Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Annoying Popup Mtn5.goole.ws


  • This topic is locked This topic is locked
2 replies to this topic

#1 zyx

zyx

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 01 July 2008 - 08:19 AM

Some other day I was online. Suddenly an annoying popupwindow appear. I closed it and in what seems like a randomly interval it is coming back! I have try to scan the computer with Ad-Aware, eTrust, Norton antivirus and Windows Defender and it is still coming back. Is there any solution to get rid of this behavior. The url to the popup is <hxxp://mtn5.goole.ws>.

Here are my logs (main and extra):

Deckard's System Scanner v20071014.68
Run by 1400 on 2008-07-01 14:24:58
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...failed; access is denied.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-07-01 14:28:24
Platform: Windows XP Service Pack 3 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program\CA\SharedComponents\CAM\bin\cam.exe
C:\Program\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
C:\Program\Intel\Wireless\Bin\EvtEng.exe
C:\Program\CA\SharedComponents\iTechnology\igateway.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program\CA\eTrustITM\InoRpc.exe
C:\Program\CA\eTrustITM\InoRT.exe
C:\Program\CA\eTrustITM\InoTask.exe
C:\Program\Delade filer\Microsoft Shared\VS7Debug\mdm.exe
C:\Program\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
C:\Program\Microsoft SQL Server\MSSQL$LOCALSQL2000\Binn\sqlservr.exe
C:\Program\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Program\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
C:\Notes\ntmulti.exe
C:\WINDOWS\system32\IIDXWA~1.EXE
C:\Program\Dell\QuickSet\NicConfigSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\CA\Unicenter Remote Control\rcHost.exe
C:\Program\Intel\Wireless\Bin\RegSrvc.exe
C:\Program\Microsoft SQL Server\MSSQL.4\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\Program\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program\Seagate Software\WCS\WebCompServer.exe
C:\Program\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program\CA\Unicenter DSM\Bin\CAF.exe
C:\Program\CA\Unicenter DSM\Bin\cfsmsmd.exe
C:\Program\CA\Unicenter DSM\Bin\ccnfAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program\CA\Unicenter DSM\Bin\cfnotsrvd.exe
C:\WINDOWS\explorer.exe
C:\Program\CA\Unicenter DSM\Bin\ccsmagtd.exe
C:\Program\CA\Unicenter DSM\Bin\rcHost.exe
C:\Program\CA\Unicenter DSM\PMAgent\capmuamagt.exe
C:\Program\CA\Unicenter DSM\Bin\cfFTPlugin.exe
C:\Program\DellTPad\Apoint.exe
C:\Program\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program\DellTPad\hidfind.exe
C:\Program\DellTPad\ApntEx.exe
C:\WINDOWS\stsystra.exe
C:\Program\Intel\Wireless\Bin\ZCfgSvc.exe
C:\Program\Intel\Wireless\Bin\iFrmewrk.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program\CA\Unicenter DSM\Bin\cfSysTray.exe
C:\WINDOWS\system32\iid.exe
C:\WINDOWS\system32\IIDXWA~1.EXE
C:\Program\CA\eTrustITM\Realmon.exe
C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe
C:\Program\Windows Live\Messenger\msnmsgr.exe
C:\Program\Sakora\Sakora.exe
C:\Program\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe
C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program\Intuwave\Shared\mRouterRuntime\mRouterRuntime.exe
C:\Program\Delade filer\Teleca Shared\Generic.exe
C:\Program\Symbian\Shared\SymbianConnectRunTime\SymbianConnectRuntime.exe
C:\Program\Symbian\Shared\SymbianConnectRunTime\SCBAL.exe
C:\Documents and Settings\1400\Skrivbord\dss.exe
C:\Program\Windows Live\Messenger\usnsvc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=0080122
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.se
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.se/hws/sb/dell-row-rel/s...html?channel=se
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.2.71.23:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ltv.se
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.dell.com/content/default....;l=sv&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.se/hws/sb/dell-row-rel/s...html?channel=se
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.se/ig/dell?hl=sv&client=dell-row-rel&channel=se&ibd=0080122
O2 - BHO: Länkhjälp till Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Delade filer\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11A7A749-0381-4AE2-940B-27EC006D6006} - C:\WINDOWS\system32\qOiheEus.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live inloggningshjälpen - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A66B14D6-5D5E-4DFA-9822-B6433C9756F1} - C:\WINDOWS\system32\wvUmnOeD.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [SDJobCheck] triggusr.exe
O4 - HKLM\..\Run: [DsmSxplog] "C:\Program\CA\Unicenter DSM\Bin\sxpstub.exe"
O4 - HKLM\..\Run: [CAF_SystemTray] "C:\Program\CA\Unicenter DSM\Bin\cfSysTray.exe"
O4 - HKLM\..\Run: [CAF] C:\Program\CA\Unicenter DSM\Bin\cfusrntf.exe
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\System32\iid.exe
O4 - HKLM\..\Run: [Net iD Watch IN] C:\WINDOWS\System32\IIDXWA~1.EXE -b "Net iD Watch IN" -w ~c:\program\internet explorer\iexplore.exe http://mednet
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PC Suite for Smartphones] "C:\Program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sakora] C:\Program\Sakora\Sakora.exe
O4 - HKCU\..\Run: [mRouterConfig] "C:\Program\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat" (User 'Default user')
O4 - Global Startup: Service Manager.lnk = C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1202199491761
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab
O17 - HKLM\Software\..\Telephony: DomainName = ltvastmanland.se
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = ltvastmanland.se
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = ltvastmanland.se
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = ltvastmanland.se
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program\Delade filer\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: gemsafe - C:\Program\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O20 - Winlogon Notify: qOiheEus - C:\WINDOWS\system32\qOiheEus.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: CA Message Queuing Server (CA-MessageQueuing) - CA, Inc. - C:\Program\CA\SharedComponents\CAM\bin\cam.exe
O23 - Service: CA Unicenter DSM r11 Common Application Framework. (caf) - CA - C:\Program\CA\Unicenter DSM\Bin\CAF.exe
O23 - Service: DM Primer (DMPrimer) - Computer Associates - C:\Program\CA\SharedComponents\DesktopCommonServices\DMPrimer\dmprimer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program\CA\eTrustITM\InoTask.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe
O23 - Service: Net iD Watch OUT - NetMaker Consulting Group AB - C:\WINDOWS\system32\IIDXWA~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program\Dell\QuickSet\NicConfigSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Seagate Page Server (pageserver) - Seagate Software, Inc. - C:\Program\Seagate Software\WCS\pageserver.exe
O23 - Service: Unicenter Remote Control Host (rcHost) - Computer Associates International, Inc. - C:\Program\CA\Unicenter Remote Control\rcHost.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program\CA\Unicenter Software Delivery\BIN\SDServ.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program\SigmaTel\C-Major Audio\WDM\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program\Delade filer\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Seagate Web Component Server (WebCompServer) - Seagate Software, Inc. - C:\Program\Seagate Software\WCS\WebCompServer.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program\Intel\Wireless\Bin\WLKEEPER.exe


--
End of file - 15333 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 WavxDMgr - c:\windows\system32\drivers\wavxdmgr.sys <Not Verified; Wave Systems Corp.; Document Manager>
R3 DXEC01 - c:\windows\system32\drivers\dxec01.sys <Not Verified; Knowles Acoustics; DXEC.01 Speech Enhancement>
R3 WaveFDE (Wave System Power Monitor Device Driver) - c:\windows\system32\drivers\wavefde.sys <Not Verified; Windows ® Codename Longhorn DDK provider; Windows ® Codename Longhorn DDK driver>

S3 RCSpyDDML - c:\windows\system32\drivers\rcspymp.sys <Not Verified; Computer Associates International, Inc.; Unicenter Remote Control>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CA-MessageQueuing (CA Message Queuing Server) - "c:\program\ca\sharedcomponents\cam\bin\cam.exe" <Not Verified; CA, Inc.; CA Message Queuing>
R2 DMPrimer (DM Primer) - "c:\program\ca\sharedcomponents\desktopcommonservices\dmprimer\dmprimer.exe" -dmprimer_service_: <Not Verified; Computer Associates; DMPrimer>
R2 iGateway (iTechnology iGateway 4.2) - c:\program\ca\sharedcomponents\itechnology\igateway.exe <Not Verified; CA, Inc.; iTechnology iGateway>
R2 Multi-user Cleanup Service - c:\notes\ntmulti.exe <Not Verified; IBM Corp; IBM Lotus Notes/Domino>
R2 Net iD Watch OUT - c:\windows\system32\iidxwa~1.exe servicemain -s "net id watch out" c:\program\mednet\mednetterminator.exe <Not Verified; NetMaker Consulting Group AB; Net iD>
R2 NICCONFIGSVC - c:\program\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
R2 rcHost (Unicenter Remote Control Host) - "c:\program\ca\unicenter remote control\rchost.exe" <Not Verified; Computer Associates International, Inc.; Unicenter Remote Control>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 SDService (Unicenter Software Delivery) - "c:\program\ca\unicenter software delivery\bin\sdserv.exe" <Not Verified; Computer Associates International, Inc.; Unicenter Software Delivery>
R2 STacSV (SigmaTel Audio Service) - c:\program\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 tcsd_win32.exe (NTRU TSS v1.2.1.25 TCS) - "c:\program\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"
R2 TdmService - c:\program\wave systems corp\trusted drive manager\tdmservice.exe <Not Verified; Wave Systems Corp.; Trusted Drive Manager>
R2 WebCompServer (Seagate Web Component Server) - "c:\program\seagate software\wcs\webcompserver.exe" -service <Not Verified; Seagate Software, Inc.; Seagate Info>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S2 pageserver (Seagate Page Server) - "c:\program\seagate software\wcs\pageserver.exe" -service -cache -deletecache <Not Verified; Seagate Software, Inc.; Seagate Info>
S3 SecureStorageService - "c:\program\wave systems corp\secure storage manager\securestorageservice.exe" <Not Verified; Wave Systems Corp.; Secure Storage Manager>
S3 stllssvr - "c:\program\delade filer\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S3 WaveEnrollmentService - "c:\program\wave systems corp\authentication manager\waveenrollmentservice.exe" <Not Verified; Wave Systems Corp.; Authentication Manager>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 3945ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&AB208E&0&00E1
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 3945ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10218086&REV_02\4&AB208E&0&00E1
Service: NETw4x32

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Unicenter r11 Remote Control Secure Control Adapter
Device ID: ROOT\DISPLAY\0003
Manufacturer: Computer Associates Intl., Inc.
Name: Unicenter r11 Remote Control Secure Control Adapter
PNP Device ID: ROOT\DISPLAY\0003
Service: rcVidCap


-- Scheduled Tasks -------------------------------------------------------------

2008-06-25 13:32:00 272 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2008-05-16 14:38:27 956 --a------ C:\WINDOWS\Tasks\Säkerhetskopiering - BLDV0064.job


-- Files created between 2008-06-01 and 2008-07-01 -----------------------------

2008-07-01 14:24:09 0 d-------- H:\Deckard
2008-07-01 11:37:14 0 d-------- C:\Program\Intuwave
2008-07-01 11:37:01 0 d-------- C:\Program\Symbian
2008-07-01 11:36:31 0 d-------- C:\Program\Delade filer\Sony Ericsson Shared
2008-06-30 09:45:20 0 d-------- C:\Documents and Settings\LocalService\Application Data\CA
2008-06-30 09:13:09 1471 --ahs---- C:\WINDOWS\system32\DeOnmUvw.ini2
2008-06-30 09:13:07 314784 --a------ C:\WINDOWS\system32\wvUmnOeD.dll
2008-06-30 09:08:03 25504 --a------ C:\WINDOWS\system32\qOiheEus.dll
2008-06-30 08:22:46 0 d-------- C:\Program\Lavasoft
2008-06-30 08:22:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-30 08:22:14 0 d-------- C:\Program\Delade filer\Wise Installation Wizard
2008-06-27 10:47:53 0 d---s---- C:\Documents and Settings\1413\UserData
2008-06-27 10:20:52 0 d-------- C:\WINDOWS\pss
2008-06-27 10:17:50 0 d-------- C:\Documents and Settings\1413\Application Data\Macromedia
2008-06-27 09:14:09 0 d-------- C:\Documents and Settings\1413\Application Data\Real
2008-06-27 09:14:01 0 d-------- C:\Documents and Settings\1413\Application Data\Adobe
2008-06-27 09:08:39 0 d-------- C:\Documents and Settings\1413\Application Data\Sony Ericsson
2008-06-27 09:08:32 0 d-------- C:\Documents and Settings\1413\Application Data\IID
2008-06-27 09:06:09 0 dr------- C:\Documents and Settings\1413\Favoriter
2008-06-27 09:06:09 0 d---s---- C:\Documents and Settings\1413\Cookies
2008-06-27 09:06:09 0 dr-h----- C:\Documents and Settings\1413\Application Data
2008-06-27 09:06:09 0 d-------- C:\Documents and Settings\1413\Application Data\Wave Systems Corp
2008-06-27 09:06:09 0 d---s---- C:\Documents and Settings\1413\Application Data\Microsoft
2008-06-27 09:06:09 0 d-------- C:\Documents and Settings\1413\Application Data\Intel
2008-06-27 09:06:09 0 d-------- C:\Documents and Settings\1413\Application Data\InstallShield
2008-06-27 09:06:09 0 d-------- C:\Documents and Settings\1413\Application Data\Identities
2008-06-27 09:06:09 0 d-------- C:\Documents and Settings\1413\Application Data\CA
2008-06-27 09:06:08 0 d-------- C:\Documents and Settings\1413\Skrivbord
2008-06-27 09:06:08 0 d--h----- C:\Documents and Settings\1413\Skrivare
2008-06-27 09:06:08 0 dr-h----- C:\Documents and Settings\1413\SendTo
2008-06-27 09:06:08 0 dr-h----- C:\Documents and Settings\1413\Recent
2008-06-27 09:06:08 0 d--h----- C:\Documents and Settings\1413\Nätverket
2008-06-27 09:06:08 0 d--h----- C:\Documents and Settings\1413\Mallar
2008-06-27 09:06:08 0 d--h----- C:\Documents and Settings\1413\Lokala inställningar
2008-06-27 09:06:07 0 dr------- C:\Documents and Settings\1413\Start-meny
2008-06-27 09:06:06 1310720 --ah----- C:\Documents and Settings\1413\NTUSER.DAT
2008-06-26 15:42:15 0 dr-h----- C:\Documents and Settings\1400\Recent
2008-06-26 13:36:38 0 d-------- C:\Documents and Settings\1400\Application Data\SpeedRunner
2008-06-26 13:31:39 0 d-------- C:\Program\Sakora
2008-06-26 13:31:35 0 d-------- C:\Program\Temporary
2008-06-26 13:21:29 0 d-------- C:\Program\mjc
2008-06-16 07:29:25 0 d-------- C:\Program\MSECache
2008-06-11 13:34:00 0 d-------- C:\Program\QuickTime
2008-06-11 13:33:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-04 07:26:53 0 d-------- H:\Mallar
2008-06-03 10:20:30 19460 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-06-02 08:46:25 0 d-------- C:\Documents and Settings\1400\Application Data\Agency9


-- Find3M Report ---------------------------------------------------------------

2008-07-01 11:41:17 0 d-------- C:\Program\Sony Ericsson
2008-07-01 11:37:12 0 d--h----- C:\Program\InstallShield Installation Information
2008-07-01 11:36:39 0 d-------- C:\Program\Delade filer\Teleca Shared
2008-07-01 11:36:31 0 d-------- C:\Program\Delade filer
2008-07-01 11:25:43 0 d-------- C:\Documents and Settings\1400\Application Data\Teleca
2008-07-01 11:25:21 128 --a----c- C:\WINDOWS\DelMR.bat
2008-06-30 08:03:26 100586 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-25 13:33:02 0 d-------- C:\Program\Safari
2008-06-16 07:37:47 644058 --a------ C:\WINDOWS\system32\perfh01D.dat
2008-06-16 07:37:47 164308 --a------ C:\WINDOWS\system32\perfc01D.dat
2008-06-16 07:36:51 0 d-------- C:\Program\CA
2008-06-11 13:35:44 0 d-------- C:\Documents and Settings\1400\Application Data\Apple Computer
2008-05-28 10:37:34 0 d-------- C:\Program\Apple Software Update
2008-05-22 07:46:52 0 d-------- C:\Program\Messenger
2008-05-22 07:46:43 0 d-------- C:\Program\Movie Maker
2008-05-22 07:44:46 0 d-------- C:\Program\Windows NT
2008-05-19 11:10:34 0 d-------- C:\Program\Microsoft Silverlight
2008-05-14 09:02:57 0 d-------- C:\Program\Delade filer\Ahead
2008-05-14 08:23:30 0 d-------- C:\Program\Nero


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11A7A749-0381-4AE2-940B-27EC006D6006}]
2008-06-30 09:08 25504 --a------ C:\WINDOWS\system32\qOiheEus.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A66B14D6-5D5E-4DFA-9822-B6433C9756F1}]
2008-06-30 09:13 314784 --a------ C:\WINDOWS\system32\wvUmnOeD.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program\DellTPad\Apoint.exe" [2007-09-23 20:27]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-31 17:50]
"nwiz"="nwiz.exe" [2007-05-31 17:50 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-05-31 17:50 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-31 17:50]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 01:26 C:\WINDOWS\stsystra.exe]
"IntelZeroConfig"="C:\Program\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 18:32]
"IntelWireless"="C:\Program\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 18:30]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 16:05]
"SDJobCheck"="triggusr.exe" [2003-11-15 19:40 C:\Program\CA\Unicenter Software Delivery\BIN\triggusr.exe]
"DsmSxplog"="C:\Program\CA\Unicenter DSM\Bin\sxpstub.exe" [2007-10-28 09:00]
"CAF_SystemTray"="C:\Program\CA\Unicenter DSM\Bin\cfSysTray.exe" [2007-10-28 04:45]
"CAF"="C:\Program\CA\Unicenter DSM\Bin\cfusrntf.exe" [2007-10-28 04:45]
"Net iD"="C:\WINDOWS\System32\iid.exe" [2006-03-02 10:22]
"Net iD Watch IN"="C:\WINDOWS\System32\IIDXWA~1.exe" [2006-06-20 15:49]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2008-04-14 18:05]
"Realtime Monitor"="C:\Program\CA\eTrustITM\realmon.exe" [2007-01-16 21:27]
"SunJavaUpdateSched"="C:\Program\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 16:07]
"QuickTime Task"="C:\Program\QuickTime\qttask.exe" [2008-05-27 10:50]
"PDVDDXSrv"="C:\Program\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 19:23]
"NWEReboot"="" []
"ISUSScheduler"="C:\Program\Delade filer\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50]
"ISUSPM Startup"="C:\Program\DELADE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50]
"Adobe Reader Speed Launcher"="C:\Program\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16]
"PC Suite for Smartphones"="C:\Program\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe" [2007-12-25 14:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:35]
"Sakora"="C:\Program\Sakora\Sakora.exe" [2008-06-26 13:31]
"mRouterConfig"="C:\Program\Intuwave\Shared\mRouterRuntime\mRouterConfig.exe" [2006-03-02 11:54]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"TSClientMSIUninstaller"=cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
"TSClientAXDisabler"=cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"

C:\Documents and Settings\All Users\Start-meny\Program\Autostart\
Service Manager.lnk - C:\Program\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2008-02-07 16:43:06]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleStartMenu"=0 (0x0)
"ForceStartMenuLogoff"=1 (0x1)
"NoWelcomeScreen"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)
"NoSimpleStartMenu"=1 (0x1)
"NoSMBalloonTip"=1 (0x1)
"ForceStartMenuLogOff"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoWindowsUpdate"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{11A7A749-0381-4AE2-940B-27EC006D6006}"= C:\WINDOWS\system32\qOiheEus.dll [2008-06-30 09:08 25504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CAF]
C:\Program\CA\Unicenter DSM\Bin\cfwlogon.dll 2007-10-28 04:45 27400 C:\Program\CA\Unicenter DSM\Bin\cfWlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 2006-11-16 17:20 73728 C:\Program\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qOiheEus]
qOiheEus.dll 2008-06-30 09:08 25504 C:\WINDOWS\system32\qOiheEus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rcHostExt]
C:\Program\CA\Unicenter DSM\Bin\rcLoginExt.dll 2007-10-28 04:47 11528 C:\Program\CA\Unicenter DSM\Bin\rcLoginExt.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\WINDOWS\system32\wvUmnOeD

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\LSC Remove Icons On Startmenu.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\LSC Read Helpfiles over network.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\SSC Create Folders Local.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-13014\Scripts\Logoff\0\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\SSU Logoff Script.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-13014\Scripts\Logon\0\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\LSU Office97 Settings.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-13014\Scripts\Logon\1\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\LSU Create Folders On Homedrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-13014\Scripts\Logon\2\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\Favorites.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-13014\Scripts\Logon\3\0]
"Script"=\\ltvastmanland.se\NETLOGON\PortalSettings.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-19516\Scripts\Logoff\0\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\SSU Logoff Script.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-19516\Scripts\Logon\0\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\LSU Office97 Settings.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-19516\Scripts\Logon\1\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\LSU Create Folders On Homedrive.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-19516\Scripts\Logon\2\0]
"Script"=\\ltvastmanland.se\SysVol\ltvastmanland.se\scripts\Favorites.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2139319003-981027789-1384523041-19516\Scripts\Logon\3\0]
"Script"=\\ltvastmanland.se\NETLOGON\PortalSettings.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-01 14:30:38 ------------


Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: Swedish

CPU 0: Intel® Core™2 Duo CPU T7700 @ 2.40GHz
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 3582.04 MiB / 2783.34 MiB
Pagefile Memory (total/avail): 5464.26 MiB / 4653.93 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1924.27 MiB

C: is Fixed (NTFS) - 148.93 GiB total, 95.32 GiB free.
D: is CDROM (No Media)
G: is Network (NTFS)
H: is Network (NTFS)
P: is Network (NTFS)
Q: is Network (NTFS)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2160BJ FFS G2 - 149.05 GiB - 2 partitions
\PARTITION0 - Unknown - 109.79 MiB
\PARTITION1 (bootable) - Installerbart filsystem - 148.93 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is not configured.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\1400\Application Data
ASMROOT=C:\Program\CA\Unicenter Software Delivery\SD
AVENGINE=C:\Program\CA\SHARED~1\SCANEN~1
CAI_CAFT=C:\Program\CA\SharedComponents\CAM
CAI_MSQ=C:\Program\CA\SharedComponents\CAM
CASHCOMP=C:\Program\CA\SharedComponents\
CI_HOLOS_CLI=C:\Program\Seagate Software\Open Olap\
CLASSPATH=.;C:\Program\Java\jre1.5.0_10\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program\Delade filer
COMPUTERNAME=BLDV0064
ComSpec=C:\WINDOWS\system32\cmd.exe
DEFAULT_CA_NR=CA8
FP_NO_HOST_CHECK=NO
HOMEDRIVE=H:
HOMEPATH=\
HOMESHARE=\\ltvastmanland.se\ltv\home2\1400
IGW_LOC=C:\Program\CA\SharedComponents\iTechnology\
INCLUDE=C:\Program\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\
INOCULAN=C:\Program\CA\eTrustITM
ITMLICENSE=C:\Program\CA\SharedComponents\SubscriptionLicense\
ITMTHIRDPARTY=C:\Program\CA\SharedComponents\ThirdParty\
LIB=C:\Program\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
LOGONSERVER=\\SSALDC01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Notes\;C:\Notes\data\;C:\Program\CA\Unicenter ServicePlus Service Desk\bin\;C:\Program\CA\Dcs\DMScripting\;C:\Program\CA\DCS\CAWIN\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program\Gemplus\GemSafe Libraries\BIN;C:\Program\Delade filer\Roxio Shared\DLLShared\;C:\Program\CA\Unicenter Software Delivery\BIN;C:\Program\CA\SharedComponents\CAM\bin;C:\Program\CA\Unicenter DSM\bin;c:\Program\Microsoft SQL Server\90\Tools\binn\;C:\Program\Microsoft SQL Server\80\Tools\Binn\;C:\Program\Microsoft SQL Server\90\DTS\Binn\;C:\Program\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;C:\Program\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;C:\Program\ULTRAE~1;C:\Program\Delade filer\Teleca Shared;C:\CA_APPSW;C:\Program\QuickTime\QTSystem\;C:\Program\CA\SharedComponents\ScanEngine;C:\Program\CA\SharedComponents\CAUpdate\;C:\Program\CA\SharedComponents\ThirdParty\;C:\Program\CA\SharedComponents\SubscriptionLicense\;C:\Program\CA\eTrustITM;C:\Program\Intuwave\Shared\mRouterRuntime
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program
PROMPT=$P$G
QTJAVA=C:\Program\Java\jre1.5.0_10\lib\ext\QTJava.zip
RoxioCentral=C:\Program\Delade filer\Roxio Shared\9.0\Roxio Central33\
SDROOT=C:\Program\CA\Unicenter DSM\SD
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\1400\LOKALA~1\Temp
TMP=C:\DOCUME~1\1400\LOKALA~1\Temp
USERDNSDOMAIN=LTVASTMANLAND.SE
USERDOMAIN=DLTVMAST
USERNAME=1400
USERPROFILE=C:\Documents and Settings\1400
VS71COMNTOOLS=C:\Program\Microsoft Visual Studio .NET 2003\Common7\Tools\
VS80COMNTOOLS=C:\Program\Microsoft Visual Studio 8\Common7\Tools\
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

1400 (admin)
1413 (new local, admin, net ready)
ldadmnt1 (admin)
svc_CaDSM (admin)
a1400 (new local, admin, net ready)
IT Centrum (new local, admin)
ASPNET
Administratör (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\Setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> MsiExec.exe /X{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Svenska --> MsiExec.exe /I{AC76BA86-7AD7-1053-7B44-A81200000003}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AuthenTec Fingerprint Sensor Minimum Install --> MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
biolsp patch --> MsiExec.exe /I{9593C6E5-205E-45C3-B785-05CF146CA76A}
Bluetooth Stack for Windows by Toshiba --> MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom ASF Management Applications --> MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}
Broadcom Management Programs --> MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Browser Address Error Redirector --> MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
BusApi (Application Proxy) --> MsiExec.exe /X{7175CA48-001B-4B7F-AED3-357ABCDDF68A}
CA eTrustITM Agent --> MsiExec.exe /X{107558C8-458B-45EA-A0FE-7CC10D687DB6}
CA iTechnology iGateway --> MsiExec.exe /X{847501DF-07C0-4691-B04A-893929F108AE}
CA Unicenter DSM Agent + Asset Management Plugin --> MsiExec.exe /X{624FA386-3A39-4EBF-9CB9-C2B484D78B29}
CA Unicenter DSM Agent + Basic Inventory Plugin --> MsiExec.exe /X{501C99B9-1644-4FC2-833B-E675572F8929}
CA Unicenter DSM Agent + Remote Control Plugin --> MsiExec.exe /X{84288555-A79E-4ABD-BA53-219C4D2CA20B}
CA Unicenter DSM Agent + Software Delivery Plugin --> MsiExec.exe /X{62ADA55C-1B98-431F-8618-CDF3CE4CFEEC}
CA Unicenter Remote Control 6.0 ENU Service Pack 1 --> MsiExec.exe /I{97F0F52B-E32A-4E32-9E37-AAB9EFA6A945}
CA Unicenter ServicePlus Service Desk Client --> MsiExec.exe /I{B738DD17-0AF5-46F0-B23D-B42840B8D036}
CA Unicenter Software Delivery --> "C:\Program\CA\Unicenter Software Delivery\BIN\sdgoaway.exe"
CCleaner (remove only) --> "C:\Program\CCleaner\uninst.exe"
Compatibility Pack för Office 2007-systemet --> MsiExec.exe /X{90120000-0020-041D-0000-0000000FF1CE}
Conexant HDA D330 MDC V.92 Modem --> C:\Program\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Dell Drivers MSI --> MsiExec.exe /I{5EC5F187-9D2B-4051-8906-88656819A869}
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Touchpad --> C:\Program\DellTPad\Uninstap.exe ADDREMOVE
Diagnostiskt verktyg för modem --> MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Digital Line Detect --> C:\Program\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x001d -removeonly
Document Manager Lite --> C:\Program\InstallShield Installation Information\{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Center --> C:\Program\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup --> C:\Program\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
EMBASSY Trust Suite by Wave Systems --> C:\Program\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x0009 -removeonly
ESC Home Page Plugin --> C:\Program\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
Gemalto --> MsiExec.exe /I{EF05BA0F-AC15-4D12-AC5C-276225F5E751}
GemSafe Standard Edition 5.1 --> MsiExec.exe /X{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
High Definition Audio - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IntelliSonic Speech Enhancement --> MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Lotus Notes 6.5.4 sv --> MsiExec.exe /I{F9EEC33B-D774-4D02-A11B-C8DE40667E89}
Lotus NotesSQL 2.06 driver --> C:\WINDOWS\IsUninst.exe -fC:\Program\NotesSQL\UnInN206.isu -c"C:\Program\NotesSQL\\UninDrv.DLL"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Access 2000 SR-1 --> MsiExec.exe /I{0010041D-78E1-11D2-B60F-006097C998E7}
Microsoft Access 97 --> C:\Program\Microsoft Office\Office\Install\AcmeAcc.exe /w Acc97.stf
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU --> MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Document Explorer 2005 --> C:\Program\Delade filer\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005 --> MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{9012041D-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{9051041D-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2000 --> C:\WINDOWS\IsUninst.exe -f"C:\Program\Microsoft SQL Server\80\Tools\Uninst.isu" -c"C:\Program\Microsoft SQL Server\80\Tools\sqlsun.dll" -msql.mif
Microsoft SQL Server 2000 (LOCALSQL2000) --> C:\WINDOWS\IsUninst.exe -f"C:\Program\Microsoft SQL Server\MSSQL$LOCALSQL2000\Uninst.isu" -c"C:\Program\Microsoft SQL Server\MSSQL$LOCALSQL2000\sqlsun.dll" -msql.mif i=LOCALSQL2000
Microsoft SQL Server 2005 --> "C:\Program\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 --> MsiExec.exe /I{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}
Microsoft SQL Server 2005 Analysis Services --> MsiExec.exe /I{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}
Microsoft SQL Server 2005 Backward compatibility --> MsiExec.exe /I{2243F21A-E132-44F7-BA13-024D0845C815}
Microsoft SQL Server 2005 Books Online (English) --> MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Integration Services --> MsiExec.exe /I{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}
Microsoft SQL Server 2005 Mobile [ENU] Developer Tools --> MsiExec.exe /X{1389C6A4-4965-4AEC-9175-08B54A10FA48}
Microsoft SQL Server 2005 Reporting Services --> MsiExec.exe /I{E930E839-998E-42F9-97E2-71FC960DB1B7}
Microsoft SQL Server 2005 Tools --> MsiExec.exe /I{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}
Microsoft SQL Server Native Client --> MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Web Publishing Wizard 1.53 --> RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie3x86.inf,WebPostUninstall
Microsoft Visual J# .NET Redistributable Package 1.1 --> MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual J# 2.0 Redistributable Package --> C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable Package\install.exe
Microsoft Visual SourceSafe 6.0 --> "C:\program\Visual SourceSafe\setup\win32\1033\Setup.exe"
Microsoft Visual Studio .NET Enterprise Developer 2003 - English --> "C:\Program\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Enterprise Developer 2003 - English\setup.exe" /MaintMode
Microsoft Visual Studio 2005 Professional Edition - ENU --> C:\Program\Microsoft Visual Studio 8\Microsoft Visual Studio 2005 Professional Edition - ENU\setup.exe
Microsoft Visual Studio 6.0 Enterprise Edition --> "C:\Program\Microsoft Visual Studio\Common\Setup\1033\Setup.exe"
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSDN Library for Visual Studio .NET 2003 --> MsiExec.exe /I{5757AE1A-1DB4-4898-9806-09F77FBD5E57}
MSDN Library for Visual Studio 2005 --> msiexec /i {23959E96-A80F-4172-A655-210E9BB7BFBE}
MSDN Library for Visual Studio 2005 --> MsiExec.exe /X{23959E96-A80F-4172-A655-210E9BB7BFBE}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{DC86EAB4-DF11-4276-AB40-B556877F0E30}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Net iD 4.1 --> C:\WINDOWS\System32\iid.exe -uninstall
NetWaiting --> C:\Program\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x001d -removeonly
NTRU TCG Software Stack --> MsiExec.exe /I{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC Suite for Sony Ericsson --> C:\WINDOWS\Installer\{E1252473-6306-4d5d-904D-B06AA7F38161}\Setup.exe /uninstall
PC Suite for Sony Ericsson --> MsiExec.exe /I{C67F36D2-DE45-40B4-8D87-DF4A66A59532}
PowerDVD --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Preboot Manager --> MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
Private Information Manager --> C:\Program\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
Programvara för Intel® PROSet för trådlösa anslutningar --> C:\WINDOWS\Installer\iProInst.exe
QuickSet --> C:\Program\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Real Alternative 1.51 --> MsiExec.exe /X{A71E9366-F7D3-4B89-B67B-B32529476B40}
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Sakora --> "C:\Program\Sakora\Sakora.exe" -uninstall
Seagate Crystal Reports Developer Edition --> MsiExec.exe /I{C0774966-2821-11D3-B32D-00A0C9DA500E}
Secure Update --> C:\Program\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
Security Wizards --> C:\Program\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
SigmaTel Audio --> RunDll32 C:\Program\DELADE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x1d -remove -removeonly
Säkerhetsuppdatering för Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950759) --> "C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Säkerhetsuppdatering för Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Sony Ericsson Symbian 9 Drivers --> C:\Program\Sony Ericsson\Sony Ericsson Symbian 9 Drivers\ZEBRUninstall.exe
SpeedRunner --> C:\Documents and Settings\1400\Application Data\SpeedRunner\SRUninstall.exe
SQLXML4 --> MsiExec.exe /I{A188FCCF-E929-494D-B1F1-4313E02ACD52}
Trusted Drive Manager --> MsiExec.exe /I{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}
tsp patch --> MsiExec.exe /I{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}
Tweak UI --> "C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UltraEdit-32 Uninstall --> C:\Program\ULTRAE~1\UEDIT32.EXE /UNINSTALL
Update Service --> C:\Program\Sony Ericsson\Update Service\uninst.exe
upekmsi --> MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}
Wave Infrastructure Installer --> MsiExec.exe /I{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}
Wave Support Software --> C:\Program\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
Windows Live inloggningsassistenten --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live installer --> MsiExec.exe /X{E17F76BE-50E9-4E7C-ADF6-6D8F44A9C6F3}
Windows Live Messenger --> MsiExec.exe /X{20503DFE-E5B2-491E-B2C5-8BCB5BF5B9E9}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type16959 / Success
Event Submitted/Written: 07/01/2008 02:24:17 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type16958 / Error
Event Submitted/Written: 07/01/2008 02:22:49 PM
Event ID/Source: 107 / Report Server Windows Service (MSSQLSERVER)
Event Description:
Report Server Windows Service (MSSQLSERVER) cannot connect to the report server database.

Event Record #/Type16954 / Error
Event Submitted/Written: 07/01/2008 02:22:11 PM
Event ID/Source: 0 / Broadcom ASF IP and SMBIOS Mailbox Monitor
Event Description:
!ERROR 53 Refreshing BMAPI data

Event Record #/Type16953 / Error
Event Submitted/Written: 07/01/2008 02:21:58 PM
Event ID/Source: 117 / Report Server Windows Service (MSSQLSERVER)
Event Description:
The report server database is an invalid version.

Event Record #/Type16894 / Error
Event Submitted/Written: 07/01/2008 02:20:46 PM
Event ID/Source: 17190 / MSSQL$SQLEXPRESS
Event Description:
FallBack certificate initialization failed with error code: 1.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type7647 / Error
Event Submitted/Written: 07/01/2008 02:22:06 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Tjänsten Seagate Page Server är beroende av tjänsten Network DDE. Den sistnämnda kunde inte starta på grund av följande fel:
%%1058

Event Record #/Type7636 / Warning
Event Submitted/Written: 07/01/2008 01:08:16 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
En timeout inträffade när ett meddelande om ändring av enhetsgränssnitt skickades till fönstret för ModemDeviceChange

Event Record #/Type7635 / Warning
Event Submitted/Written: 07/01/2008 01:08:16 PM
Event ID/Source: 256 / PlugPlayManager
Event Description:
En timeout inträffade när ett meddelande om ändring av enhetsgränssnitt skickades till fönstret för ModemDeviceChange

Event Record #/Type7602 / Error
Event Submitted/Written: 07/01/2008 00:22:24 PM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Tjänsten Seagate Page Server är beroende av tjänsten Network DDE. Den sistnämnda kunde inte starta på grund av följande fel:
%%1058

Event Record #/Type7540 / Error
Event Submitted/Written: 07/01/2008 11:29:54 AM
Event ID/Source: 7001 / Service Control Manager
Event Description:
Tjänsten Seagate Page Server är beroende av tjänsten Network DDE. Den sistnämnda kunde inte starta på grund av följande fel:
%%1058



-- End of Deckard's System Scanner: finished at 2008-07-01 14:30:38 ------------

Deactivated link. ~ OB


Edited by Orange Blossom, 11 February 2013 - 01:13 AM.


BC AdBot (Login to Remove)

 


#2 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 AM

Posted 03 July 2008 - 02:38 PM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.
  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has completed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.
___________________

Please visit this webpage for download links, and instructions for running ComboFix -

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says -

The Recovery Console was successfully installed.

Please continue as follows -
  • Close/Disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, so we may continue cleansing the system -

- the Combofix log (C:\ComboFix.txt)
- a new HijackThis log
- the CCleaner Uninstall List (install.txt)
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.

#3 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:38 AM

Posted 11 July 2008 - 10:23 AM

Due to inactivity this topic will be closed.

If you need help please start a new thread and post a new HijackThis log.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users