Virtumonde strikes again [Archive] - Safer-Networking Forums

View Full Version : Virtumonde strikes again

loopdokter

2008-05-20, 19:36

Kaspersky scan logs came up with 7 infections:

C:\Documents and Settings\All Users\Application Data\iolo\FileInfoList\IOLOFIL.FDB Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Nero\Nero8\Nero BackItUp\Cache\NeroBackItUpScheduler3.log Object is locked skipped
C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\cert8.db Object is locked skipped
C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\history.dat Object is locked skipped
C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\key3.db Object is locked skipped
C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\parent.lock Object is locked skipped
C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Jay\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Jay\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\slamwerks@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\slamwerks@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\slamwerks@hotmail.com\SharingMetadata\Working\database_5298_7F89_987F_69FD\dfsr.db Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\slamwerks@hotmail.com\SharingMetadata\Working\database_5298_7F89_987F_69FD\fsr.log Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\slamwerks@hotmail.com\SharingMetadata\Working\database_5298_7F89_987F_69FD\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Messenger\slamwerks@hotmail.com\SharingMetadata\Working\database_5298_7F89_987F_69FD\tmp.edb Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Windows Live Contacts\slamwerks@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Microsoft\Windows Live Contacts\slamwerks@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Application Data\Mozilla\Firefox\Profiles\9k9oh24h.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\History\History.IE5\MSHist012008052020080521\index.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DF7302.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DF7C2B.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DF96D0.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temp\~DF97A0.tmp Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\IXJ3AZA9\kb516107[1] Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\Jay\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jay\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Nero\Nero8\Nero BackItUp\BIU1.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\nggmvwfv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.sbz skipped
C:\WINDOWS\system32\ukwsknle.dll Infected: Trojan.Win32.Monder.gen skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\yayyAsRL.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.rtg skipped
C:\WINDOWS\Temp\fb_968.lck Object is locked skipped
D:\CD Burning\Ahead Nero Ultra Edition Enhanced v7.589A\Ahead Nero Ultra Edition Enhanced v7.589A.rar/Nero-7.5.9.0A_eng.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\CD Burning\Ahead Nero Ultra Edition Enhanced v7.589A\Ahead Nero Ultra Edition Enhanced v7.589A.rar/Nero-7.5.9.0A_eng.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm skipped
D:\CD Burning\Ahead Nero Ultra Edition Enhanced v7.589A\Ahead Nero Ultra Edition Enhanced v7.589A.rar RAR: infected - 2

Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:33 AM, on 20/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\yayyAsRL.dll
O2 - BHO: (no name) - {3F418DED-8329-46E6-9A7D-272190FBD57B} - C:\WINDOWS\system32\geBrsQJC.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B7BC779D-50B4-4605-882C-8FCE149892D1} - C:\WINDOWS\system32\byXQhffD.dll (file missing)
O2 - BHO: (no name) - {E3E15A14-B6E6-493C-83EE-B8CF1F90B20D} - C:\WINDOWS\system32\khfGywtr.dll (file missing)
O2 - BHO: {a0f9e290-9810-9838-a0a4-bc0231a9cd1f} - {f1dc9a13-20cb-4a0a-8389-0189092e9f0a} - C:\WINDOWS\system32\dqmhelkq.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [987f6952] rundll32.exe "C:\WINDOWS\system32\jxtptkby.dll",b
O4 - HKLM\..\Run: [BM9b4c5ace] Rundll32.exe "C:\WINDOWS\system32\ukwsknle.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA2776] command /c del "C:\WINDOWS\system32\geBrsQJC.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6138] cmd /c del "C:\WINDOWS\system32\geBrsQJC.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2909] command /c del "C:\WINDOWS\system32\khfGywtr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8488] cmd /c del "C:\WINDOWS\system32\khfGywtr.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210199530375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: yayyAsRL - C:\WINDOWS\SYSTEM32\yayyAsRL.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8453 bytes

loopdokter

2008-05-20, 19:54

ComboFix 08-05-19.4 - Jay 2008-05-20 12:41:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2261 [GMT -4:00]
Running from: C:\Documents and Settings\Jay\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\Program Files\iolo\common\lib\ioloHL.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\CJQsrBeg.ini
C:\WINDOWS\system32\CJQsrBeg.ini2
C:\WINDOWS\system32\DffhQXyb.ini
C:\WINDOWS\system32\DffhQXyb.ini2
C:\WINDOWS\system32\rtwyGfhk.ini
C:\WINDOWS\system32\rtwyGfhk.ini2
C:\WINDOWS\system32\vfwvmggn.ini
C:\WINDOWS\system32\wulxsbpd.ini
C:\WINDOWS\system32\x64
C:\WINDOWS\system32\ybktptxj.ini

.
((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-20 09:28 . 2008-05-20 09:28 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-20 09:28 . 2008-05-20 09:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-20 08:48 . 2008-05-20 08:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-20 08:45 . 2008-05-20 08:45 135,168 --a------ C:\WINDOWS\system32\dqmhelkq.dll
2008-05-20 08:42 . 2008-05-20 08:42 2,560 --a------ C:\WINDOWS\system32\pfkvqnfc.exe
2008-05-20 08:36 . 2008-05-20 08:36 126,976 --a------ C:\WINDOWS\system32\ukwsknle.dll
2008-05-20 08:08 . 2008-05-20 08:09 370,176 --a------ C:\WINDOWS\system32\khfGywtr.dll_old
2008-05-20 02:10 . 2008-05-20 02:08 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-20 02:08 . 2008-05-20 08:02 <DIR> d-------- C:\Documents and Settings\Jay\.housecall6.6
2008-05-20 02:05 . 2008-05-20 02:05 134,656 --a------ C:\WINDOWS\system32\wlntwscu.dll
2008-05-20 02:02 . 2008-05-20 02:02 2,560 --a------ C:\WINDOWS\system32\putecbls.exe
2008-05-20 01:59 . 2008-05-20 01:59 114,688 --a------ C:\WINDOWS\system32\jxtptkby.dll
2008-05-20 01:57 . 2008-05-20 01:57 124,928 --a------ C:\WINDOWS\system32\mqvefqcg.dll
2008-05-20 01:57 . 2008-05-20 12:45 109,807 --a------ C:\WINDOWS\BM9b4c5ace.xml
2008-05-19 04:47 . 2008-05-19 11:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-19 04:47 . 2008-05-19 04:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-19 04:14 . 2008-05-19 04:14 <DIR> d-------- C:\WINDOWS\system32\RunDLL32
2008-05-19 04:14 . 2008-05-19 04:14 57,344 --a------ C:\WINDOWS\system32\RunDLL32\CLOCK.SEP
2008-05-19 04:12 . 2008-05-19 04:12 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Sony
2008-05-19 04:12 . 2008-05-19 04:12 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Publish Providers
2008-05-19 04:12 . 2008-05-19 04:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-19 04:12 . 2008-05-19 04:12 1,025 --a------ C:\WINDOWS\system32\sysprs7.tgz
2008-05-19 04:12 . 2008-05-19 04:12 1,025 --a------ C:\WINDOWS\system32\sysprs7.dll
2008-05-19 04:12 . 2008-05-19 04:12 1,025 --a------ C:\WINDOWS\system32\clauth2.dll
2008-05-19 04:12 . 2008-05-19 04:12 1,025 --a------ C:\WINDOWS\system32\clauth1.dll
2008-05-19 04:12 . 2008-05-19 04:57 219 --a------ C:\WINDOWS\system32\lsprst7.tgz
2008-05-19 04:12 . 2008-05-19 04:57 205 --a------ C:\WINDOWS\system32\lsprst7.dll
2008-05-19 04:12 . 2008-05-19 04:57 87 --a------ C:\WINDOWS\system32\ssprs.tgz
2008-05-19 04:12 . 2008-05-19 04:57 73 --a------ C:\WINDOWS\system32\ssprs.dll
2008-05-19 04:01 . 2008-05-19 04:01 <DIR> d-------- C:\Program Files\KORG
2008-05-19 03:58 . 2008-05-19 03:58 <DIR> d-------- C:\Program Files\VstPlugins
2008-05-19 03:08 . 2008-05-19 03:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Voxengo
2008-05-19 02:48 . 2008-05-19 02:48 <DIR> d-------- C:\Program Files\u-he
2008-05-19 02:30 . 2008-05-19 11:30 386 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-19 02:27 . 2008-05-19 02:27 <DIR> d-------- C:\Program Files\iolo
2008-05-19 02:27 . 2008-05-19 02:27 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\iolo
2008-05-19 02:27 . 2008-03-31 16:11 439,656 --a------ C:\WINDOWS\system32\Incinerator.dll
2008-05-19 02:27 . 2008-03-13 10:08 38,912 --a------ C:\WINDOWS\system32\smrgdf.exe
2008-05-19 02:27 . 2008-03-13 09:25 32,768 --a------ C:\WINDOWS\system32\iolobtdfg.exe
2008-05-19 02:25 . 2008-05-19 02:37 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\iolo
2008-05-19 02:25 . 2008-05-19 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-05-19 02:25 . 2008-05-19 02:25 74,703 --a------ C:\WINDOWS\system32\mfc45.dll
2008-05-19 01:59 . 2008-05-19 01:59 <DIR> d-------- C:\Program Files\Sony
2008-05-19 01:49 . 2008-05-19 01:49 <DIR> d-------- C:\Program Files\Softube
2008-05-19 01:27 . 2008-05-05 03:57 73 --a------ C:\WINDOWS\ShapeShifter.INI
2008-05-19 01:14 . 2008-05-19 01:30 <DIR> d-------- C:\Program Files\PSPaudioware
2008-05-18 23:51 . 2006-09-28 23:39 1,007,472 --a------ C:\WINDOWS\system32\AMPLiFY-02.mp3
2008-05-18 23:28 . 2008-05-20 08:35 269 --a------ C:\WINDOWS\wininit.ini
2008-05-18 13:47 . 2008-05-18 13:47 116,224 --------- C:\WINDOWS\system32\nggmvwfv.dll
2008-05-17 12:57 . 2008-05-17 12:57 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\DAEMON Tools Pro
2008-05-17 12:57 . 2008-05-17 12:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-05-17 12:26 . 2008-05-17 14:33 <DIR> d-------- C:\Program Files\DAEMON Tools Pro
2008-05-17 12:26 . 2008-05-17 12:26 59,392 --a------ C:\WINDOWS\system32\yayyAsRL.dll
2008-05-17 12:08 . 2008-05-17 12:08 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-05-17 08:50 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\system32\ShellManager310E2D762.dll
2008-05-17 08:50 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\system32\NEROINSTAEC43759.DB
2008-05-17 07:50 . 2008-05-18 23:42 <DIR> d-------- C:\Program Files\Cakewalk
2008-05-17 07:50 . 2008-05-18 23:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Cakewalk
2008-05-16 10:51 . 2008-05-16 10:51 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Waves Preferences
2008-05-16 10:51 . 2008-05-16 10:51 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Waves
2008-05-16 09:11 . 2008-05-16 09:11 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Waves Audio
2008-05-16 09:10 . 2008-05-18 23:40 <DIR> d-------- C:\Program Files\Waves
2008-05-15 16:14 . 2008-05-15 16:14 21 --a------ C:\Documents and Settings\Jay\Application Data\iasna_DAA2EFCB-59BE-41d2-8BA5-20B0E5C039A7.dll
2008-05-15 14:29 . 2008-05-19 00:28 <DIR> d-------- C:\Program Files\Native Instruments
2008-05-15 14:29 . 2008-05-19 00:05 <DIR> d-------- C:\Program Files\Common Files\Native Instruments
2008-05-15 12:40 . 2008-05-18 21:17 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\SIR
2008-05-15 12:40 . 2008-05-15 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SIR
2008-05-15 10:46 . 2008-05-15 10:46 <DIR> d-------- C:\Program Files\iZotope
2008-05-15 10:23 . 2008-05-15 10:23 <DIR> d-------- C:\Program Files\Image-Line
2008-05-15 09:37 . 2008-01-17 12:00 53,248 --a------ C:\WINDOWS\system32\IKStompIO1API.dll
2008-05-15 09:32 . 2008-05-15 09:32 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\FabFilter
2008-05-15 09:32 . 2008-05-19 04:14 48 --a------ C:\WINDOWS\system32\w3data.vss
2008-05-15 09:32 . 2008-05-19 04:14 48 --a------ C:\WINDOWS\system32\msvcsv60.dll
2008-05-15 09:32 . 2008-05-19 04:14 48 --a------ C:\WINDOWS\msocreg32.dat
2008-05-15 09:29 . 2008-05-15 09:52 <DIR> d-------- C:\Program Files\IK Multimedia
2008-05-15 09:11 . 2008-05-15 09:11 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Simplon
2008-05-15 08:38 . 2008-05-19 01:11 <DIR> d-------- C:\Program Files\Nomad Factory
2008-05-15 08:38 . 2003-03-18 18:04 765,952 --a------ C:\WINDOWS\system32\msvcp71d.dll
2008-05-15 08:38 . 2003-03-18 18:03 544,768 --a------ C:\WINDOWS\system32\msvcr71d.dll
2008-05-15 08:37 . 2008-05-15 08:37 <DIR> d-------- C:\Program Files\Safari
2008-05-15 08:26 . 2008-05-15 08:26 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Steinberg
2008-05-15 08:17 . 2008-05-15 08:17 <DIR> d-------- C:\Program Files\Audio Ease
2008-05-15 08:17 . 2008-05-15 08:23 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Audio Ease
2008-05-15 08:17 . 2008-05-15 08:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Audio Ease
2008-05-15 08:17 . 2003-06-20 12:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-15 08:17 . 2007-10-06 11:12 54,156 --a------ C:\WINDOWS\system32\QTFont.qfn
2008-05-15 08:17 . 2007-10-05 20:04 1,409 --a------ C:\WINDOWS\system32\QTFont.for
2008-05-14 01:32 . 2008-05-14 01:32 <DIR> d-------- C:\WINDOWS\Sun
2008-05-12 02:03 . 2008-05-12 05:07 <DIR> d-------- C:\Program Files\Soulseek
2008-05-11 21:58 . 2008-05-11 21:58 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-11 06:55 . 2008-05-19 01:07 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-05-11 06:50 . 2008-05-11 06:50 <DIR> d-------- C:\Program Files\NeroInstall.bak
2008-05-11 06:49 . 2008-05-11 06:49 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Nero
2008-05-11 06:48 . 2008-05-11 06:48 <DIR> d-------- C:\Program Files\Nero
2008-05-11 06:48 . 2008-05-17 10:50 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-11 06:48 . 2008-05-17 10:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-11 06:16 . 2008-05-19 04:33 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Azureus
2008-05-11 06:16 . 2008-05-11 06:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-05-11 04:33 . 2008-05-11 04:33 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-05-11 04:33 . 2008-05-11 04:33 <DIR> d-------- C:\Program Files\BeatportDownloader
2008-05-11 04:33 . 2008-05-11 04:33 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
2008-05-11 00:04 . 2008-04-13 14:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-05-11 00:04 . 2008-04-13 14:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-05-09 22:31 . 2008-05-09 22:31 <DIR> d-------- C:\Program Files\Ableton
2008-05-09 22:31 . 2008-05-11 22:10 <DIR> d-------- C:\Documents and Settings\Jay\Application Data\Ableton
2008-05-09 22:31 . 2007-09-28 11:10 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-09 22:31 . 2008-03-14 13:22 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-05-09 22:31 . 2008-03-14 13:22 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-05-09 15:59 . 2008-05-15 08:17 <DIR> d-------- C:\Program Files\Steinberg
2008-05-09 15:57 . 2008-05-09 15:57 <DIR> d-------- C:\Program Files\Syncrosoft
2008-05-09 15:57 . 2005-10-17 09:35 704,512 --a------ C:\WINDOWS\system32\SYNSOACC.dll
2008-05-09 15:57 . 2004-05-10 15:58 147,456 --a------ C:\WINDOWS\system32\SynsoLChk.dll
2008-05-09 15:57 . 2003-07-31 20:28 147,425 --a------ C:\WINDOWS\system32\SYNSOACC-Aide.chm
2008-05-09 15:57 . 2003-05-26 15:29 120,468 --a------ C:\WINDOWS\system32\SYNSOACC-Hilfe.chm
2008-05-09 15:57 . 2003-05-26 15:29 114,279 --a------ C:\WINDOWS\system32\SYNSOACC-Help.chm
2008-05-09 15:57 . 2002-11-25 08:36 45,056 --a------ C:\WINDOWS\system32\Synsopos.exe
2008-05-09 15:57 . 2005-05-09 20:08 33,792 --a------ C:\WINDOWS\system32\drivers\cledx.sys
2008-05-09 15:57 . 2002-11-25 05:46 16,896 --a------ C:\WINDOWS\system32\drivers\synasUSB.sys
2008-05-09 12:31 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-05-09 12:31 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-05-09 12:31 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-05-09 12:27 . 2008-05-09 12:27 376 --a------ C:\WINDOWS\ODBC.INI
2008-05-09 12:26 . 2008-05-09 12:26 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-09 12:24 . 2008-05-09 12:24 <DIR> d-------- C:\WINDOWS\ShellNew
2008-05-09 09:52 . 2008-05-09 09:52 <DIR> d-------- C:\Program Files\Azureus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 13:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 17:47 --------- d-----w C:\Program Files\Sierra Wireless
2008-05-07 17:46 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-07 17:45 --------- d-----w C:\Program Files\Synaptics
2008-05-07 17:30 --------- d-----w C:\Program Files\Intel
2008-05-07 17:30 --------- d-----w C:\Documents and Settings\Jay\Application Data\InstallShield
2008-05-07 17:21 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:46 61,696 ----a-w C:\WINDOWS\system32\drivers\ohci1394.sys
2008-04-13 18:46 59,136 ------w C:\WINDOWS\system32\drivers\rfcomm.sys
2008-04-13 18:46 53,376 ----a-w C:\WINDOWS\system32\drivers\1394bus.sys
2008-04-13 18:46 37,888 ------w C:\WINDOWS\system32\drivers\bthmodem.sys
2008-04-13 18:46 36,480 ------w C:\WINDOWS\system32\drivers\bthprint.sys
2008-04-13 18:46 273,024 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-13 18:46 25,600 ------w C:\WINDOWS\system32\drivers\hidbth.sys
2008-04-13 18:46 25,344 ----a-w C:\WINDOWS\system32\drivers\sonydcam.sys
2008-04-13 18:46 18,944 ------w C:\WINDOWS\system32\drivers\bthusb.sys
2008-04-13 18:46 17,024 ------w C:\WINDOWS\system32\drivers\bthenum.sys
2008-04-13 18:46 121,984 ------w C:\WINDOWS\system32\drivers\usbvideo.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:43 12,672 ------w C:\WINDOWS\system32\drivers\mutohpen.sys
2008-04-13 18:41 52,352 ----a-w C:\WINDOWS\system32\drivers\volsnap.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{36D9CB8D-B8CA-4A85-A879-06A71109F11E}]
2008-05-17 12:26 59392 --a------ C:\WINDOWS\system32\yayyAsRL.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F418DED-8329-46E6-9A7D-272190FBD57B}]
C:\WINDOWS\system32\geBrsQJC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B7BC779D-50B4-4605-882C-8FCE149892D1}]
C:\WINDOWS\system32\byXQhffD.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E3E15A14-B6E6-493C-83EE-B8CF1F90B20D}]
C:\WINDOWS\system32\khfGywtr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f1dc9a13-20cb-4a0a-8389-0189092e9f0a}]
2008-05-20 08:45 135168 --a------ C:\WINDOWS\system32\dqmhelkq.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-12-05 16:14 122880]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-05 16:14 524288]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2008-04-24 17:53 1036288]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-01-11 01:30 294912]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-01-11 01:30 208896]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2008-03-17 08:05 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2008-03-17 08:05 159744]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2008-03-17 08:05 131072]
"H2O"="C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe" [2005-10-23 00:00 385024]
"987f6952"="C:\WINDOWS\system32\jxtptkby.dll" [2008-05-20 01:59 114688]
"BM9b4c5ace"="C:\WINDOWS\system32\ukwsknle.dll" [2008-05-20 08:36 126976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 20:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{36D9CB8D-B8CA-4A85-A879-06A71109F11E}"= C:\WINDOWS\system32\yayyAsRL.dll [2008-05-17 12:26 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yayyAsRL]
yayyAsRL.dll 2008-05-17 12:26 59392 C:\WINDOWS\system32\yayyAsRL.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ultrawideband Control Center.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ultrawideband Control Center.lnk
backup=C:\WINDOWS\pss\Ultrawideband Control Center.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 09:08 136136 C:\Program Files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 17:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-02-28 09:59 570664 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
--a------ 2008-03-31 16:11 725352 C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2008-01-11 01:30]
R2 ioloFileInfoList;iolo FileInfoList Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R2 ioloSystemService;iolo System Service;C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2008-03-31 14:46]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]
R3 swmx01;Sierra Wireless USB MUX Driver (#01);C:\WINDOWS\system32\DRIVERS\swmx01.sys [2007-04-10 11:03]
S3 SWNC5E01;Sierra Wireless MUX NDIS Driver (#01);C:\WINDOWS\system32\DRIVERS\SWNC5E01.sys [2007-01-12 14:26]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 01:58:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-20 16:45:37 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 12:45:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\yayyAsRL.dll
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
-> C:\WINDOWS\system32\jxtptkby.dll
-> C:\WINDOWS\system32\ukwsknle.dll
-> ?:\WINDOWS\system32\MLANG.dll

PROCESS: C:\WINDOWS\system32\csrss.exe
-> C:\Program Files\iolo\common\lib\ioloHL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-05-20 12:49:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 16:49:18

Pre-Run: 168,280,702,976 bytes free
Post-Run: 169,277,448,192 bytes free

393 --- E O F --- 2008-05-16 01:40:05

I can't seem to get rid of this S.O.B.
----------------------------------------------
Edit:
Please don't add comments. ;)

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)

Do NOT run 'fixes' before helpers have analyzed HJT/KAV scans (http://forums.spybot.info/showthread.php?t=16806)

loopdokter

2008-05-21, 18:18

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02, on 2008-05-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {36D9CB8D-B8CA-4A85-A879-06A71109F11E} - C:\WINDOWS\system32\yayyAsRL.dll (file missing)
O2 - BHO: (no name) - {3F418DED-8329-46E6-9A7D-272190FBD57B} - C:\WINDOWS\system32\geBrsQJC.dll (file missing)
O2 - BHO: {9bd1070f-32bc-203b-c184-6105df4cc574} - {475cc4fd-5016-481c-b302-cb23f0701db9} - C:\WINDOWS\system32\srqxlugv.dll
O2 - BHO: (no name) - {65B35A4A-911C-4443-B799-22A3FECB3F75} - (no file)
O2 - BHO: (no name) - {6A9773F4-455C-43B1-B80E-DCBE1B7C4FED} - C:\WINDOWS\system32\mlJDwTkJ.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {B7BC779D-50B4-4605-882C-8FCE149892D1} - C:\WINDOWS\system32\byXQhffD.dll (file missing)
O2 - BHO: (no name) - {E3E15A14-B6E6-493C-83EE-B8CF1F90B20D} - C:\WINDOWS\system32\khfGywtr.dll (file missing)
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [PWRMGRTR] "rundll32" C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] "rundll32" C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [H2O] "C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe"
O4 - HKLM\..\Run: [987f6952] rundll32.exe "C:\WINDOWS\system32\nsmijteq.dll",b
O4 - HKLM\..\Run: [BM9b4c5ace] Rundll32.exe "C:\WINDOWS\system32\ukpbbkar.dll",s
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA4723] command /c del "C:\WINDOWS\system32\mlJDwTkJ.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7853] cmd /c del "C:\WINDOWS\system32\mlJDwTkJ.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB5191] command /c del "C:\WINDOWS\system32\mlJDwTkJ.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2812] cmd /c del "C:\WINDOWS\system32\mlJDwTkJ.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210199530375
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: yayyAsRL - yayyAsRL.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7508 bytes