Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Unknown Malware That Replaces Images In Web Pages


  • Please log in to reply
4 replies to this topic

#1 Othni

Othni

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 29 May 2008 - 12:45 PM

I got some malware that do not know how to get rid off.

I have Norton Symantec Corporate Anti-Virus always up-to-date.

Also I have the Windows Defender always running, which daily scans.

I started noticing new Tabs or pop-ups in my browsers (IE and Firefox) for Systemerrorfixer.com. I tried to use ComboFix and other. Combofix deleted somestuff but the functionality of the browsers was not like before and kept seeing some redirection to other websites. I even went back to a restore point but I am still not clean.

I can see a left over in the Run area of the registry. If I remove it, it comes back. And it generate a random file in Windows\System32 to load. I think it adheres to the explorer also.

When seeing web pages, sometimes I get, images that are replaced and link to suspect websites. An image can say, "WARNING. Your privacy data is in Danger! Start a Full Scan!

I am sure I have a problem with this line: HKLM\..\Run: [BM7b71a909] Rundll32.exe "C:\WINDOWS\system32\kpmpekxe.dll",s
but I try to delete and it comes back with same description but another random DLL.

Thank you for your help

*****************Here is the log

Deckard's System Scanner v20071014.68
Run by othni on 2008-05-26 16:32:22
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
132: 2008-05-26 20:32:37 UTC - RP688 - Deckard's System Scanner Restore Point
131: 2008-05-26 19:55:33 UTC - RP687 - ComboFix created restore point
130: 2008-05-26 15:23:13 UTC - RP686 - Installed GiPo@MoveOnBoot 1.9.5
129: 2008-05-23 23:12:44 UTC - RP685 - Remove AnyDVD
128: 2008-05-23 23:06:33 UTC - RP684 - Last known good configuration


-- First Restore Point --
1: 2008-05-23 23:06:07 UTC - RP557 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as othni.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35, on 2008-05-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AdminMagic Service\RepSvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\eventsentry_svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe
C:\Program Files\GFI\FAXmaker Client\FMSTART.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Project Lab\DDS\DDS.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Canon Electronics\Scan Panel\drpanel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\Spiceworks\bin\spicetray.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Spiceworks\bin\spiceworks.exe
C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\palmOne\Hotsync.exe
C:\lotus\organize\easyclip6.exe
C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\Wacom\TabUserW.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\DeskPins\DeskPins.exe
C:\Program Files\EventSentry\eventsentry_gui.exe
C:\Program Files\EverNote\EverNote\EverNote.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\othni\Desktop\dss.exe
C:\WINDOWS\system32\dumprep.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\othni.exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Iterasi.IEPlugin.Bar.InitToolbarBHO - {b21973d1-cbd6-46a8-8fcb-2af7aaaeb9ae} - mscoree.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll
O3 - Toolbar: iterasi Toolbar - {8e0c19a9-5657-409b-953f-59c941ffba4e} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LanTalk.NET] C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe
O4 - HKLM\..\Run: [FMStart] "C:\Program Files\GFI\FAXmaker Client\FMSTART.EXE"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [CANON DR2080C SVC] rundll32.exe DR2KSVC.dll,EntryPointUserMessage
O4 - HKLM\..\Run: [CCD Manager] "C:\Program Files\Project Lab\DDS\DDS.EXE"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe /silence
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Scan Panel] "C:\Program Files\Canon Electronics\Scan Panel\drpanel.exe" /Stay
O4 - HKLM\..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Cobian Backup 9 interface] "C:\Program Files\Cobian Backup 9\cbInterface.exe" -service
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [BM7b71a909] Rundll32.exe "C:\WINDOWS\system32\kpmpekxe.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\EverNote\UniClipper.exe"
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Monitor Calibration Wizard\MCW.exe" /s
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (User 'LOCAL SERVICE')
O4 - Startup: DeskPins.lnk = C:\Program Files\DeskPins\DeskPins.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: EventSentry Tray Icon.lnk = C:\Program Files\EventSentry\eventsentry_gui.exe
O4 - Startup: EverNote.lnk = C:\Program Files\EverNote\EverNote\EverNote.exe
O4 - Startup: MaxiVista Server.lnk = C:\Program Files\MaxiVista Server\MaxiVistaA.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = ?
O4 - Global Startup: Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: TabUserW.lnk = C:\Program Files\Wacom\TabUserW.exe
O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O15 - Trusted Zone: *.listen.com
O15 - Trusted Zone: *.llnwd.net
O15 - Trusted Zone: *.real.com
O15 - Trusted Zone: *.rhapsody.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.0.6.5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} (NSHelp Class) - http://ibmx232/ConnectComputer/nshelp.dll
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/Activ...iveXClient1.cab
O16 - DPF: {67F02384-3864-4BCE-A408-EDD9BD565D51} (DemoShield DemoNow Class) - http://www.openarchive.com/demoshield/demonow.cab
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://ibmx232/Remote/msrdp.cab
O16 - DPF: {8D95D14D-4AFB-4885-8BF1-FB09FD72FCD2} (eBLVD ActiveX Control) - https://www.eblvd.com/control/launcher/3.3/ebie.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://emcsoftware.webex.com/client/T26L/event/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rw.local
O17 - HKLM\Software\..\Telephony: DomainName = rw.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rw.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AdminMagic Service ((44185,1114)) (AdminMagic) - Unknown owner - C:\Program Files\AdminMagic Service\RepSvc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - C:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EventSentry - NETIKUS.NET ltd - C:\WINDOWS\system32\eventsentry_svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 16286 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080523-194742-342 O4 - HKLM\..\Run: [78429a95] rundll32.exe "C:\WINDOWS\system32\fnflhreg.dll",b
backup-20080523-194742-562 O4 - HKLM\..\Run: [BM7b71a909] Rundll32.exe "C:\WINDOWS\system32\omtkelcl.dll",s
backup-20080523-194742-645 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=dell1750:81;https=dell1750:81;ftp=dell1750:22;socks=dell1750:1080

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.ini - UltraEdit.ini - DefaultIcon - unable to read value
.ini - UltraEdit.ini - shell\open\command - "C:\Program Files\UltraEdit\uedit32.exe" "%1"
.reg - Regedit.Document - DefaultIcon - unable to read value
.reg - Regedit.Document - shell\open\command - c:\Winnt\Regedit.exe %1
.reg - Regedit.Document - shell\edit\command - unable to read value
.txt - UltraEdit.txt - DefaultIcon - unable to read value
.txt - UltraEdit.txt - shell\open\command - "C:\Program Files\UltraEdit\uedit32.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Kf450 - c:\windows\system32\drivers\kf450w2k.sys <Not Verified; Kofax Image Products; Kofax Adrenaline 450 Fast SCSI Adapter>
R0 ntcdrdrv - c:\windows\system32\drivers\ntcdrdrv.sys <Not Verified; NoteBurn Software; NoteBurn>
R0 PenClass (Pen Class) - c:\windows\system32\drivers\penclass.sys <Not Verified; Wacom Technology Corporation; Wacom Pen Class Driver>
R0 VClone - c:\windows\system32\drivers\vclone.sys <Not Verified; Elaborate Bytes AG; Virtual CloneDrive>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R2 LxrJD31d - c:\windows\system32\drivers\lxrjd31d.sys
R2 MaxiAcom - c:\windows\system32\drivers\maxiacom.sys <Not Verified; MaxiVista; MaxiVista video driver>
R2 MaxiMcom - c:\windows\system32\drivers\maximcom.sys <Not Verified; MaxiVista; MaxiVista video driver>
R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path Manager® (32-bit)>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 L6DP - c:\windows\system32\drivers\l6dp.sys <Not Verified; Line 6; Line 6 Device Proxy>
R3 maximir - c:\windows\system32\drivers\maximir.sys <Not Verified; MaxiVista; MaxiVista video driver>
R3 maxivista (Maxi_Vista_DriverA) - c:\windows\system32\drivers\maxivista.sys <Not Verified; MaxiVista; MaxiVista video driver>
R4 catchme - c:\combofix\catchme.sys (file missing)

S1 vcdrom (Virtual CD-ROM Device Driver) - c:\virtualcd\vcdrom.sys (file missing)
S3 FreshIO - c:\program files\freshdevices\freshdiagnose\freshio.sys (file missing)
S3 L6PODLV (PODxt Live Service) - c:\windows\system32\drivers\l6podlv.sys <Not Verified; Line 6; GuitarPort>
S3 VMnetAdapter (VMware Virtual Ethernet Adapter Driver) - c:\windows\system32\drivers\vmnetadapter.sys (file missing)
S3 zrcscp - c:\windows\system32\drivers\zrcscp.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AdminMagic (AdminMagic Service ((44185,1114))) - c:\program files\adminmagic service\repsvc.exe
R2 CobianBackupAmanita (Cobian Backup 9 service) - c:\program files\cobian backup 9\cbservice.exe <Not Verified; Luis Cobian; Cobian Backup Amanita>
R2 Crypkey License - crypserv.exe <Not Verified; Kenonic Controls Ltd.; CrypKey Software Licensing System>
R2 EventSentry - c:\windows\system32\eventsentry_svc.exe <Not Verified; NETIKUS.NET ltd; EventSentry>
R2 LxrJD31s (Lexar JD31) - lxrjd31s.exe
R2 NSCTOP (Symantec System Center Discovery Service) - c:\progra~1\symantec\symant~1\nsctop.exe <Not Verified; Symantec Corporation; Symantec System Center>
R2 TabletService - c:\windows\system32\tablet.exe <Not Verified; Wacom Technology, Corp.; Wacom Win32 Tablet Service>
R2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S4 ZRCS (Zilab Remote Console Server) - c:\program files\zilab\zrcs\zrcs.exe <Not Verified; Zilab Software, Inc.; >


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Conexant D850 56K V.9x DFVc Modem
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&5855BE9&0&28F0
Manufacturer: Conexant
Name: Conexant D850 56K V.9x DFVc Modem
PNP Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&5855BE9&0&28F0
Service: Modem

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_SCSI&PROD_DVD-ROM&REV_1.0\1&2AFD7D61&1&000
Manufacturer: (Standard CD-ROM drives)
Name: SCSI DVD-ROM SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_SCSI&PROD_DVD-ROM&REV_1.0\1&2AFD7D61&1&000
Service: cdrom


-- Scheduled Tasks -------------------------------------------------------------

2008-05-26 16:23:08 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-05-25 08:00:00 908 --a------ C:\WINDOWS\Tasks\Downloads backup.job


-- Files created between 2008-04-26 and 2008-05-26 -----------------------------

2008-05-26 15:54:51 68096 --a------ C:\WINDOWS\zip.exe
2008-05-26 15:54:51 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-26 15:54:51 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-26 15:54:51 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-26 15:54:51 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-26 15:54:51 98816 --a------ C:\WINDOWS\sed.exe
2008-05-26 15:54:51 80412 --a------ C:\WINDOWS\grep.exe
2008-05-26 15:54:51 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-26 11:23:13 0 d-------- C:\Program Files\GiPo@Utilities
2008-05-26 11:23:13 0 d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-05-26 10:42:36 124928 --a------ C:\WINDOWS\system32\kpmpekxe.dll
2008-05-23 19:57:22 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-23 19:57:21 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-23 19:33:44 0 d-------- C:\Program Files\Trend Micro
2008-05-23 19:21:13 0 d-------- C:\Documents and Settings\othni\Application Data\HouseCall 6.6
2008-05-23 19:14:46 115200 --a------ C:\WINDOWS\system32\fnflhreg.dll
2008-05-23 19:11:58 133632 --a------ C:\WINDOWS\system32\uvvakslt.dll
2008-05-23 19:07:05 126464 --a------ C:\WINDOWS\system32\omtkelcl.dll
2008-05-23 17:36:41 0 d-------- C:\Documents and Settings\othni\.housecall6.6 <HOUSEC~1.6>
2008-05-22 12:43:25 0 d-------- C:\cmdcons
2008-05-22 12:43:08 0 d-------- C:\WINDOWS\setupupd
2008-05-20 17:38:20 0 d-------- C:\PS_I_LOVE_YOU
2008-05-20 16:46:21 19660800 --a------ C:\Documents and Settings\othni\ntuser.dat
2008-05-19 16:42:38 0 d-------- C:\testsplit
2008-05-19 16:41:14 0 d-------- C:\Program Files\A-PDF Split
2008-05-15 16:55:38 0 d-------- C:\emails
2008-05-14 10:44:39 0 d-------- C:\Program Files\SimpleOCR
2008-05-13 13:39:10 0 d-------- C:\Documents and Settings\othni\Application Data\Sam Francke
2008-05-13 13:39:07 0 d-------- C:\Program Files\CSVed
2008-05-13 13:25:49 0 d-------- C:\Program Files\aespe Table Browser
2008-05-09 11:22:51 0 d-------- C:\Program Files\OpenPandora
2008-05-08 14:55:19 0 d-------- C:\WINDOWS\Prefetch
2008-05-08 14:44:07 0 d-------- C:\WINDOWS\ServicePackFiles
2008-05-07 18:34:30 0 d-------- C:\WINDOWS\system32\scripting
2008-05-07 18:34:28 0 d-------- C:\WINDOWS\system32\en
2008-05-07 18:34:28 0 d-------- C:\WINDOWS\system32\bits
2008-05-07 18:34:28 0 d-------- C:\WINDOWS\l2schemas
2008-05-06 16:25:07 0 d-------- C:\Program Files\Iterasi
2008-05-05 11:26:57 0 d-------- C:\Program Files\UltraVNC
2008-05-02 09:59:16 0 d-------- C:\Program Files\Pegasus Imaging
2008-05-02 09:26:37 138704 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-05-01 17:39:14 0 d-------- C:\InTheNameofTheKing
2008-04-30 15:37:18 0 d-------- C:\Documents and Settings\othni\Application Data\Pamela
2008-04-30 15:37:15 0 d-------- C:\Program Files\Pamela


-- Find3M Report ---------------------------------------------------------------

2008-05-26 16:37:38 0 d-------- C:\Program Files\EventSentry
2008-05-26 16:16:03 0 d-------- C:\Documents and Settings\othni\Application Data\Skype
2008-05-26 16:09:02 0 d-------- C:\Documents and Settings\othni\Application Data\OpenOffice.org2
2008-05-26 16:02:42 13717 --a------ C:\WINDOWS\system32\wacom.dat
2008-05-26 16:01:08 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-05-26 12:00:08 4 --a------ C:\WINDOWS\system32\1BD17F
2008-05-26 11:23:13 0 d-------- C:\Program Files\Common Files
2008-05-23 18:56:10 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-23 18:55:05 0 d-------- C:\Program Files\Java
2008-05-23 18:40:28 0 d-------- C:\Documents and Settings\othni\Application Data\skypePM
2008-05-22 19:37:46 0 d-------- C:\Documents and Settings\othni\Application Data\e-Campaign
2008-05-22 18:51:45 0 d-------- C:\Program Files\e-Campaign 6
2008-05-21 13:01:28 0 d-------- C:\Documents and Settings\othni\Application Data\WebEx
2008-05-20 16:22:54 0 d-------- C:\Program Files\SlySoft
2008-05-16 18:49:04 0 d-------- C:\Program Files\EMCO OS License Modifier 1.0
2008-05-16 12:32:04 0 d-------- C:\Program Files\SimpleIndex
2008-05-14 19:01:53 0 d-------- C:\Program Files\TextPipe
2008-05-13 16:35:45 2516 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-09 12:49:43 0 d-------- C:\Program Files\DataPipe
2008-05-08 15:01:20 0 d-------- C:\Program Files\MSN Messenger
2008-05-08 14:47:01 0 d-------- C:\Program Files\Messenger
2008-05-08 14:46:26 0 d-------- C:\Program Files\Movie Maker
2008-05-08 14:43:48 0 d-------- C:\Program Files\Windows NT
2008-05-07 18:46:53 0 d-------- C:\Program Files\HTML Help Workshop
2008-05-07 17:14:52 0 d-------- C:\Program Files\AQUARIUS
2008-05-05 11:27:13 223 --a------ C:\WINDOWS\system32\'
2008-05-05 11:25:39 0 d-------- C:\Documents and Settings\othni\Application Data\ZipGenius
2008-05-05 11:05:00 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-05 11:04:29 0 d-------- C:\Program Files\AutoMate 5
2008-05-02 18:26:02 0 d-------- C:\Program Files\palmOne
2008-05-02 10:53:18 0 d-------- C:\Program Files\Cobian Backup 9
2008-04-26 16:55:00 0 d-------- C:\Program Files\Copernic Desktop Search 2
2008-04-25 14:20:10 2542 --a------ C:\WINDOWS\unins000.dat
2008-04-25 14:17:39 691545 --a------ C:\WINDOWS\unins000.exe
2008-04-22 16:49:12 136752 --a------ C:\Documents and Settings\othni\Application Data\GDIPFONTCACHEV1.DAT
2008-04-22 12:13:27 1224 --a------ C:\exporttext
2008-04-18 16:26:02 0 d-------- C:\Program Files\AutoIt3
2008-04-15 20:05:35 0 d-------- C:\Program Files\PRTax Live 2007
2008-04-14 15:42:04 0 d-------- C:\Program Files\DivX
2008-04-10 19:02:58 5936 --a------ C:\WINDOWS\mozver.dat
2008-04-10 19:01:23 0 dr------- C:\Documents and Settings\othni\Application Data\SpaceTime 3D
2008-04-07 17:09:24 0 d-------- C:\Program Files\AutoAdministrator
2008-04-07 11:20:46 0 d-------- C:\Documents and Settings\othni\Application Data\Thinstall
2008-04-04 17:07:22 0 d-------- C:\Program Files\Skype
2008-04-04 17:07:19 0 d-------- C:\Program Files\Common Files\Skype
2008-04-04 11:53:38 0 d-------- C:\Program Files\Opera
2008-04-04 09:42:24 0 d-------- C:\Program Files\TiffTeller
2008-04-03 09:01:42 0 d-------- C:\Program Files\Google
2008-04-02 18:54:41 0 d-------- C:\Program Files\CertGear
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-31 17:25:46 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-03-31 17:25:46 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 17:25:46 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-03-28 15:17:14 0 d-------- C:\Program Files\Softland
2008-03-27 16:17:56 0 d-------- C:\Program Files\UltraExplorer
2008-03-26 14:51:36 0 d-------- C:\Documents and Settings\othni\Application Data\demoxi
2008-03-26 14:51:17 0 d-------- C:\Program Files\demoxi
2008-03-21 16:30:08 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 16:28:54 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-03-21 16:28:54 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-03-21 16:28:20 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-11 11:46:28 71168 --a------ C:\WINDOWS\system32\LxrJD31s.exe
2008-03-11 11:46:28 146432 --a------ C:\WINDOWS\system32\LxrJD31p.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2008-03-11 11:46:28 163840 --a------ C:\WINDOWS\system32\LxrJD31c.exe
2008-03-11 11:46:28 249856 --a------ C:\WINDOWS\system32\LxrJD31.dll
2008-03-11 11:46:28 61440 --a------ C:\WINDOWS\system32\LxrJD20Sat.dll
2008-02-29 14:44:35 898470 --a------ C:\Documents and Settings\othni\Application Data\fontlst2.opf


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b21973d1-cbd6-46a8-8fcb-2af7aaaeb9ae}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 02:20 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 09:56]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 23:05]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 16:30]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 16:30]
"LanTalk.NET"="C:\Program Files\CEZEO software\LanTalk NET\LanTalk.exe" [2007-12-12 06:22]
"FMStart"="C:\Program Files\GFI\FAXmaker Client\FMSTART.EXE" [2000-05-10 15:39]
"FinePrint Dispatcher v5"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2005-04-03 18:48]
"CANON DR2080C SVC"="DR2KSVC.dll" [2003-11-18 07:05 C:\WINDOWS\system32\DR2KSVC.DLL]
"CCD Manager"="C:\Program Files\Project Lab\DDS\DDS.EXE" [2002-09-11 11:14]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42]
"NWEReboot"="" []
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2005-04-12 11:27]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 16:44]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-03-12 15:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-21 11:50]
"NoteBurner"="C:\Program Files\NoteBurner\VTBurnerGUI.exe" [2007-10-15 11:41]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 19:14]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 19:15]
"Scan Panel"="C:\Program Files\Canon Electronics\Scan Panel\drpanel.exe" [2002-10-18 16:27]
"Spiceworks"="C:\Program Files\Spiceworks\bin\spicetray_silent.exe" [2007-12-19 19:18]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 05:42 C:\WINDOWS\system32\bthprops.cpl]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"Cobian Backup 9 interface"="C:\Program Files\Cobian Backup 9\cbInterface.exe" [2008-04-22 17:28]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2006-06-18 14:56]
"BM7b71a909"="C:\WINDOWS\system32\kpmpekxe.dll" [2008-05-26 10:42]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"TaskSwitchXP"="C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 18:29]
"UniClipper"="C:\Program Files\EverNote\EverNote\UniClipper.exe" [2007-12-11 14:20]
"MCW Startup"="C:\Program Files\Monitor Calibration Wizard\MCW.exe" [2002-12-20 17:06]
"USB Safely Remove"="C:\Program Files\USB Safely Remove\USBSafelyRemove.exe" [2007-12-17 11:07]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58]
"Copernic Desktop Search 2"="C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-03-03 16:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 12:02]

C:\Documents and Settings\othni\Start Menu\Programs\Startup\
DeskPins.lnk - C:\Program Files\DeskPins\DeskPins.exe [2004-05-02 13:02:51]
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-10-20 12:04:08]
EventSentry Tray Icon.lnk - C:\Program Files\EventSentry\eventsentry_gui.exe [2005-05-31 18:12:50]
EverNote.lnk - C:\Program Files\EverNote\EverNote\EverNote.exe [2007-04-11 09:16:23]
MaxiVista Server.lnk - C:\Program Files\MaxiVista Server\MaxiVistaA.exe [2005-12-01 11:47:20]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-01-09 11:36:31]
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe [2005-11-21 16:04:51]
HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe [2004-06-09 14:16:08]
Lotus Organizer EasyClip.lnk - C:\lotus\organize\easyclip6.exe [1999-09-15 21:23:00]
Microsoft Firewall Client Management.lnk - C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-09 19:04:10]
SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe [2005-10-14 07:25:00]
TabUserW.lnk - C:\Program Files\Wacom\TabUserW.exe [2005-12-20 15:33:20]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"LogonType"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"DisablePersonalDirChange"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-238767723-3061658640-953913548-1136\Scripts\Logoff\0\0]
"Script"=\\rw.local\sysvol\rw.local\scripts\logoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-238767723-3061658640-953913548-1136\Scripts\Logon\0\0]
"Script"=\\rw.local\sysvol\rw.local\scripts\SBS_LOGIN_SCRIPT.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-238767723-3061658640-953913548-1169\Scripts\Logoff\0\0]
"Script"=\\rw.local\sysvol\rw.local\scripts\logoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-238767723-3061658640-953913548-1169\Scripts\Logon\0\0]
"Script"=\\rw.local\sysvol\rw.local\scripts\SBS_LOGIN_SCRIPT.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^othni^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\othni\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupport"="C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CorelDRAW Graphics Suite 11b"=C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=122205 serial=dr12wub-4164693-kdr lang=EN
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#f$]
AutoRun\command- M:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#g$]
AutoRun\command- M:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#h$]
AutoRun\command- X:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#i$]
AutoRun\command- M:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#j$]
AutoRun\command- M:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#k$]
AutoRun\command- M:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#l$]
AutoRun\command- M:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#m$]
AutoRun\command- M:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#n$]
AutoRun\command- M:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#o$]
AutoRun\command- M:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##mover#r$]
AutoRun\command- X:\Autorun\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{127762af-0bc3-11dd-acb4-00123f7ab120}]
AutoRun\command- L:\Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6619c892-74a8-11db-ac41-00123f7ab120}]
AutoRun\command- K:\JDSecure\Windows\JDSecure31.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b759a88-7936-11da-86f1-00123f7ab120}]
AutoRun\command- L:\JDSecure\Windows\JDSecure31.exe




-- End of Deckard's System Scanner: finished at 2008-05-26 16:39:08 ------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® D CPU 3.00GHz
Percentage of Memory in Use: 60%
Physical Memory (total/avail): 1022.08 MiB / 404.98 MiB
Pagefile Memory (total/avail): 2458.86 MiB / 1823.14 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.46 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 145.95 GiB total, 70.1 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (Unformatted)
K: is Fixed (NTFS) - 111.78 GiB total, 64.15 GiB free.
P: is Network (NTFS)
Y: is Network (NTFS)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - ARRAY - 149 GiB - 3 partitions
\PARTITION0 - Unknown - 54.88 MiB
\PARTITION1 (bootable) - Installable File System - 145.95 GiB - C:
\PARTITION2 - Unknown - 3 GiB

\\.\PHYSICALDRIVE5 - ST312002 3A USB Device - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - K:

\\.\PHYSICALDRIVE1 - TEAC USB HS-CF Card USB Device

\\.\PHYSICALDRIVE3 - TEAC USB HS-MS Card USB Device

\\.\PHYSICALDRIVE4 - TEAC USB HS-SD Card USB Device

\\.\PHYSICALDRIVE2 - TEAC USB HS-xD/SM USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\othni\Application Data
CLASSPATH=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OTHNIXP
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\othni
LOGONSERVER=\\IBMX232
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\ZipGenius 6;C:\Program Files\Microsoft SQL Server\80\Tools\BINN;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Support Tools;C:\Program Files\UltraEdit;C:\PROGRA~1\COMMON~1\Odbc\FILEMA~1;C:\Program Files\EventSentry\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\othni\LOCALS~1\Temp
TMP=C:\DOCUME~1\othni\LOCALS~1\Temp
USERDNSDOMAIN=RW.LOCAL
USERDOMAIN=RW
USERNAME=othni
USERPROFILE=C:\Documents and Settings\othni
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

othni (admin)
marcel (admin)
test (update central)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\ISUNINST.EXE -a -f"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Toolbox\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Toolbox\hpwioi.dll" -i"tbxinst.ini" -h"HPZIOU00.DLL"
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> msiexec /i {0AC95D97-1B75-4AC7-B061-F21E379FF809} MSIPATCHREMOVE={211BCDA8-310E-493A-98F2-97D239B68AC9} /qb
--> msiexec /i {199B7F78-69B7-47C5-8D4B-A3ED1391FB6B} MSIPATCHREMOVE={0A3D1B9E-2E40-43CA-AD0C-4A10E244EFB7} /qb
--> MsiExec.exe /I{2AEBE10C-D819-4EBF-BC60-03BF2327D340}
--> MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
--> MsiExec.exe /X{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4UOnly 1.2.7 --> "C:\Program Files\Dillobits Software\4UOnly\unins000.exe"
A-PDF Split 2.2 --> "C:\Program Files\A-PDF Split\unins000.exe"
ACECAD DigiMemo Manager --> MsiExec.exe /I{50EF6812-7B51-4459-A52D-B4776DAAA415}
AdminMagic --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{38E7D1E1-F724-4662-BFC4-B49A37493937}\setup.exe" -l0x9
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator CS2 --> msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader for Palm OS, 3.05 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Adobe Reader for Palm OS\AcroDesk.isu" -c"C:\Program Files\Adobe\Adobe Reader for Palm OS\unpdf.dll"
Adobe SVG Viewer 3.0 --> C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced Installer 3.3.1 --> MsiExec.exe /I{24AD70D5-2BCC-4F69-957F-ED19ABA232C9}
AdvancedRemoteInfo --> "C:\Program Files\AdvancedRemoteInfo\unins000.exe"
aespe Table Browser --> MsiExec.exe /I{13AC23D3-461F-45E4-BF8A-F68C133A01B4}
APC PowerChute Personal Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A0C892E-FD1C-4203-941E-0956AED20A6A}\Setup.exe" -l0x9
AQUARIUS --> C:\WINDOWS\uninst.exe -f"C:\Program Files\AQUARIUS\DeIsL5.isu" -cC:\PROGRA~1\AQUARIUS\_ISREG32.DLL
AQUARIUS --> MsiExec.exe /I{2F1A4094-D8E0-4774-B2AA-B1368CB722BD}
AQUARIUS Viewer --> C:\WINDOWS\uninst.exe -f"C:\Program Files\AQUARIUS Viewer\DeIsL4.isu" -cC:\PROGRA~1\AQUARI~1\_ISREG32.DLL
Asterisk Key 8.0 --> C:\Program Files\Passware\un-ariskkey.exe
ATI Control Panel --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AttachmentOptions --> MsiExec.exe /I{A8D7DF18-5E46-4E4B-AF57-2E04A86EA626}
Attribute Changer 5.23 --> C:\Program Files\Romain's Software\Attribute Changer\uninstall.exe
Audacity 1.2.6 --> "C:\Program Files\Audacity\unins000.exe"
Aurelia Reporter --> C:\WINDOWS\system32\wpressun.exe remove
Auto Gordian Knot 2.40 --> C:\Program Files\AutoGK\uninst.exe
AutoAdministrator --> C:\WINDOWS\iun6002.exe "C:\Program Files\AutoAdministrator\irunin.ini"
AutoIt v3.2.10.0 --> C:\Program Files\AutoIt3\Uninstall.exe
Autoplay Repair 2.1.0 --> "C:\Program Files\Autoplay Repair\uninstall.exe"
Avery DesignPro --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2CC982C0-7EAE-11D4-ACC3-0050568AD318}\setup.exe" -uninst
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Band-in-a-Box 2004 Update --> c:\bb\unins001.exe
Camtasia Studio 2 --> C:\Program Files\TechSmith\Camtasia Studio 2\CSuninst.EXE
Canon DR-2080C Scanner Driver --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\PIXTRAN\DR2080C.isu -c"C:\WINDOWS\PIXTRAN\sdkunin.dll"
Canon DR-3060/3080C driver --> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\PIXTRAN\DR3080.isu -c"C:\WINDOWS\PIXTRAN\sdkunin.dll"
CapturePerfect 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2F3B366-830E-4371-9130-A8D6BE751363}\setup.exe" -l0x9 -uninst -removeonly
CISA --> "C:\Program Files\CertGear\CISA\UninstallerData\Uninstall CISA.exe"
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
CloneDVDmobile --> "C:\Program Files\SlySoft\CloneDVDmobile\CloneDVDmobile-uninst.exe" /D="C:\Program Files\SlySoft\CloneDVDmobile"
Cobian Backup 9 --> C:\Program Files\Cobian Backup 9\cbUninstall.exe
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D850 56K V.9x DFVc Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
Copernic Desktop Search 2 --> C:\Program Files\Copernic Desktop Search 2\uninst.exe
Corel Ventura 10 --> C:\WINDOWS\Corel\Uninst32.exe
Corel Ventura 10 --> C:\WINDOWS\Corel\uninst32.exe
CorelDRAW Graphics Suite X3 --> MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
CrossLoop 2.02 --> "C:\Program Files\CrossLoop\unins000.exe"
Crystal Reports 2008 --> MsiExec.exe /I{E91A2937-0368-460F-A511-73966296C967}
CSVed 1.4.4 --> "C:\Program Files\CSVed\unins000.exe"
DataPipe Single User Edition 3.6 --> "C:\Program Files\DataPipe\unins000.exe"
DDS --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8B700C9F-440B-46CC-9E41-66C0228C6952} /l1033
Dell Driver Reset Tool --> MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Support 3.1 --> MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
DeskPins (remove only) --> "C:\Program Files\DeskPins\uninstall.exe"
Digital Line Detect --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Digitope Visual Autorun --> MsiExec.exe /I{C28A60FF-1488-4948-8981-4DDF3CCB9F8C}
dirhtml 4.59 --> "C:\Program Files\dirhtml\unins000.exe"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.0 --> "C:\Program Files\vso\DivxToDVD\unins000.exe"
DocLink Demo --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\DocLink\ST6UNST.LOG"
Documents To Go --> MsiExec.exe /X{7723A0B8-23A2-454B-8831-99965558AECD}
DRAWings® Embroidery Effect --> MsiExec.exe /X{A8BD6A41-6283-4002-8B86-78263793E8B7}
DriveImage XML --> "C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u
DTM ODBC Manager --> C:\PROGRA~1\DTMODB~1\UNWISE.EXE C:\PROGRA~1\DTMODB~1\INSTALL.LOG
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Identifier --> "C:\Program Files\DVD Identifier\Uninst\unins000.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
e-Campaign 6 --> C:\PROGRA~1\E-CAMP~2\UNWISE.EXE C:\PROGRA~1\E-CAMP~2\INSTALL.LOG
Easy Batch Builder --> C:\WINDOWS\UnGins.exe "C:\Program Files\Octopussy Software\EBB\ebbinstall.log"
Email Effects 1.6 --> "C:\Program Files\Email Effects\unins000.exe"
EMCO OS License Modifier 1.0 --> "C:\Program Files\EMCO OS License Modifier 1.0\unins000.exe"
EN --> MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
ERUNT 1.1j --> "C:\Program Files\ERUNT\unins000.exe"
EventSentry --> msiexec.exe /i {E036A1A7-32BE-4460-8D29-6405677E4DCA}
EverNote (Trial) --> C:\Program Files\InstallShield Installation Information\{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}\setup.exe -runfromtemp -l0x0009 -removeonly
Exportizer 3.3 --> "C:\Program Files\Exportizer\unins000.exe"
Express Thumbnail Creator 1.72 --> "C:\Program Files\Express Thumbnail Creator\unins000.exe"
FAXmaker Remote Monitor --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D6170BDE-1FC2-4164-9361-DA77018EDFC9}\setup.exe"
File Notes Organizer 3.5 --> MsiExec.exe /X{BAADBA44-80C5-42CB-8577-E6F8EC5F449F}
FileMaker Pro 6 --> MsiExec.exe /I{58EDAD68-7839-42D8-A6AD-854A9ECB8224}
FinePrint --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpinst5.exe /uninstall
FontNav --> MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
GearBox 2.00 (Remove Only) --> C:\Program Files\Line6\GearBox\Uninstall.exe
GFI FAXmaker for Networks/SMTP Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74FA01A1-83D5-4217-B8C1-170548D34E55}\setup.exe" -L0x9-L0x9
GiPo@MoveOnBoot 1.9.5 --> MsiExec.exe /I{9F185C48-595B-401A-A1D6-AAB324890DC4}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Firefox --> MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GoToMeeting/GoToWebinar 3.0.0.190 --> C:\Program Files\Citrix\GoToMeeting\190\G2MUninstall.exe /uninstall
Group Policy Common Scenarios --> MsiExec.exe /I{5CDA9284-2832-4300-8898-43BB9DA5CA0E}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HouseCall 6.6 --> "C:\Documents and Settings\othni\Application Data\HouseCall 6.6\uninstaller.exe"
HP DeskJet 1220C Printer --> C:\WINDOWS\ISUNINST.EXE -a -f"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Printer\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP DeskJet 1220C Printer\HPWTVW.DLL" -u"comp.ini"
IDAutomation.com Code 39 Free Font --> C:\Program Files\IDAutomation.com Code 39 Free Font\uninstall.exe
Imaging for Windows® Professional Edition 2.6 --> "C:\Program Files\Imaging Professional\ipuninst.exe" -y -f"C:\Program Files\Imaging Professional\IPuninst.isu"
Intel Matrix Storage Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\setup.exe" -l0409 -INTELUNINST
Intel® PRO Network Connections Drivers --> Prounstl.exe
Intel® PROSet for Wired Connections --> MsiExec.exe /I{4CEA6811-DFAD-4892-828D-49941FE3B779}
Ipswitch WS_FTP Professional 2006 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
Iterasi Extension for IE --> MsiExec.exe /X{22398CBF-12A4-41AF-A239-BED2059DE4E6}
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{872653C6-5DDC-488B-B7C2-CF9E4D9335E5} /l1033
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Japanese Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JD Secure 3.1 --> C:\WINDOWS\System32\JDSecure31.exe /u
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Konica Scantrip --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Konica\Scantrip\DeIsL1.isu" -c"C:\Program Files\Konica\Scantrip\_ISREG32.DLL"
LanTalk.NET --> "C:\Program Files\CEZEO software\LanTalk NET\unins000.exe"
LinktivityPresenter --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Linktivity\LinktivityPresenter\Uninst.isu"
LiveUpdate 2.0 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Lotus Organizer 6.0 --> C:\WINDOWS\ounin11.exe /T Organizer /V 99.1 /I "c:\lotus\organize\org.inf" /C "c:\lotus\organize\cinstall.ini" /O c:\uninst.log /L EN /U Organizer User
Macromedia Flash Player 8 --> MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
MaxiVista Update 2.0.21 --> "C:\Program Files\MaxiVista Server\unins000.exe"
Microsoft Baseline Security Analyzer 2.0 --> MsiExec.exe /I{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}
Microsoft Calculator Plus --> MsiExec.exe /I{83073C45-3003-4671-9A86-243AAADD915A}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Firewall Client --> MsiExec.exe /I{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}
Microsoft Group Policy Management Console with SP1 --> MsiExec.exe /I{CA3553E0-191B-4E2F-AD3C-82E33CB9D4E4}
Microsoft ISA Server 2004 --> C:\Program Files\Microsoft ISA Server\Uninstall\SetupWrapper.exe /I
Microsoft ISA Server 2004 --> MsiExec.exe /I{0AC95D97-1B75-4AC7-B061-F21E379FF809}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{DF930075-1C01-45CA-B023-993BF4118096}
Microsoft Office Outlook 2003 --> MsiExec.exe /I{90E00409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Sounds --> MsiExec.exe /I{10CE1EA2-12E9-11D3-825E-00C04F6843FE}
Microsoft Office XP Media Content --> MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer --> MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE --> MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Publisher 2002 --> MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft SQL Server\80\Tools\Uninst.isu" -c"C:\Program Files\Microsoft SQL Server\80\Tools\sqlsun.dll" -msql.mif
Microsoft SQL Server 2000 Books Online (Updated - 2004) --> MsiExec.exe /X{BEE0ED8E-F442-41AD-AFE6-721297D91088}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Windows Vista Upgrade Advisor --> MsiExec.exe /I{962DE60D-D080-4E77-BD0C-F97A179C50B7}
Modem Helper --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Moffsoft FreeCalc --> "C:\Program Files\Moffsoft FreeCalc\unins000.exe"
Monarch 7 --> MsiExec.exe /X{E9DE0540-77F0-41D1-A01A-86C957F4B7A7}
Monarch Pro 7.02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8773992-A5A7-4EB9-B4F8-A60698F23597}\Setup.exe" -l0x9
Monitor Calibration Wizard 1.0 --> "C:\Program Files\Monitor Calibration Wizard\uninstall.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MS SQL to Access 2.1 --> C:\PROGRA~1\INTELL~1\UNWISE.EXE /U C:\PROGRA~1\INTELL~1\mss2acc.log
Musicmatch® Jukebox --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Musicnotes Player V1.22.3 --> "C:\Program Files\Musicnotes\Player\unins000.exe"
MyScript Notes for ACECAD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6378CFE7-D898-4C41-A7DD-4BB54ED80BB7}\Setup.exe" -l0x9 -removeonly
Navisphere Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{954A9217-CA9F-11D2-A6FC-00C04FB177EC}\setup.exe" -STARTEDFROMADDREMOVEPROGRAMS
Nero 7 Ultra Edition --> MsiExec.exe /I{BFB8C7BE-3BFA-446C-9F3E-3AFBA5BC1033}
NetWaiting --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
nLite 1.0 RC3 --> "C:\Program Files\nLite\unins000.exe"
NoteBurner 1.40 --> "C:\Program Files\NoteBurner\unins000.exe"
novaPDF Professional Desktop 5.4 printer --> "C:\Program Files\Softland\novaPDF Professional Desktop 5\unins000.exe"
OpenExpert 1.40 --> C:\Program Files\OpenExpert\uninstall.exe
OpenOffice.org 2.3 --> MsiExec.exe /I{83C03FBE-4492-4133-BBAB-421CD88ADA32}
OpenPandora 0.6.8 --> C:\Program Files\OpenPandora\uninstall.exe
Opera 9.27 --> MsiExec.exe /X{04DB4871-BC1D-44BF-AADB-47326365EB8C}
PackageCleaner --> MsiExec.exe /I{C191BD21-6A0C-41D4-A01C-8CE7554AFE71}
palmOne --> MsiExec.exe /X{E434580A-2D4A-4433-A81E-4BCAE86AD148}
Pamela Basic 4.0 --> C:\Program Files\Pamela\Uninst.exe
Peachtree Premium Accounting 2004 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0CD80C6C-23F4-46C3-A97C-78A1F0754B99}
Pegasus Imaging SmartScan Xpress Barcode 4.0 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{604EF8BD-5D08-4D81-9593-7D1C6C35B29E}
Pegasus ScanXpress ISIS v1.0 --> C:\PegasusSoftware\ScanXpressv10\UNWISE32.EXE C:\PegasusSoftware\ScanXpressv10\INSTALL.LOG
Pegasus Software SmartScan Barcode 2.0 --> C:\PEGASU~1\SMARTS~1\UNWISE32.EXE C:\PEGASU~1\SMARTS~1\INSTALL.LOG
Persona Windows 32-bit Client - 5.0a --> C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL3.isu
PhotoMeister 2 --> "C:\Program Files\PhotoMeister2\unins000.exe"
PhraseExpress v4.1.14 --> "C:\Program Files\PhraseExpress\unins000.exe"
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
PIXresizer 1.0.7 --> "C:\Program Files\PIXresizer\unins000.exe"
PocketKnife Peek 1.2 --> "C:\Program Files\PocketKnife Peek\unins000.exe"
PostCast Server Free Edition --> MsiExec.exe /I{357A4C2F-5CD8-4645-AD43-546D36A20F17}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prospector --> MsiExec.exe /X{CF3E8BE9-2AD1-42A9-97CD-33AD9826A9E8}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
R&W Emergency Server --> MsiExec.exe /I{D034C13E-1EC5-4608-ABC7-70C0C4187BFD}
ratDVD 0.78.1444 --> C:\Program Files\ratDVD\uninst.exe
Recogniform ImageProcessor --> MsiExec.exe /I{5621DB19-2ACB-4C20-86E8-3562E05F40C8}
Remote Helpdesk --> C:\WINDOWS\Remote Helpdesk Uninstaller.exe
Rhapsody --> C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
RocketDock 1.3.5 --> "C:\Program Files\RocketDock\unins000.exe"
ScanSoft OmniPage 16 --> MsiExec.exe /I{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Self Test Engine --> C:\PROGRA~1\SelfTest\UNWISE.EXE C:\PROGRA~1\SelfTest\INSTALL.LOG
Self Test Software: Exam 70-218 --> C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\UNWISE.EXE C:\PROGRA~1\SelfTest\EXAMFI~1\EXAMID~1\INSTALL.LOG
Self Test Software: Study Pack Study Guide 70-218 --> C:\PROGRA~1\SelfTest\STUDYG~1\70-218\STUDYG~1\70-218\UNWISE.EXE C:\PROGRA~1\SelfTest\STUDYG~1\70-218\STUDYG~1\70-218\INSTALL.LOG
Shadow Copy Client --> MsiExec.exe /I{23E5032B-56CA-4C19-A72E-B50161DB82CA}
ShellExView --> C:\WINDOWS\zipinst.exe /uninst "C:\Program Files\ShellExView\uninst1~.nsu"
Shockwave --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SimpleCoversheet --> MsiExec.exe /X{C2918BCF-8AE2-44B8-AA7D-C9F7F6E54EA0}
SimpleOCR 3.1 --> C:\PROGRA~1\SIMPLE~2\UNWISE.EXE C:\PROGRA~1\SIMPLE~2\INSTALL.LOG
SimpleQC --> MsiExec.exe /X{01DC14D6-9D39-4567-86E9-20AA8D7DDFFC}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmarTerm --> MsiExec.exe /I{13716A2D-3349-4518-BEFA-DE40722413C8}
SnagIt 7 --> MsiExec.exe /I{4360BB46-507E-4361-8DCB-4FF9BDC9907B}
Snapfish PhotoShow Express --> "C:\Program Files\Snapfish\Snapfish PhotoShow\data\Xtras\Uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Spiceworks --> C:\Program Files\Spiceworks\uninst.exe
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spybot - Search & Destroy 1.5.2.20 --> "C:\WINDOWS\unins000.exe"
Symantec AntiVirus --> MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Symantec System Center --> MsiExec.exe /I{1F211E59-C268-4A86-ACC2-5B0CD153C26C}
Symantec System Center --> MsiExec.exe /I{1F211E59-C268-4A86-ACC2-5B0CD153C26C}
TaskSwitchXP --> C:\Program Files\TaskSwitchXP\uninst.exe
TextPipe Pro 7.9.3 --> "C:\Program Files\TextPipe\unins000.exe"
Tiff Combine --> "C:\Program Files\Tiff Combine\unins000.exe"
TIFF Splitter Deluxe --> C:\WINDOWS\TIFF Splitter Deluxe Uninstaller.exe
TiffTeller --> "C:\Program Files\TiffTeller\unins000.exe"
TMPGEnc 3.0 XPress --> MsiExec.exe /I{D48EAA77-E526-41EB-894C-BD6A17EABD95}
TMPGEnc MPEG Editor --> MsiExec.exe /I{5C9440EC-5BAD-435F-8DE4-2B7A11C7B43E}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UltraEdit-32 --> "C:\Program Files\UltraEdit\Uninstall.exe" "C:\Program Files\UltraEdit\ueinstall.log"
UltraVNC v1.0.2 --> "C:\Program Files\UltraVNC\unins000.exe"
Unreal Tournament 2004 --> C:\UT2004\System\Setup.exe uninstall "UT2004"
Update Manager --> MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
USB Safely Remove 3.3 --> "C:\Program Files\USB Safely Remove\unins000.exe"
VBA --> MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Video Sentinel Remote Viewer --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Innovation Institute\Video Sentinel Remote Viewer\Uninst.isu"
VirtualCloneDrive --> "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
Visual Subst --> C:\Program Files\Visual Subst\uninst.exe
VobSub v2.23 (Remove Only) --> "C:\Program Files\Gabest\VobSub\uninstall.exe"
Wacom Tablet Driver --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Wacom\Uninst.isu" -c"C:\WINDOWS\system32\TabUnst.dll"
WebCyberCoach 3.2 Dell --> "C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WebEx --> C:\WINDOWS\DOWNLO~1\atcliun.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Defender Signatures --> MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Server 2003 Service Pack 1 Administration Tools Pack --> MsiExec.exe /I{27B3563C-561C-4924-8C0E-EA102264873F}
Windows Support Tools --> MsiExec.exe /I{8398B542-3CC4-44D9-83DF-696CCE70124B}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinMapper --> MsiExec.exe /X{643F1F0A-65F4-43A5-9F82-0FF048F10C08}
WinPatrol --> C:\WINDOWS\uninst.exe -f"C:\Program Files\BillP Studios\WinPatrol\DeIsL1.isu" -c"C:\Program Files\BillP Studios\WinPatrol\_ISREG32.DLL"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12 --> MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
X-Lite 3.0 --> "C:\Program Files\CounterPath\X-Lite\unins000.exe"
xplorer² professional --> "C:\Program Files\zabkat\xplorer2\Uninstall.exe"
XviD MPEG4 Video Codec (remove only) --> "C:\WINDOWS\system32\xvid-uninstall.exe"
ZeroTimer --> "C:\Program Files\WASEO\ZeroTimer\unins000.exe"
Zilab Remote Console Server v3 --> C:\PROGRA~1\Zilab\ZRCS\UNWISE.EXE C:\PROGRA~1\Zilab\ZRCS\INSTALL.LOG
ZipGenius 6 (6.0.2.1041) --> "C:\Program Files\ZipGenius 6\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type15397 / Error
Event Submitted/Written: 05/26/2008 04:35:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application Opera.exe, version 9.27.8841.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type15396 / Warning
Event Submitted/Written: 05/26/2008 04:20:49 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90E00409-6000-11D3-8CFE-0150048383C9}', feature 'OUTLOOKFiles' failed during request for component '{3CE26368-6322-4ABF-B11B-458F5C450D0F}'

Event Record #/Type15395 / Warning
Event Submitted/Written: 05/26/2008 04:20:49 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90E00409-6000-11D3-8CFE-0150048383C9}', feature 'OUTLOOKFiles', component '{AAB1AFA6-C533-11D3-8F30-00C04F5EFF06}' failed. The resource 'HKEY_CLASSES_ROOT\.pst\' does not exist.

Event Record #/Type15394 / Warning
Event Submitted/Written: 05/26/2008 04:20:26 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{90E00409-6000-11D3-8CFE-0150048383C9}', feature 'OUTLOOKFiles' failed during request for component '{3CE26368-6322-4ABF-B11B-458F5C450D0F}'

Event Record #/Type15393 / Warning
Event Submitted/Written: 05/26/2008 04:20:26 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{90E00409-6000-11D3-8CFE-0150048383C9}', feature 'OUTLOOKFiles', component '{AAB1AFA6-C533-11D3-8F30-00C04F5EFF06}' failed. The resource 'HKEY_CLASSES_ROOT\.pst\' does not exist.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type23695 / Error
Event Submitted/Written: 05/26/2008 04:18:22 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Symantec AntiVirus service terminated with the following error:
%%10

Event Record #/Type23668 / Error
Event Submitted/Written: 05/26/2008 04:03:55 PM
Event ID/Source: 7023 / Service Control Manager
Event Description:
The Symantec AntiVirus service terminated with the following error:
%%10

Event Record #/Type23666 / Error
Event Submitted/Written: 05/26/2008 04:03:55 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
The vnccom service depends on the vncdrv service which failed to start because of the following error:
%%1058

Event Record #/Type23646 / Warning
Event Submitted/Written: 05/26/2008 00:11:10 PM
Event ID/Source: 1002 / WinDefend
Event Description:
%NT AUTHORITY27 scan has been stopped before completion.

Scan ID: {1DB12542-5CDE-4468-8462-81975F03C4E5}

Scan Type: %NT AUTHORITY01

Scan Parameters: %NT AUTHORITY09

User: NT AUTHORITY\NETWORK SERVICE

Event Record #/Type23644 / Error
Event Submitted/Written: 05/26/2008 00:06:49 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}



-- End of Deckard's System Scanner: finished at 2008-05-26 16:39:08 ------------

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:48 AM

Posted 30 May 2008 - 09:20 AM

Hello Othni and welcome to BC. Let's see what we can find. Please follow the steps below in order:

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post (do not try to copy/paste it into the post).

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Othni

Othni
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 30 May 2008 - 10:48 AM

Thank you OldTimer

Since my post, I have done a couple of things and wanted to update you.

I scanned computer with Norton Symantec Corporate Anti-Virus. It found a couple of files infected with Trojan.Vundo. It could not remove them. I deleted the files manually with one of those programs that mark the files to be deleted upon reboot. I downloaded from the Symantec Website a removal program just for Trojan.Vundo, but the program said it did not find the virus.

Anyway, I deleted also the other DLL from the Windows\System directory that was being loaded and attached to the explorer. After a rebooted my PC, I got an error from RunDLL not being able to load the DLL file that I deleted. So I believe that the virus is not active anymore, and I tested my browsers and they are working fast like before.

But there is still something there, since there is a line that appears under the Run section trying to load that DLL I deleted. If I delete the line from the registry, it keeps coming back. But this time, apparently, the virus is not being loaded anymore.

I will follow your steps and keep you updated.

Thank you again.

#4 Othni

Othni
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 30 May 2008 - 12:23 PM

Ok, here is the log you requested.

Attached Files



#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:04:48 AM

Posted 30 May 2008 - 01:44 PM

Hi Othni. There is nothing showing up in the log. Just a bit of housekeeping to finish things up. Follow the instructions below:

Start OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> NWEReboot -> []
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{B4E30F61-16D9-11D3-85D1-005004229569} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{FB858B22-55E2-413f-87F5-30ADC5552151} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Cobian Backup 7\cobui.exe -> C:\Program Files\Cobian Backup 7\cobui.exe [C:\Program Files\Cobian Backup 7\cobui.exe:*:Enabled:Cobian Backup 7 Interface]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\E-CAMP~1\ECAMPA~1.EXE -> C:\PROGRA~1\E-CAMP~1\ECAMPA~1.EXE [C:\PROGRA~1\E-CAMP~1\ECAMPA~1.EXE:*:Enabled:e-Campaign]
YN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)]
[Files/Folders - Created Within 30 days]
NY -> 409 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> BM7b71a909.xml -> %SystemRoot%\BM7b71a909.xml
[Files/Folders - Modified Within 30 days]
NY -> @Alternate Data Stream - 108 bytes -> %SystemRoot%:
NY -> ' -> %SystemRoot%\System32\'
NY -> 1BD17F -> %SystemRoot%\System32\1BD17F
NY -> 409 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
NY -> BM7b71a909.xml -> %SystemRoot%\BM7b71a909.xml
NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 163 bytes -> %AllUsersProfile%\Application Data\TEMP:66E02052
NY -> @Alternate Data Stream - 116 bytes -> %AllUsersProfile%\Application Data\TEMP:8CE646EE
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time.

Close OTScanIt.

Other than that everything looks good. Go ahead and run the system normally for a couple of days and then get back with me and let me know if there are any continuing issues. If everything is Ok at that time, then we have some final cleanup to do and you'll be good to go.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users