re: Win32/Spy.Ursnif.A Virus - How do I get rid of it??

Unread postby Carolyn » September 2nd, 2009, 10:15 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware