Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virtumonde (.sci, generic) Smitfraud etc.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virtumonde (.sci, generic) Smitfraud etc.

Unread postby danp » December 24th, 2008, 7:55 pm

Hi,
First time here. I hope I'm following the program. Scanned with Spybot with no luck. Hope you can help.
Any suggestions, Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:53, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
C:\WINDOWS\system32\cogremind_srv.exe
C:\WINDOWS\system32\cogsls_srv.exe
C:\WINDOWS\system32\cogss_srv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPC32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\New Folder02\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.203:8080
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [CognexOpc] "C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe" -I
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: dmtjmj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cognex In-Sight Port Service (CogISSvc) - Unknown owner - C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
O23 - Service: Cognex Reminder Service (cogremind_srv) - Cognex Corporation - C:\WINDOWS\system32\cogremind_srv.exe
O23 - Service: Cognex Software Licensing Service (cogsls_srv) - Cognex Corporation - C:\WINDOWS\system32\cogsls_srv.exe
O23 - Service: Cognex Security Service (cogss_srv) - Cognex Corporation - C:\WINDOWS\system32\cogss_srv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FMS Scheduler2 (FMSScheduler2) - Radix Controls Inc. - C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
O23 - Service: Radix Software: Hasp Loader (HaspLicenseManager) - Aladdin Knowledge Systems Ltd. - C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ifccsc21 - Unknown owner - C:\WINDOWS\system32\ifccsc21.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9976 bytes
danp
Regular Member
 
Posts: 22
Joined: December 24th, 2008, 4:56 pm
Advertisement
Register to Remove

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby Shaba » December 27th, 2008, 5:50 am

Hi danp

Rename HijackThis.exe to danp.exe and post back a fresh HijackThis log, please :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby danp » December 27th, 2008, 11:34 am

Hi,
First time here. I hope I'm following the program. Scanned with Spybot with no luck. Hope you can help.
Any suggestions, Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:53, on 12/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
C:\WINDOWS\system32\cogremind_srv.exe
C:\WINDOWS\system32\cogsls_srv.exe
C:\WINDOWS\system32\cogss_srv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPC32.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\New Folder02\danp.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.203:8080
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [CognexOpc] "C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe" -I
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: dmtjmj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cognex In-Sight Port Service (CogISSvc) - Unknown owner - C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
O23 - Service: Cognex Reminder Service (cogremind_srv) - Cognex Corporation - C:\WINDOWS\system32\cogremind_srv.exe
O23 - Service: Cognex Software Licensing Service (cogsls_srv) - Cognex Corporation - C:\WINDOWS\system32\cogsls_srv.exe
O23 - Service: Cognex Security Service (cogss_srv) - Cognex Corporation - C:\WINDOWS\system32\cogss_srv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FMS Scheduler2 (FMSScheduler2) - Radix Controls Inc. - C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
O23 - Service: Radix Software: Hasp Loader (HaspLicenseManager) - Aladdin Knowledge Systems Ltd. - C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ifccsc21 - Unknown owner - C:\WINDOWS\system32\ifccsc21.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9976 bytes
danp
Regular Member
 
Posts: 22
Joined: December 24th, 2008, 4:56 pm

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby Shaba » December 27th, 2008, 11:38 am

  • Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby danp » December 27th, 2008, 6:06 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by DanP at 2008-12-27 17:00:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (43%) free of 45 GB
Total RAM: 1014 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:00:46, on 12/27/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
C:\WINDOWS\system32\cogremind_srv.exe
C:\WINDOWS\system32\cogsls_srv.exe
C:\WINDOWS\system32\cogss_srv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\DanP.RHEA\Desktop\RSIT.exe
C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\New Folder02\DanP.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.203:8080
O2 - BHO: (no name) - {1DC9E38C-C6FB-4C75-95C0-E49BCF508731} - (no file)
O2 - BHO: (no name) - {3D018C5B-24D6-4FE5-B177-58DEF7DBD0F5} - C:\WINDOWS\system32\fccdbCut.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\vtULefGy.dll
O2 - BHO: {b17e9a26-1247-1c28-de84-c61e5c0ed97e} - {e79de0c5-e16c-48ed-82c1-742162a9e71b} - C:\WINDOWS\system32\dmtjmj.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [CognexOpc] "C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe" -I
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: dmtjmj.dll
O20 - Winlogon Notify: vtULefGy - C:\WINDOWS\SYSTEM32\vtULefGy.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cognex In-Sight Port Service (CogISSvc) - Unknown owner - C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
O23 - Service: Cognex Reminder Service (cogremind_srv) - Cognex Corporation - C:\WINDOWS\system32\cogremind_srv.exe
O23 - Service: Cognex Software Licensing Service (cogsls_srv) - Cognex Corporation - C:\WINDOWS\system32\cogsls_srv.exe
O23 - Service: Cognex Security Service (cogss_srv) - Cognex Corporation - C:\WINDOWS\system32\cogss_srv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FMS Scheduler2 (FMSScheduler2) - Radix Controls Inc. - C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
O23 - Service: Radix Software: Hasp Loader (HaspLicenseManager) - Aladdin Knowledge Systems Ltd. - C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ifccsc21 - Unknown owner - C:\WINDOWS\system32\ifccsc21.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10374 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\kiaayqdb.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DC9E38C-C6FB-4C75-95C0-E49BCF508731}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D018C5B-24D6-4FE5-B177-58DEF7DBD0F5}]
C:\WINDOWS\system32\fccdbCut.dll [2008-12-20 286208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
C:\WINDOWS\system32\vtULefGy.dll [2008-12-20 57856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e79de0c5-e16c-48ed-82c1-742162a9e71b}]
C:\WINDOWS\system32\dmtjmj.dll [2008-12-20 135168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-07-19 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-19 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-01-11 15961088]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-12 53248]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-09-09 88203]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-04 102490]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-09-23 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-12 275800]
"VX3000"=C:\WINDOWS\vVX3000.exe [2006-12-05 707360]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-06-15 124656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CognexOpc"=C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe [2008-09-10 86016]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="dmtjmj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtULefGy]
C:\WINDOWS\system32\vtULefGy.dll [2008-12-20 57856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=C:\WINDOWS\system32\vtULefGy.dll [2008-12-20 57856]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\fccdbCut

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe"="D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe:*:Enabled: "
"D:\Program Files\HP\HP Software Update\HPWUCli.exe"="D:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client"
"C:\Program Files\Windows NT\hypertrm.exe"="C:\Program Files\Windows NT\hypertrm.exe:*:Enabled:HyperTerminal Applet"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe:*:Enabled:In-Sight OPC Server 3.3.0"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Radix\File Management System 2\fms2.exe"="C:\Program Files\Radix\File Management System 2\fms2.exe:*:Enabled:File Management and Version Control Software for Industrial Applications."
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe"="C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe:*:Enabled:Microsoft CRM Web Service Hoster"
"C:\Program Files\DVT\Intellect122\Intellect.exe"="C:\Program Files\DVT\Intellect122\Intellect.exe:*:Enabled:DVT Intellect 1.2 User Interface Application"
"C:\Program Files\DVT\Intellect122\intellectEmulator.exe"="C:\Program Files\DVT\Intellect122\intellectEmulator.exe:*:Enabled:IntellectEmulator"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Sherlock\Bin\sp32.exe"="D:\Sherlock\Bin\sp32.exe:*:Enabled:sp32"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Cognex\DVT\FrameWork277\FWK.exe"="C:\Program Files\Cognex\DVT\FrameWork277\FWK.exe:*:Enabled:FWK"
"C:\Program Files\Cognex\DVT\FrameWork277\FWKEmulator.exe"="C:\Program Files\Cognex\DVT\FrameWork277\FWKEmulator.exe:*:Enabled:FWKEmulator"
"C:\Program Files\Cognex\DVT\FrameWork277\DVTListener.exe"="C:\Program Files\Cognex\DVT\FrameWork277\DVTListener.exe:*:Enabled:DVTListener"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer SR"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Autodesk\Autodesk Design Review\DesignReview.exe"="C:\Program Files\Autodesk\Autodesk Design Review\DesignReview.exe:*:Enabled:Autodesk Design Review"
"\\Citation\trackit\TLight.exe"="\\Citation\trackit\TLight.exe:192.168.0.2/255.255.255.255:Enabled:Track-IT light"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager SR"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"D:\InsightSampleCode\ExcelServer\ExcelServer\InSightExcelDemo.exe"="D:\InsightSampleCode\ExcelServer\ExcelServer\InSightExcelDemo.exe:*:Enabled:InSightExcelDemo"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\InSight2\In-Sight Explorer.exe"="C:\InSight2\In-Sight Explorer.exe:*:Enabled:In-Sight Explorer and Network Configuration"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.2.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.2.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe"="D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe:*:Enabled: "
"D:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.2.1\OpcInSight.exe"="D:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.2.1\OpcInSight.exe:*:Enabled:In-Sight OPC Server 3.2.1"
"D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Connection Manager.exe"="D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Connection Manager.exe:*:Enabled:In-Sight Connection Manager 3.2.1"
"D:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe"="D:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe:*:Enabled:Download Driver"
"C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe"="C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe:*:Enabled:Microsoft CRM Web Service Hoster"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe:*:Disabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager SR"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer SR"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.1.0\OpcInSight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.1.0\OpcInSight.exe:*:Enabled:In-Sight OPC Server 4.1.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{768e41d0-912a-11db-af26-0013cec1c267}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2738866-bb1f-11dd-b0bd-0013cec1c267}]
shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd8744a6-cb6c-11dc-b00d-0013cec1c267}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1b095d-6fae-11dd-b09e-0013cec1c267}]
shell\AutoRun\command - G:\Autorun.exe /run
shell\Shell00\command - G:\Autorun.exe /run
shell\Shell01\command - G:\Autorun.exe /action
shell\Shell02\command - G:\Autorun.exe /uninstall


======List of files/folders created in the last 1 months======

2008-12-27 17:00:32 ----D---- C:\rsit
2008-12-24 16:08:07 ----ASH---- C:\WINDOWS\system32\tuCbdccf.ini2
2008-12-24 01:08:26 ----ASH---- C:\WINDOWS\system32\tuCbdccf.ini
2008-12-23 19:47:19 ----D---- C:\VundoFix Backups
2008-12-23 19:47:19 ----A---- C:\VundoFix.txt
2008-12-23 14:38:24 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-23 14:37:27 ----A---- C:\rapport.txt
2008-12-23 14:21:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-23 14:21:47 ----D---- C:\Program Files\Google
2008-12-23 14:16:38 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-23 11:21:14 ----A---- C:\WINDOWS\wininit.ini
2008-12-23 10:48:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 10:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 21:46:44 ----A---- C:\WINDOWS\system32\vtUmKDvT.dll
2008-12-20 21:39:26 ----A---- C:\WINDOWS\system32\opnnkkLe.dll
2008-12-20 21:39:01 ----A---- C:\WINDOWS\system32\dmtjmj.dll
2008-12-20 21:38:58 ----A---- C:\WINDOWS\system32\xrsnejbs.dll
2008-12-20 21:36:59 ----A---- C:\WINDOWS\system32\ab071401-.txt
2008-12-20 21:35:51 ----A---- C:\WINDOWS\system32\fccdbCut.dll
2008-12-20 21:30:32 ----A---- C:\WINDOWS\system32\vtULefGy.dll
2008-12-20 21:30:14 ----A---- C:\WINDOWS\system32\prunnet.exe

======List of files/folders modified in the last 1 months======

2008-12-24 19:13:03 ----D---- C:\WINDOWS\Temp
2008-12-24 18:28:11 ----D---- C:\WINDOWS\Prefetch
2008-12-24 16:20:57 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-24 16:19:39 ----D---- C:\WINDOWS
2008-12-24 16:17:17 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-24 16:16:52 ----D---- C:\Program Files\Common Files
2008-12-24 16:15:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-24 16:13:24 ----RD---- C:\Program Files
2008-12-24 16:13:21 ----D---- C:\WINDOWS\system32\drivers
2008-12-24 16:08:07 ----D---- C:\WINDOWS\system32
2008-12-24 09:12:37 ----D---- C:\WINDOWS\Help
2008-12-24 01:07:43 ----D---- C:\WINDOWS\system32\Lang
2008-12-23 15:13:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-23 15:12:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-23 13:44:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 10:34:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-22 10:07:51 ----SHD---- C:\WINDOWS\CSC
2008-12-21 23:35:53 ----A---- C:\WINDOWS\ModemLog_Actiontec 56K External Modem #7.txt
2008-12-21 22:12:51 ----D---- C:\WINDOWS\system32\Restore
2008-12-20 21:30:52 ----SD---- C:\WINDOWS\Tasks
2008-12-19 11:45:25 ----D---- C:\Documents and Settings
2008-12-18 08:24:50 ----D---- C:\Documents and Settings\DanP.RHEA\Application Data\U3
2008-12-15 10:23:18 ----A---- C:\WINDOWS\ModemLog_Actiontec 56K External Modem #4.txt
2008-12-14 20:00:47 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2008-12-14 13:42:21 ----A---- C:\WINDOWS\ModemLog_Actiontec 56K External Modem #6.txt
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 11:57:54 ----D---- C:\Program Files\Cognex

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CORSERIAL;CORSERIAL; C:\WINDOWS\system32\drivers\CORSERIAL.sys [2004-05-13 45880]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mvcntp;mvcntp; C:\WINDOWS\System32\DRIVERS\mvcntp.sys [2004-09-17 106112]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-21 17801]
R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2007-03-12 351744]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-12-21 90688]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-09 1120416]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-13 4137984]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\navex15.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-12-20 3298432]
R4 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 DriverX;DriverX; C:\WINDOWS\system32\drivers\DriverX.sys []
S2 int15.sys;int15.sys; \??\X:\int15.sys []
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-03-06 329856]
S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-03-06 135424]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-03-06 99712]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 chckr2xx;Checker 200 Series Driver; C:\WINDOWS\System32\Drivers\chckr2xx.sys [2007-06-04 15744]
S3 CORBDII;CORBDII; C:\WINDOWS\system32\drivers\CORBDII.sys [2002-09-24 92232]
S3 HHPCDC;HHPCDC; C:\WINDOWS\system32\drivers\hhpcdc.sys [2007-08-07 89728]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-03 132695]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NSPLUS;NSPLUS; C:\WINDOWS\system32\drivers\NSPLUS.sys [2004-09-17 101166]
S3 PC2C;PC2C; C:\WINDOWS\system32\drivers\PC2C.sys [2004-05-18 70188]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PCV2;PCV2; C:\WINDOWS\system32\drivers\PCV2.sys [2004-06-28 98197]
S3 PGRCAM;PGRCAM; C:\WINDOWS\system32\DRIVERS\pgrcam.sys [2007-02-07 26368]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-02-19 41344]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-01-24 12992]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-01-24 110784]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-01-24 31936]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081214.001\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-01-24 28352]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-12-05 1964064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-03-24 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 CogISSvc;Cognex In-Sight Port Service; C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe [2006-10-17 172632]
R2 Cognex.InSight.OpcServer;Cognex OPC Server; C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe [2008-09-10 28672]
R2 cogremind_srv;Cognex Reminder Service; C:\WINDOWS\system32\cogremind_srv.exe [2008-01-10 642048]
R2 cogsls_srv;Cognex Software Licensing Service; C:\WINDOWS\system32\cogsls_srv.exe [2007-12-20 1476096]
R2 cogss_srv;Cognex Security Service; C:\WINDOWS\system32\cogss_srv.exe [2008-01-10 727552]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
R2 FMSScheduler2;FMS Scheduler2; C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe [2007-05-23 397427]
R2 HaspLicenseManager;Radix Software: Hasp Loader; C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe [2005-05-29 249856]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2007-03-15 535807]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-06-07 87728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 MSSQL$CRM;MSSQL$CRM; C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2003-05-31 7544916]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 SQLAgent$CRM;SQLAgent$CRM; C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlagent.EXE [2002-12-17 311872]
R2 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-06-07 173744]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-22 65536]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-08 647680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ifccsc21;ifccsc21; C:\WINDOWS\system32\ifccsc21.exe [2004-11-10 24576]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2004-12-02 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.05 2008-12-27 17:00:50

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Actiontec 56K External Modem-EX560LKU-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1DB34951-555C-4178-9461-BD7CEC96BAB4}\setup.exe" -l0x9
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
Agere Systems HDA Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
ATS Demo (D:\Program Files\Honda ATS Demo\) #3-->C:\WINDOWS\st6unst.exe -n "D:\Program Files\Honda ATS Demo\ST6UNST.001"
ATS Demo (d:\Program Files\Honda ATS Demo\)-->C:\WINDOWS\st6unst.exe -n "D:\Program Files\Honda ATS Demo\ST6UNST.000"
ATS Demo-->C:\WINDOWS\st6unst.exe -n "D:\Program Files\Honda ATS Demo\ST6UNST.LOG"
Autodesk Design Review 2008-->MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
AZTEC-->c:\melcor\Remove.exe
Broadcom 802.11 Network Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose
Cognex 1756 Comm Module Profiles-->MsiExec.exe /X{638E1F0F-FD40-439A-9303-B7ACDD33883B}
Cognex DataMan Software v3.1.0-->C:\Program Files\InstallShield Installation Information\{544BECCC-D8B9-4DC9-A4BF-356756E413FC}\setup.exe -runfromtemp -l0x0009 -removeonly
Cognex Drivers 2.5-->MsiExec.exe /I{C6FAFB45-CC5B-4976-AD87-3068009148EB}
Cognex In-Sight OPC Server 3.4.2 (2431)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{80515AA6-8507-4433-9E6B-E79407009B5B}
Cognex In-Sight OPC Server 4.1.0 (4222)-->MsiExec.exe /I{1F371E69-6DED-4BDD-A213-C1DC3D7E18D6}
Cognex In-Sight OPC Server 4.2.0-->MsiExec.exe /I{1A48760A-71DA-4B6F-BA44-C14794205324}
Cognex In-Sight Software 3.2.2 (1343) SR-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{5CC361AB-3C2B-448F-943B-0AB59C375D49}
Cognex In-Sight Software 3.3.2 (1866)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{8FE5B4CD-7272-4D2E-9C48-F8565C7766A0}
Cognex In-Sight Software 3.4.2 (2431)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CDAD6E0D-9E0D-4E67-90BB-B5D091F03CA1}
Cognex In-Sight Software 4.1.0 (4222)-->MsiExec.exe /I{8BC894E8-596E-4875-99C8-500FDC4248F3}
Cognex In-Sight Software 4.1.1-->MsiExec.exe /I{A8EA858A-47B0-40AB-B272-D484DE95D4DE}
Cognex In-Sight Software 4.2.0-->MsiExec.exe /I{6284454D-E936-41AB-ACFC-D15424205324}
Cognex In-Sight(R) Software 2.80.00 (393)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CAF62ED8-AB64-4068-AAFF-8D2AE7120393}
Cognex VisionPro (R) 5.0-->MsiExec.exe /I{AAE606BF-A21B-4935-89EB-6A2620B546A2}
DataMan SDK-->MsiExec.exe /I{F4C9C40D-36EC-40C1-B3BD-8DA31533DFE9}
DVT FrameWork 2.7.7-->C:\PROGRA~1\Cognex\DVT\FRAMEW~1\UNWISE.EXE C:\PROGRA~1\Cognex\DVT\FRAMEW~1\INSTALL.LOG
DVT intellect 1.2.2-->C:\PROGRA~1\DVT\INTELL~1\UNWISE.EXE C:\PROGRA~1\DVT\INTELL~1\INSTALL.LOG
eDrawings 2006-->MsiExec.exe /I{B8EA2D6A-3EC4-4DC4-B588-123B7D38B493}
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
GTK+ 2.8.18-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Documents and Settings\DanP.RHEA\Desktop\New Folder02\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Imaging Device Functions 6.0-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{61CF89F5-5175-4b3b-ABB8-C89821252D50}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Premier Software 6.0-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & Officejet 4.7 Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{8EA67542-82B6-4c5c-8AD3-CD36232C1362}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IFC 5.8.2.2 RunTime-->c:\windows\isuninst.exe -fc:\ifcruntime\uninst.isu -cC:\IfcRunTime\bin\ifcunins.dll
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
ITEX SDK v4.1.0.0-->C:\WINDOWS\IsUninst.exe -fC:\Itex\Uninst.isu
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Application Error Reporting-->MsiExec.exe /X{5E994A95-9388-4D10-8E68-54B8CBF894D3}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{06C32EA0-4A22-4919-979A-8700715865B8}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Desktop Engine (CRM)-->MsiExec.exe /X{689404D2-1C94-44B3-9203-BEC5594FDA7A}
Microsoft SQL Server Desktop Engine-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PC Connectivity Solution-->MsiExec.exe /I{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}
PGR FlyCapture 1.6 Release 21-->MsiExec.exe /X{1174EB69-ECDD-47D6-BB2B-F25F448FD150}
Project Information Manager-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\ProjectInfo\ST6UNST.LOG"
QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
Radix Controls File Management System 2-->MsiExec.exe /I{BB1D3C62-ADE4-4455-B941-736469A21E67}
Radix Controls ToolTracker-->MsiExec.exe /I{F39C410F-1EA0-41FA-BD86-59DF8FE3EDFF}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
RSLogix 5000 Module Profile Core-->MsiExec.exe /X{9C422AC8-466B-4150-882C-C5F5E3318A73}
RSLogix 5000 Module Profile Setup Utility-->MsiExec.exe /X{FB9917FF-DEEF-4CB0-B4D3-DF4BA02E1961}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sentinel System Driver 5.41.1 (32-bit)-->MsiExec.exe /I{5081528F-5DD5-49BA-8213-9A6A13502497}
SolidWorks viewer-->MsiExec.exe /X{4FA85827-EF5A-4F0C-8EEE-45815885E2CB}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec Client Security-->MsiExec.exe /I{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The GIMP 2.2.12-->"C:\Program Files\GIMP-2.0\unins000.exe"
Track-IT pro Client-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{551D011D-7258-4F86-97B2-BF68D019D94C}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
WAGO BootP Server-->C:\WINDOWS\IsUn0407.exe -f"C:\Program Files\WAGO Software\WAGO BootP Server\Uninst.isu"
Windows Driver Package - Nokia Modem (05/22/2008 3.8)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_6F90B0F4A73A2F780A1010B5D6CB5DDFB098181E\nokia_bluetooth.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

192.168.0.2 Citation.radixcontrols.com
192.168.0.202 Orion.radixcontrols.com
192.168.0.202 wsus-server.radixcontrols.com
192.168.0.8 piper.radixcontrols.com
192.168.0.13 http:\\crm:5555
192.168.0.13 crm
192.168.0.1 callisto
192.168.0.8 mail.radixcontrols.com
192.168.0.12 saturn.radixcontrols.com

======Security center information======

AV: Symantec AntiVirus Corporate Edition (disabled)
FW: Symantec Client Firewall (disabled)

System event log

Computer Name: RHEA
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 3172
Source Name: Service Control Manager
Time Written: 20081226080646.000000-300
Event Type: information
User:

Computer Name: RHEA
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 3171
Source Name: Service Control Manager
Time Written: 20081226080145.000000-300
Event Type: information
User:

Computer Name: RHEA
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 3170
Source Name: Service Control Manager
Time Written: 20081226075642.000000-300
Event Type: information
User:

Computer Name: RHEA
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 3169
Source Name: Service Control Manager
Time Written: 20081226075141.000000-300
Event Type: information
User:

Computer Name: RHEA
Event Code: 7036
Message: The Windows Image Acquisition (WIA) service entered the running state.

Record Number: 3168
Source Name: Service Control Manager
Time Written: 20081226074638.000000-300
Event Type: information
User:

Application event log

Computer Name: RHEA
Event Code: 1904
Message:
Record Number: 17080
Source Name: HHCTRL
Time Written: 20081105092522.000000-300
Event Type: information
User:

Computer Name: RHEA
Event Code: 1904
Message:
Record Number: 17079
Source Name: HHCTRL
Time Written: 20081105092522.000000-300
Event Type: information
User:

Computer Name: RHEA
Event Code: 1904
Message:
Record Number: 17078
Source Name: HHCTRL
Time Written: 20081105092522.000000-300
Event Type: information
User:

Computer Name: RHEA
Event Code: 1904
Message:
Record Number: 17077
Source Name: HHCTRL
Time Written: 20081105092522.000000-300
Event Type: information
User:

Computer Name: RHEA
Event Code: 1904
Message:
Record Number: 17076
Source Name: HHCTRL
Time Written: 20081105092522.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\Cognex\Common\genicam\bin\Win32_i86;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Crystal Decisions\2.0\bin;D:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem\;%VPRO_ROOT%\bin
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"LANG"=C
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"CNF15040"=C:\Itex\config
"IFCCNF"=C:\IfcRunTime\config
"CASROOT"=C:\Program Files\Common Files\Radix Shared\occ52\
"CSF_UnitsDefinition"=C:\Program Files\Common Files\Radix Shared\occ52\ros\src\UnitsAPI\Units.dat
"CSF_UnitsLexicon"=C:\Program Files\Common Files\Radix Shared\occ52\ros\src\UnitsAPI\Lexi_Expr.dat
"VPRO_ROOT"=C:\Program Files\Cognex\VisionPro
"GENICAM_ROOT"=C:\Program Files\Cognex\Common\genicam
"EBUS_ROOT"=C:\Program Files\Cognex\Common\Drivers\GigEDrivers

-----------------EOF-----------------
danp
Regular Member
 
Posts: 22
Joined: December 24th, 2008, 4:56 pm

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby Shaba » December 28th, 2008, 5:45 am

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Re-run rsit.

Post:

- a fresh rsit log (only log.txt will appear)
- mbam log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby danp » December 28th, 2008, 8:28 pm

Logfile of random's system information tool 1.05 (written by random/random)
Run by DanP at 2008-12-28 19:08:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (43%) free of 45 GB
Total RAM: 1014 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:49, on 12/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
C:\WINDOWS\system32\cogremind_srv.exe
C:\WINDOWS\system32\cogsls_srv.exe
C:\WINDOWS\system32\cogss_srv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\DanP.RHEA\Desktop\RSIT.exe
C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\New Folder02\DanP.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.203:8080
O2 - BHO: (no name) - {1DC9E38C-C6FB-4C75-95C0-E49BCF508731} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [CognexOpc] "C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe" -I
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: dmtjmj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cognex In-Sight Port Service (CogISSvc) - Unknown owner - C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
O23 - Service: Cognex Reminder Service (cogremind_srv) - Cognex Corporation - C:\WINDOWS\system32\cogremind_srv.exe
O23 - Service: Cognex Software Licensing Service (cogsls_srv) - Cognex Corporation - C:\WINDOWS\system32\cogsls_srv.exe
O23 - Service: Cognex Security Service (cogss_srv) - Cognex Corporation - C:\WINDOWS\system32\cogss_srv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FMS Scheduler2 (FMSScheduler2) - Radix Controls Inc. - C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
O23 - Service: Radix Software: Hasp Loader (HaspLicenseManager) - Aladdin Knowledge Systems Ltd. - C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ifccsc21 - Unknown owner - C:\WINDOWS\system32\ifccsc21.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 10042 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\kiaayqdb.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DC9E38C-C6FB-4C75-95C0-E49BCF508731}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-07-19 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-19 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-01-11 15961088]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-12 53248]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-09-09 88203]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-04 102490]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-09-23 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-12 275800]
"VX3000"=C:\WINDOWS\vVX3000.exe [2006-12-05 707360]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-06-15 124656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CognexOpc"=C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe [2008-09-10 86016]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="dmtjmj.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe"="D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe:*:Enabled: "
"D:\Program Files\HP\HP Software Update\HPWUCli.exe"="D:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client"
"C:\Program Files\Windows NT\hypertrm.exe"="C:\Program Files\Windows NT\hypertrm.exe:*:Enabled:HyperTerminal Applet"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe:*:Enabled:In-Sight OPC Server 3.3.0"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Radix\File Management System 2\fms2.exe"="C:\Program Files\Radix\File Management System 2\fms2.exe:*:Enabled:File Management and Version Control Software for Industrial Applications."
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe"="C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe:*:Enabled:Microsoft CRM Web Service Hoster"
"C:\Program Files\DVT\Intellect122\Intellect.exe"="C:\Program Files\DVT\Intellect122\Intellect.exe:*:Enabled:DVT Intellect 1.2 User Interface Application"
"C:\Program Files\DVT\Intellect122\intellectEmulator.exe"="C:\Program Files\DVT\Intellect122\intellectEmulator.exe:*:Enabled:IntellectEmulator"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Sherlock\Bin\sp32.exe"="D:\Sherlock\Bin\sp32.exe:*:Enabled:sp32"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Cognex\DVT\FrameWork277\FWK.exe"="C:\Program Files\Cognex\DVT\FrameWork277\FWK.exe:*:Enabled:FWK"
"C:\Program Files\Cognex\DVT\FrameWork277\FWKEmulator.exe"="C:\Program Files\Cognex\DVT\FrameWork277\FWKEmulator.exe:*:Enabled:FWKEmulator"
"C:\Program Files\Cognex\DVT\FrameWork277\DVTListener.exe"="C:\Program Files\Cognex\DVT\FrameWork277\DVTListener.exe:*:Enabled:DVTListener"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer SR"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Autodesk\Autodesk Design Review\DesignReview.exe"="C:\Program Files\Autodesk\Autodesk Design Review\DesignReview.exe:*:Enabled:Autodesk Design Review"
"\\Citation\trackit\TLight.exe"="\\Citation\trackit\TLight.exe:192.168.0.2/255.255.255.255:Enabled:Track-IT light"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager SR"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"D:\InsightSampleCode\ExcelServer\ExcelServer\InSightExcelDemo.exe"="D:\InsightSampleCode\ExcelServer\ExcelServer\InSightExcelDemo.exe:*:Enabled:InSightExcelDemo"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\InSight2\In-Sight Explorer.exe"="C:\InSight2\In-Sight Explorer.exe:*:Enabled:In-Sight Explorer and Network Configuration"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.2.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.2.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe"="D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe:*:Enabled: "
"D:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.2.1\OpcInSight.exe"="D:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.2.1\OpcInSight.exe:*:Enabled:In-Sight OPC Server 3.2.1"
"D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Connection Manager.exe"="D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Connection Manager.exe:*:Enabled:In-Sight Connection Manager 3.2.1"
"D:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe"="D:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe:*:Enabled:Download Driver"
"C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe"="C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe:*:Enabled:Microsoft CRM Web Service Hoster"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe:*:Disabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager SR"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer SR"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.1.0\OpcInSight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.1.0\OpcInSight.exe:*:Enabled:In-Sight OPC Server 4.1.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{768e41d0-912a-11db-af26-0013cec1c267}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2738866-bb1f-11dd-b0bd-0013cec1c267}]
shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd8744a6-cb6c-11dc-b00d-0013cec1c267}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1b095d-6fae-11dd-b09e-0013cec1c267}]
shell\AutoRun\command - G:\Autorun.exe /run
shell\Shell00\command - G:\Autorun.exe /run
shell\Shell01\command - G:\Autorun.exe /action
shell\Shell02\command - G:\Autorun.exe /uninstall


======List of files/folders created in the last 1 months======

2008-12-28 12:06:40 ----D---- C:\Documents and Settings\DanP.RHEA\Application Data\Malwarebytes
2008-12-28 12:06:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-28 12:06:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-27 17:00:32 ----D---- C:\rsit
2008-12-23 19:47:19 ----D---- C:\VundoFix Backups
2008-12-23 19:47:19 ----A---- C:\VundoFix.txt
2008-12-23 14:38:24 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-23 14:37:27 ----A---- C:\rapport.txt
2008-12-23 14:21:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-23 14:21:47 ----D---- C:\Program Files\Google
2008-12-23 14:16:38 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-23 11:21:14 ----A---- C:\WINDOWS\wininit.ini
2008-12-23 10:48:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 10:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-20 21:36:59 ----A---- C:\WINDOWS\system32\ab071401-.txt

======List of files/folders modified in the last 1 months======

2008-12-28 19:05:49 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-28 19:05:02 ----D---- C:\WINDOWS\system32\Lang
2008-12-28 19:04:40 ----D---- C:\WINDOWS
2008-12-28 19:04:08 ----D---- C:\WINDOWS\Temp
2008-12-28 19:03:13 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-28 18:31:12 ----RD---- C:\Program Files
2008-12-28 18:31:12 ----D---- C:\WINDOWS\system32\drivers
2008-12-28 18:31:12 ----D---- C:\WINDOWS\system32
2008-12-28 18:29:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-28 13:23:45 ----D---- C:\WINDOWS\Prefetch
2008-12-24 16:16:52 ----D---- C:\Program Files\Common Files
2008-12-24 09:12:37 ----D---- C:\WINDOWS\Help
2008-12-23 15:13:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-23 15:12:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-23 13:44:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 10:34:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-22 10:07:51 ----SHD---- C:\WINDOWS\CSC
2008-12-21 23:35:53 ----A---- C:\WINDOWS\ModemLog_Actiontec 56K External Modem #7.txt
2008-12-21 22:12:51 ----D---- C:\WINDOWS\system32\Restore
2008-12-20 21:30:52 ----SD---- C:\WINDOWS\Tasks
2008-12-19 11:45:25 ----D---- C:\Documents and Settings
2008-12-18 08:24:50 ----D---- C:\Documents and Settings\DanP.RHEA\Application Data\U3
2008-12-15 10:23:18 ----A---- C:\WINDOWS\ModemLog_Actiontec 56K External Modem #4.txt
2008-12-14 20:00:47 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2008-12-14 13:42:21 ----A---- C:\WINDOWS\ModemLog_Actiontec 56K External Modem #6.txt
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 11:57:54 ----D---- C:\Program Files\Cognex

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CORSERIAL;CORSERIAL; C:\WINDOWS\system32\drivers\CORSERIAL.sys [2004-05-13 45880]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mvcntp;mvcntp; C:\WINDOWS\System32\DRIVERS\mvcntp.sys [2004-09-17 106112]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-21 17801]
R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2007-03-12 351744]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-12-21 90688]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-09 1120416]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-13 4137984]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\navex15.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-12-20 3298432]
R4 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 DriverX;DriverX; C:\WINDOWS\system32\drivers\DriverX.sys []
S2 int15.sys;int15.sys; \??\X:\int15.sys []
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-03-06 329856]
S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-03-06 135424]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-03-06 99712]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 chckr2xx;Checker 200 Series Driver; C:\WINDOWS\System32\Drivers\chckr2xx.sys [2007-06-04 15744]
S3 CORBDII;CORBDII; C:\WINDOWS\system32\drivers\CORBDII.sys [2002-09-24 92232]
S3 HHPCDC;HHPCDC; C:\WINDOWS\system32\drivers\hhpcdc.sys [2007-08-07 89728]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-03 132695]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NSPLUS;NSPLUS; C:\WINDOWS\system32\drivers\NSPLUS.sys [2004-09-17 101166]
S3 PC2C;PC2C; C:\WINDOWS\system32\drivers\PC2C.sys [2004-05-18 70188]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PCV2;PCV2; C:\WINDOWS\system32\drivers\PCV2.sys [2004-06-28 98197]
S3 PGRCAM;PGRCAM; C:\WINDOWS\system32\DRIVERS\pgrcam.sys [2007-02-07 26368]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-02-19 41344]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-01-24 12992]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-01-24 110784]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-01-24 31936]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081214.001\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-01-24 28352]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-12-05 1964064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-03-24 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 CogISSvc;Cognex In-Sight Port Service; C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe [2006-10-17 172632]
R2 Cognex.InSight.OpcServer;Cognex OPC Server; C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe [2008-09-10 28672]
R2 cogremind_srv;Cognex Reminder Service; C:\WINDOWS\system32\cogremind_srv.exe [2008-01-10 642048]
R2 cogsls_srv;Cognex Software Licensing Service; C:\WINDOWS\system32\cogsls_srv.exe [2007-12-20 1476096]
R2 cogss_srv;Cognex Security Service; C:\WINDOWS\system32\cogss_srv.exe [2008-01-10 727552]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
R2 FMSScheduler2;FMS Scheduler2; C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe [2007-05-23 397427]
R2 HaspLicenseManager;Radix Software: Hasp Loader; C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe [2005-05-29 249856]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2007-03-15 535807]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-06-07 87728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 MSSQL$CRM;MSSQL$CRM; C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2003-05-31 7544916]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 SQLAgent$CRM;SQLAgent$CRM; C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlagent.EXE [2002-12-17 311872]
R2 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-06-07 173744]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-22 65536]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-08 647680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ifccsc21;ifccsc21; C:\WINDOWS\system32\ifccsc21.exe [2004-11-10 24576]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2004-12-02 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------


Malwarebytes' Anti-Malware 1.31
Database version: 1539
Windows 5.1.2600 Service Pack 3

12/28/2008 6:28:21 PM
mbam-log-2008-12-28 (18-28-20).txt

Scan type: Full Scan (C:\|D:\|F:\|H:\|)
Objects scanned: 221538
Time elapsed: 1 hour(s), 35 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 3
Registry Keys Infected: 17
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fccdbCut.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dmtjmj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtULefGy.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3d018c5b-24d6-4fe5-b177-58def7dbd0f5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3d018c5b-24d6-4fe5-b177-58def7dbd0f5} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{e79de0c5-e16c-48ed-82c1-742162a9e71b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e79de0c5-e16c-48ed-82c1-742162a9e71b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e79de0c5-e16c-48ed-82c1-742162a9e71b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtulefgy (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3d018c5b-24d6-4fe5-b177-58def7dbd0f5} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccdbcut -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\fccdbcut -> Delete on reboot.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fccdbCut.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuCbdccf.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuCbdccf.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmtjmj.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vtULefGy.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\opnnkkLe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\prunnet.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vtUmKDvT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xrsnejbs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

There you go. Let me know. Thanks so far.
I still see this suspicious yellow pop up at bottom right of screen messaging that my Symantec Antivirus is disabled?
danp
Regular Member
 
Posts: 22
Joined: December 24th, 2008, 4:56 pm

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby Shaba » December 29th, 2008, 6:14 am

"I still see this suspicious yellow pop up at bottom right of screen messaging that my Symantec Antivirus is disabled?"

That one might be a legit message from Security Center. Please check if it is working correctly.

Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code: Select all
    :files
    C:\WINDOWS\tasks\kiaayqdb.job
    C:\WINDOWS\system32\ab071401-.txt
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=-
    
    :commands
    [EmptyTemp]
    [reboot]
    

  • Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- a fresh rsit log (only log.txt will appear)
- otmoveit3 log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby danp » December 29th, 2008, 11:15 am

Results Window OT MoveIt 3

========== FILES ==========
C:\WINDOWS\tasks\kiaayqdb.job moved successfully.
C:\WINDOWS\system32\ab071401-.txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLS deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_24c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_720.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF438B.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12


OT MoveIt3 Log file

========== FILES ==========
C:\WINDOWS\tasks\kiaayqdb.job moved successfully.
C:\WINDOWS\system32\ab071401-.txt moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLS deleted successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\hlktmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_24c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_720.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\~DF438B.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12292008_093920

Files moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\WINDOWS\temp\hlktmp moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_24c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_720.dat not found!
C:\WINDOWS\temp\~DF438B.tmp moved successfully.

rsit Log

Logfile of random's system information tool 1.05 (written by random/random)
Run by DanP at 2008-12-29 09:48:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (43%) free of 45 GB
Total RAM: 1014 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:49:00, on 12/29/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
C:\WINDOWS\system32\cogremind_srv.exe
C:\WINDOWS\system32\cogsls_srv.exe
C:\WINDOWS\system32\cogss_srv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\DanP.RHEA\Desktop\RSIT.exe
C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\New Folder02\DanP.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.203:8080
O2 - BHO: (no name) - {1DC9E38C-C6FB-4C75-95C0-E49BCF508731} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [CognexOpc] "C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe" -I
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cognex In-Sight Port Service (CogISSvc) - Unknown owner - C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
O23 - Service: Cognex Reminder Service (cogremind_srv) - Cognex Corporation - C:\WINDOWS\system32\cogremind_srv.exe
O23 - Service: Cognex Software Licensing Service (cogsls_srv) - Cognex Corporation - C:\WINDOWS\system32\cogsls_srv.exe
O23 - Service: Cognex Security Service (cogss_srv) - Cognex Corporation - C:\WINDOWS\system32\cogss_srv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FMS Scheduler2 (FMSScheduler2) - Radix Controls Inc. - C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
O23 - Service: Radix Software: Hasp Loader (HaspLicenseManager) - Aladdin Knowledge Systems Ltd. - C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ifccsc21 - Unknown owner - C:\WINDOWS\system32\ifccsc21.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9908 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1DC9E38C-C6FB-4C75-95C0-E49BCF508731}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-07-19 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-07-19 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-07-19 114688]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-01-11 15961088]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-06-12 53248]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY []
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-09-09 88203]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-04 102490]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-12-06 1024000]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-09-23 49152]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-12 275800]
"VX3000"=C:\WINDOWS\vVX3000.exe [2006-12-05 707360]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-06-15 124656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CognexOpc"=C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe [2008-09-10 86016]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-07-19 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=1
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE:*:Enabled:OUTLOOK.EXE"
"D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe"="D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe:*:Enabled: "
"D:\Program Files\HP\HP Software Update\HPWUCli.exe"="D:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Disabled:HP Software Update Client"
"C:\Program Files\Windows NT\hypertrm.exe"="C:\Program Files\Windows NT\hypertrm.exe:*:Enabled:HyperTerminal Applet"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe:*:Enabled:In-Sight OPC Server 3.3.0"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Radix\File Management System 2\fms2.exe"="C:\Program Files\Radix\File Management System 2\fms2.exe:*:Enabled:File Management and Version Control Software for Industrial Applications."
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.0\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe"="C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe:*:Enabled:Microsoft CRM Web Service Hoster"
"C:\Program Files\DVT\Intellect122\Intellect.exe"="C:\Program Files\DVT\Intellect122\Intellect.exe:*:Enabled:DVT Intellect 1.2 User Interface Application"
"C:\Program Files\DVT\Intellect122\intellectEmulator.exe"="C:\Program Files\DVT\Intellect122\intellectEmulator.exe:*:Enabled:IntellectEmulator"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Sherlock\Bin\sp32.exe"="D:\Sherlock\Bin\sp32.exe:*:Enabled:sp32"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Cognex\DVT\FrameWork277\FWK.exe"="C:\Program Files\Cognex\DVT\FrameWork277\FWK.exe:*:Enabled:FWK"
"C:\Program Files\Cognex\DVT\FrameWork277\FWKEmulator.exe"="C:\Program Files\Cognex\DVT\FrameWork277\FWKEmulator.exe:*:Enabled:FWKEmulator"
"C:\Program Files\Cognex\DVT\FrameWork277\DVTListener.exe"="C:\Program Files\Cognex\DVT\FrameWork277\DVTListener.exe:*:Enabled:DVTListener"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer SR"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Autodesk\Autodesk Design Review\DesignReview.exe"="C:\Program Files\Autodesk\Autodesk Design Review\DesignReview.exe:*:Enabled:Autodesk Design Review"
"\\Citation\trackit\TLight.exe"="\\Citation\trackit\TLight.exe:192.168.0.2/255.255.255.255:Enabled:Track-IT light"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager SR"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"D:\InsightSampleCode\ExcelServer\ExcelServer\InSightExcelDemo.exe"="D:\InsightSampleCode\ExcelServer\ExcelServer\InSightExcelDemo.exe:*:Enabled:InSightExcelDemo"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\InSight2\In-Sight Explorer.exe"="C:\InSight2\In-Sight Explorer.exe:*:Enabled:In-Sight Explorer and Network Configuration"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.2.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.2.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe"="D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Explorer.exe:*:Enabled: "
"D:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.2.1\OpcInSight.exe"="D:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.2.1\OpcInSight.exe:*:Enabled:In-Sight OPC Server 3.2.1"
"D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Connection Manager.exe"="D:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.1\In-Sight Connection Manager.exe:*:Enabled:In-Sight Connection Manager 3.2.1"
"D:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe"="D:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Printme\ConsoleApp.exe:*:Enabled:Download Driver"
"C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe"="C:\Program Files\Microsoft CRM\Client\res\web\bin\Microsoft.Crm.Application.Hoster.exe:*:Enabled:Microsoft CRM Web Service Hoster"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Emulator\In-Sight.exe:*:Disabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Connection Manager.exe:*:Enabled:Cognex In-Sight Connection Manager SR"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.2.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer SR"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.0\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.4.2\Emulator\In-Sight.exe:*:Enabled:In-Sight"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe"="C:\Program Files\Cognex\In-Sight\In-Sight Explorer 4.1.1\In-Sight Explorer.exe:*:Enabled:Cognex In-Sight Explorer"
"C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.1.0\OpcInSight.exe"="C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.1.0\OpcInSight.exe:*:Enabled:In-Sight OPC Server 4.1.0"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{768e41d0-912a-11db-af26-0013cec1c267}]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2738866-bb1f-11dd-b0bd-0013cec1c267}]
shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd8744a6-cb6c-11dc-b00d-0013cec1c267}]
shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff1b095d-6fae-11dd-b09e-0013cec1c267}]
shell\AutoRun\command - G:\Autorun.exe /run
shell\Shell00\command - G:\Autorun.exe /run
shell\Shell01\command - G:\Autorun.exe /action
shell\Shell02\command - G:\Autorun.exe /uninstall


======List of files/folders created in the last 1 months======

2008-12-29 09:39:20 ----D---- C:\_OTMoveIt
2008-12-28 12:06:40 ----D---- C:\Documents and Settings\DanP.RHEA\Application Data\Malwarebytes
2008-12-28 12:06:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-28 12:06:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-27 17:00:32 ----D---- C:\rsit
2008-12-23 19:47:19 ----D---- C:\VundoFix Backups
2008-12-23 19:47:19 ----A---- C:\VundoFix.txt
2008-12-23 14:38:24 ----A---- C:\WINDOWS\system32\tmp.txt
2008-12-23 14:37:27 ----A---- C:\rapport.txt
2008-12-23 14:21:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-23 14:21:47 ----D---- C:\Program Files\Google
2008-12-23 14:16:38 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-23 11:21:14 ----A---- C:\WINDOWS\wininit.ini
2008-12-23 10:48:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-23 10:48:50 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

======List of files/folders modified in the last 1 months======

2008-12-29 09:48:04 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-29 09:46:40 ----D---- C:\WINDOWS
2008-12-29 09:46:38 ----D---- C:\WINDOWS\Temp
2008-12-29 09:46:21 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-29 09:44:42 ----D---- C:\WINDOWS\system32\Lang
2008-12-29 09:42:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-29 09:39:20 ----SD---- C:\WINDOWS\Tasks
2008-12-29 09:39:20 ----D---- C:\WINDOWS\system32
2008-12-28 19:22:52 ----D---- C:\WINDOWS\Prefetch
2008-12-28 18:31:12 ----RD---- C:\Program Files
2008-12-28 18:31:12 ----D---- C:\WINDOWS\system32\drivers
2008-12-24 16:16:52 ----D---- C:\Program Files\Common Files
2008-12-24 09:12:37 ----D---- C:\WINDOWS\Help
2008-12-23 15:13:55 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-23 15:12:58 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-23 13:44:15 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-23 10:34:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-22 10:07:51 ----SHD---- C:\WINDOWS\CSC
2008-12-21 23:35:53 ----A---- C:\WINDOWS\ModemLog_Actiontec 56K External Modem #7.txt
2008-12-21 22:12:51 ----D---- C:\WINDOWS\system32\Restore
2008-12-19 11:45:25 ----D---- C:\Documents and Settings
2008-12-18 08:24:50 ----D---- C:\Documents and Settings\DanP.RHEA\Application Data\U3
2008-12-15 10:23:18 ----A---- C:\WINDOWS\ModemLog_Actiontec 56K External Modem #4.txt
2008-12-14 20:00:47 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
2008-12-14 13:42:21 ----A---- C:\WINDOWS\ModemLog_Actiontec 56K External Modem #6.txt
2008-12-09 15:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 11:57:54 ----D---- C:\Program Files\Cognex

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CORSERIAL;CORSERIAL; C:\WINDOWS\system32\drivers\CORSERIAL.sys [2004-05-13 45880]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mvcntp;mvcntp; C:\WINDOWS\System32\DRIVERS\mvcntp.sys [2004-09-17 106112]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-06-21 17801]
R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2007-03-12 351744]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-12-21 90688]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-09-09 1120416]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-07-19 1049180]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-13 4137984]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081219.005\navex15.sys []
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-12-06 220032]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2006-12-20 3298432]
R4 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 DriverX;DriverX; C:\WINDOWS\system32\drivers\DriverX.sys []
S2 int15.sys;int15.sys; \??\X:\int15.sys []
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-03-06 329856]
S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-03-06 135424]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-03-06 99712]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 chckr2xx;Checker 200 Series Driver; C:\WINDOWS\System32\Drivers\chckr2xx.sys [2007-06-04 15744]
S3 CORBDII;CORBDII; C:\WINDOWS\system32\drivers\CORBDII.sys [2002-09-24 92232]
S3 HHPCDC;HHPCDC; C:\WINDOWS\system32\drivers\hhpcdc.sys [2007-08-07 89728]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-07-28 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-07-28 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-07-28 21744]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\NetWlan5.sys [2004-08-03 132695]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NSPLUS;NSPLUS; C:\WINDOWS\system32\drivers\NSPLUS.sys [2004-09-17 101166]
S3 PC2C;PC2C; C:\WINDOWS\system32\drivers\PC2C.sys [2004-05-18 70188]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 PCV2;PCV2; C:\WINDOWS\system32\drivers\PCV2.sys [2004-06-28 98197]
S3 PGRCAM;PGRCAM; C:\WINDOWS\system32\DRIVERS\pgrcam.sys [2007-02-07 26368]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-02-19 41344]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-01-24 12992]
S3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-01-24 110784]
S3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-01-24 31936]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081214.001\symidsco.sys []
S3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-01-24 28352]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX3000;VX-3000; C:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-12-05 1964064]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-13 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-03-31 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-03-24 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 CogISSvc;Cognex In-Sight Port Service; C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe [2006-10-17 172632]
R2 Cognex.InSight.OpcServer;Cognex OPC Server; C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe [2008-09-10 28672]
R2 cogremind_srv;Cognex Reminder Service; C:\WINDOWS\system32\cogremind_srv.exe [2008-01-10 642048]
R2 cogsls_srv;Cognex Software Licensing Service; C:\WINDOWS\system32\cogsls_srv.exe [2007-12-20 1476096]
R2 cogss_srv;Cognex Security Service; C:\WINDOWS\system32\cogss_srv.exe [2008-01-10 727552]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
R2 FMSScheduler2;FMS Scheduler2; C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe [2007-05-23 397427]
R2 HaspLicenseManager;Radix Software: Hasp Loader; C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe [2005-05-29 249856]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2007-03-15 535807]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-06-07 87728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R2 MSFtpsvc;FTP Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 MSSQL$CRM;MSSQL$CRM; C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe [2003-05-31 7544916]
R2 MSSQLSERVER;MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe [2003-05-31 7544916]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 SQLAgent$CRM;SQLAgent$CRM; C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlagent.EXE [2002-12-17 311872]
R2 SQLSERVERAGENT;SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE [2002-12-17 311872]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-06-07 173744]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2004-12-22 65536]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2001-05-01 53248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-08 647680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ifccsc21;ifccsc21; C:\WINDOWS\system32\ifccsc21.exe [2004-11-10 24576]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2004-12-02 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-08-07 575488]
S3 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

During the OT MoveIt3 process I held off on the reboot so I could copy and paste the results window.
I did a manual restart then got the OT MoveIt3 and rsit Log files.
Is that ok?

Dan
danp
Regular Member
 
Posts: 22
Joined: December 24th, 2008, 4:56 pm

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby Shaba » December 29th, 2008, 11:22 am

Yes that was fine :)

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby danp » December 29th, 2008, 2:04 pm

The HJT log, do I just get it via the HJT.exe?
I wasn't sure sure if I did this correctly last time when you ask for me to change the name to danp.exe within log file.

Also I have Symantec Antivirus installed. is this any help instead of Kaspersky?
I'll need to get on a hi speed connection to run online scan (only on dialup location right now).

Thanks so far. I'll be back tomorrow with HJT log.

Dan
danp
Regular Member
 
Posts: 22
Joined: December 24th, 2008, 4:56 pm

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby Shaba » December 29th, 2008, 2:17 pm

"The HJT log, do I just get it via the HJT.exe?
I wasn't sure sure if I did this correctly last time when you ask for me to change the name to danp.exe within log file."

Yes :)

"Also I have Symantec Antivirus installed. is this any help instead of Kaspersky?
I'll need to get on a hi speed connection to run online scan (only on dialup location right now)."

No but we can run one offline scan instead due to speed issues:

We need to run a system scan with Dr. Web CureIt
  1. Please download DrWeb-CureIt & save it to your desktop.
    DO NOT perform a scan yet.
  2. Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer bep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode". Do not select "Safe Mode with Networking" or "Safe Mode with Command Prompt".
  3. Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  4. Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  5. Once the short scan has finished, Click Options > Change settings
  6. Choose the "Scan tab" and UNcheck "Heuristic analysis"
  7. Back at the main window, click "Complete Scan"
  8. Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  9. When done, a message will be displayed at the bottom advising if any viruses were found.
  10. Click "Yes to all" if it asks if you want to cure/move the file.
  11. When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  12. Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  13. Save the DrWeb.csv report to your desktop.
  14. Exit Dr.Web Cureit when done.
  15. Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  16. After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
In your next reply, please include the following:
  • Dr.Web's Log
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby danp » December 29th, 2008, 8:48 pm

Can not start in Safe Mode.
Screen appears like it is going to start in safe mode, it displays lots of lines of white text on black screen (loading drivers ?) then just stops.
(' multi(0)disk(0)rdisk(0)partition(2)\WINDOWS\Sysytem32\drivers\CORLOG.sys') is the last line on screen and it just stays like that.
danp
Regular Member
 
Posts: 22
Joined: December 24th, 2008, 4:56 pm

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby Shaba » December 30th, 2008, 2:04 am

Then please run it in normal mode :)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: Virtumonde (.sci, generic) Smitfraud etc.

Unread postby danp » December 30th, 2008, 5:53 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:35 PM, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
C:\WINDOWS\system32\cogremind_srv.exe
C:\WINDOWS\system32\cogsls_srv.exe
C:\WINDOWS\system32\cogss_srv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft SQL Server\MSSQL$CRM\Binn\sqlagent.EXE
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\New Folder02\danp.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.203:8080
O2 - BHO: (no name) - {1DC9E38C-C6FB-4C75-95C0-E49BCF508731} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [CognexOpc] "C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSight.exe" -I
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cognex In-Sight Port Service (CogISSvc) - Unknown owner - C:\Program Files\Cognex\In-Sight\In-Sight Explorer 3.3.2\Utilities\cogissvc.exe
O23 - Service: Cognex OPC Server (Cognex.InSight.OpcServer) - Cognex Corporation - C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 4.2.0\OpcInSightService.exe
O23 - Service: Cognex Reminder Service (cogremind_srv) - Cognex Corporation - C:\WINDOWS\system32\cogremind_srv.exe
O23 - Service: Cognex Software Licensing Service (cogsls_srv) - Cognex Corporation - C:\WINDOWS\system32\cogsls_srv.exe
O23 - Service: Cognex Security Service (cogss_srv) - Cognex Corporation - C:\WINDOWS\system32\cogss_srv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FMS Scheduler2 (FMSScheduler2) - Radix Controls Inc. - C:\Program Files\Radix\File Management System 2\fmsscheduler2.exe
O23 - Service: Radix Software: Hasp Loader (HaspLicenseManager) - Aladdin Knowledge Systems Ltd. - C:\Program Files\Common Files\Radix Shared\Hasp\nhsrvice.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9799 bytes


Dr Web log

ifccsc21.exe;c:\windows\system32;Trojan.Click.2779;Deleted.;
RegUBP2b-DanP.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\SmitfraudFix.exe;Trojan.Shutdown.134;;
SmitfraudFix.exe;C:\Documents and Settings\DanP.RHEA\Desktop\New Folder;Archive contains infected objects;Moved.;
SmitfraudFix.exe\SmitfraudFix\Process.exe;C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\New Folder02\SmitfraudFix.exe;Tool.Prockill;;
SmitfraudFix.exe\SmitfraudFix\restart.exe;C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\New Folder02\SmitfraudFix.exe;Trojan.Shutdown.134;;
SmitfraudFix.exe;C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\New Folder02;Archive contains infected objects;Moved.;
Process.exe;C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\SmitfraudFix;Tool.Prockill;;
restart.exe;C:\Documents and Settings\DanP.RHEA\Desktop\New Folder\SmitfraudFix;Trojan.Shutdown.134;Deleted.;
A0000054.exe;C:\System Volume Information\_restore{606AA43F-8292-4001-91C8-A52DEC9F795E}\RP1;Trojan.Click.2779;Deleted.;
A0000055.reg;C:\System Volume Information\_restore{606AA43F-8292-4001-91C8-A52DEC9F795E}\RP1;Trojan.StartPage.1505;Deleted.;
A0000056.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{606AA43F-8292-4001-91C8-A52DEC9F795E}\RP1\A0000056.exe;Tool.Prockill;;
A0000056.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{606AA43F-8292-4001-91C8-A52DEC9F795E}\RP1\A0000056.exe;Trojan.Shutdown.134;;
A0000056.exe;C:\System Volume Information\_restore{606AA43F-8292-4001-91C8-A52DEC9F795E}\RP1;Archive contains infected objects;Moved.;
A0000057.exe\SmitfraudFix\Process.exe;C:\System Volume Information\_restore{606AA43F-8292-4001-91C8-A52DEC9F795E}\RP1\A0000057.exe;Tool.Prockill;;
A0000057.exe\SmitfraudFix\restart.exe;C:\System Volume Information\_restore{606AA43F-8292-4001-91C8-A52DEC9F795E}\RP1\A0000057.exe;Trojan.Shutdown.134;;
A0000057.exe;C:\System Volume Information\_restore{606AA43F-8292-4001-91C8-A52DEC9F795E}\RP1;Archive contains infected objects;Moved.;
A0000058.exe;C:\System Volume Information\_restore{606AA43F-8292-4001-91C8-A52DEC9F795E}\RP1;Trojan.Shutdown.134;Deleted.;

Any suggestions for getting the safe mode working? It did work a couple days ago.
Also the quarantined files should I delete?
Thanks Let me know next step.

Dan
danp
Regular Member
 
Posts: 22
Joined: December 24th, 2008, 4:56 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware