Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan problem?


  • This topic is locked This topic is locked
4 replies to this topic

#1 Michael Taft

Michael Taft

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 23 December 2008 - 10:20 AM

On October 31st, 2008 a Trojan Downloader launched on my work laptop. It had apparently been dormant until Halloween night at midnight and I was silly enough to be on at that time. It invited all sorts of friends and the only solution offered at work was to re-image my machine. That appeared to work for a while, but I started getting those annoying "Malware Threat" pop-ups again. Then there was a period of Internet Explorer randomly shutting down every 20 minutes. Now it is back to the pop-ups. I NEVER click on the pop-ups because I know they are trying to download malware. Plus the people that write them always have spelling errors. However, something is obviously still hanging around. Some help would be appreciated.

log.txt and info.txt follow. Any company name information has been removed:

*************************************************************************************************************************
Logfile of random's system information tool 1.05 (written by random/random)
Run by bf5c3mt at 2008-12-23 09:51:02
Microsoft Windows XP Professional Service Pack 2
System drive C: has 85 GB (75%) free of 114 GB
Total RAM: 2046 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:51, on 2008-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nslsvice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect BF\iPassPeriodicUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\notes\ntmulti.exe
C:\Program Files\Symantec\Ghost\ngserver.exe
c:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\StacSV.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
c:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\KA447C.EXE
C:\Program Files\iPass\iPassConnect BF\iPassPeriodicUpdateApp.exe
C:\Program Files\Symantec\Ghost\bin\dbserv.exe
C:\Program Files\Symantec\Ghost\bin\rteng9.exe
c:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
c:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\bf5c3mt\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\bf5c3mt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {ee47e6d6-eac0-4608-b03a-85349595aa8a} - C:\WINDOWS\system32\setevari.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "c:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [AgentUiRunKey] "C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/
O4 - HKLM\..\Run: [NGTray] "C:\Program Files\Symantec\Ghost\ngtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nivisosiva] Rundll32.exe "C:\WINDOWS\system32\lesuzeka.dll",s
O4 - HKLM\..\Run: [CPM1b1bf80c] Rundll32.exe "c:\windows\system32\sizehawi.dll",a
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {80947ADC-151D-490B-87F1-7C8CE1B46220} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.3.cab
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://tidalweb/ggw-activex.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=26688
O16 - DPF: {DC7D77DA-E1AC-4D40-930B-B87B2954E034} (QuickMksAxCtl Class) - https://vmwarevc/ui/plugin/msie/vmware-mks.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = xyz.net
O17 - HKLM\Software\..\Telephony: DomainName = xyz.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = xyz.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = xyz.net,xyz.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = xyz.net,xyz.com
O20 - AppInit_DLLs: c:\windows\system32\sizehawi.dll,C:\WINDOWS\system32\lokadodu.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sizehawi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sizehawi.dll
O23 - Service: AgentService - Connected Corporation - C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe
O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect BF\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect BF\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect BF\iPassPeriodicUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\WINDOWS\system32\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Symantec Ghost Database Service Wrapper (NGDBSERV) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGSERVER) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - c:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Unknown owner - C:\oracle\ora92\bin\omtsreco.exe (file missing)
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\bin\ONRSD.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: OfficeScan NT Listener (tmlisten) - Trend Micro Inc. - c:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: OfficeScan NT Firewall (TmPfw) - Trend Micro Inc. - c:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe
O23 - Service: OfficeScan NT Proxy Service (TmProxy) - Trend Micro Inc. - c:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe
O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 10811 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee47e6d6-eac0-4608-b03a-85349595aa8a}]
C:\WINDOWS\system32\setevari.dll [2008-09-22 60928]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-01-25 159744]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-04-28 8429568]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2007-04-28 67584]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-04-28 81920]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2007-06-08 128560]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-08-01 1036288]
"atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-06-12 408344]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-02-19 303104]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-08-24 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-08-24 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-08-24 131072]
"BluetoothAuthenticationAgent"=C:\WINDOWS\system32\bthprops.cpl [2004-08-04 110592]
"OfficeScanNT Monitor"=c:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [2008-11-09 709928]
"AgentUiRunKey"=C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe [2007-03-14 179712]
"NGTray"=C:\Program Files\Symantec\Ghost\ngtray.exe [2008-04-22 218504]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-22 136600]
"nivisosiva"=C:\WINDOWS\system32\lesuzeka.dll [2008-09-22 60928]
"CPM1b1bf80c"=c:\windows\system32\sizehawi.dll [2008-12-23 97926]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\sizehawi.dll,C:\WINDOWS\system32\lokadodu.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sizehawi.dll [2008-12-23 97926]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sizehawi.dll [2008-12-23 97926]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\lokadodu.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=XYZ Company - Terms and Conditions of Use
"legalnoticetext"=This is a private network system owned and operated by XYZ. Please logoff or lock your workstation before leaving it unattended to prevent unauthorized use. XYZ systems access and usage may be monitored. By clicking OK you are agreeing to these terms and conditions.
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"ForceStartMenuLogOff"=1
"DisallowCpl"=1
"NoAutoUpdate"=1
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoPublishingWizard"=
"NoWebServices"=
"NoMSAppLogo5ChannelNotify"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Symantec\Ghost\ngserver.exe"="C:\Program Files\Symantec\Ghost\ngserver.exe:*:Enabled:Symantec Ghost Configuration Server"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007"
"C:\WINDOWS\system32\ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe:*:Enabled:ctfmon"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe"="C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe"="C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe:*:Enabled:Connected Backup Agent"
"C:\Program Files\Symantec\Ghost\ngserver.exe"="C:\Program Files\Symantec\Ghost\ngserver.exe:*:Enabled:Symantec Ghost Configuration Server"
"C:\Program Files\Symantec\Ghost\GhostSrv.exe"="C:\Program Files\Symantec\Ghost\GhostSrv.exe:*:Enabled:Symantec GhostCast Server"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"

======List of files/folders created in the last 2 months======

2008-12-23 09:51:02 ----D---- C:\rsit
2008-12-23 07:33:47 ----A---- C:\ComboFix.txt
2008-12-23 07:26:34 ----A---- C:\Boot.bak
2008-12-23 07:26:27 ----RASHD---- C:\cmdcons
2008-12-23 07:25:05 ----A---- C:\WINDOWS\zip.exe
2008-12-23 07:25:05 ----A---- C:\WINDOWS\VFIND.exe
2008-12-23 07:25:05 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-23 07:25:05 ----A---- C:\WINDOWS\SWSC.exe
2008-12-23 07:25:05 ----A---- C:\WINDOWS\SWREG.exe
2008-12-23 07:25:05 ----A---- C:\WINDOWS\sed.exe
2008-12-23 07:25:05 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-23 07:25:05 ----A---- C:\WINDOWS\grep.exe
2008-12-23 07:25:05 ----A---- C:\WINDOWS\fdsv.exe
2008-12-23 07:25:02 ----D---- C:\WINDOWS\ERDNT
2008-12-23 07:25:02 ----D---- C:\Qoobox
2008-12-23 07:16:40 ----A---- C:\Bug.txt
2008-12-23 07:16:32 ----D---- C:\32788R22FWJFW
2008-12-22 11:12:08 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-22 11:12:08 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-22 11:12:08 ----A---- C:\WINDOWS\system32\java.exe
2008-12-22 11:12:08 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-19 17:04:23 ----A---- C:\WINDOWS\XOBJECTS.INI
2008-12-19 14:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2008-12-19 14:15:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-19 14:13:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-19 14:09:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-18 14:04:00 ----A---- C:\WINDOWS\picn1120.dll
2008-12-18 14:04:00 ----A---- C:\WINDOWS\picn1020.dll
2008-12-18 14:04:00 ----A---- C:\WINDOWS\eSellerateEngine.dll
2008-12-18 14:04:00 ----A---- C:\WINDOWS\dbrmdwb.exe
2008-12-18 14:04:00 ----A---- C:\WINDOWS\dbrmdwb.bat
2008-12-18 14:04:00 ----A---- C:\WINDOWS\dbplugin.exe
2008-12-18 14:03:59 ----A---- C:\WINDOWS\npdbplug.dll
2008-12-18 08:27:31 ----D---- C:\T5
2008-12-18 08:01:14 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Productivity Tools
2008-12-17 22:08:34 ----D---- C:\Cognos
2008-12-17 15:56:34 ----D---- C:\OPAS
2008-12-16 16:09:24 ----D---- C:\Dialogue Project
2008-12-16 15:01:30 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\webex
2008-12-04 08:29:44 ----D---- C:\Program Files\Common
2008-12-03 11:02:02 ----A---- C:\WINDOWS\VDM2D8.tmp
2008-12-03 11:01:53 ----A---- C:\WINDOWS\VDM2D7.tmp
2008-12-03 11:01:39 ----A---- C:\WINDOWS\VDM2D6.tmp
2008-12-03 11:01:35 ----A---- C:\WINDOWS\VDM2D5.tmp
2008-12-03 11:01:27 ----A---- C:\WINDOWS\VDM2D4.tmp
2008-12-03 11:01:24 ----A---- C:\WINDOWS\VDM2D3.tmp
2008-12-03 11:01:17 ----A---- C:\WINDOWS\VDM2D2.tmp
2008-12-03 11:01:12 ----A---- C:\WINDOWS\VDM2D1.tmp
2008-12-03 11:01:12 ----A---- C:\WINDOWS\brioqry6.ini
2008-12-03 11:01:07 ----A---- C:\WINDOWS\system32\Roboex32.dll
2008-12-03 11:01:07 ----A---- C:\WINDOWS\system32\INETWH32.dll
2008-12-03 11:01:07 ----A---- C:\WINDOWS\bqmeta0.ini
2008-12-03 11:01:07 ----A---- C:\WINDOWS\bqformat.ini
2008-12-03 11:01:06 ----A---- C:\WINDOWS\VDM2D0.tmp
2008-12-03 11:01:03 ----D---- C:\Program Files\Brio
2008-12-03 11:01:00 ----A---- C:\WINDOWS\VDM2CF.tmp
2008-12-03 11:00:57 ----A---- C:\WINDOWS\VDM2CE.tmp
2008-12-03 11:00:57 ----A---- C:\WINDOWS\VDM2CD.tmp
2008-12-03 11:00:54 ----A---- C:\WINDOWS\VDM2CC.tmp
2008-12-03 11:00:51 ----A---- C:\WINDOWS\VDM2CB.tmp
2008-12-03 11:00:48 ----A---- C:\WINDOWS\VDM2CA.tmp
2008-12-03 11:00:45 ----A---- C:\WINDOWS\VDM2C9.tmp
2008-12-03 11:00:36 ----A---- C:\WINDOWS\VDM2C8.tmp
2008-12-03 11:00:34 ----A---- C:\WINDOWS\VDM2C7.tmp
2008-12-03 11:00:24 ----A---- C:\WINDOWS\VDM2C6.tmp
2008-12-03 11:00:21 ----A---- C:\WINDOWS\VDM2C5.tmp
2008-12-03 11:00:19 ----A---- C:\WINDOWS\VDM2C4.tmp
2008-12-03 11:00:16 ----A---- C:\WINDOWS\VDM2C3.tmp
2008-12-03 11:00:15 ----A---- C:\WINDOWS\VDM2C2.tmp
2008-12-03 11:00:06 ----A---- C:\WINDOWS\VDM2C1.tmp
2008-12-03 11:00:04 ----A---- C:\WINDOWS\VDM2C0.tmp
2008-12-03 10:59:58 ----A---- C:\WINDOWS\VDM2BF.tmp
2008-12-03 10:59:54 ----A---- C:\WINDOWS\VDM2BE.tmp
2008-12-03 10:59:48 ----A---- C:\WINDOWS\VDM2BD.tmp
2008-12-03 10:59:27 ----A---- C:\WINDOWS\VDM2BC.tmp
2008-11-21 08:10:41 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\VMware
2008-11-21 08:10:41 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2008-11-20 18:25:56 ----A---- C:\WINDOWS\notesnsd.ini
2008-11-14 21:16:00 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Neopets Toolbar
2008-11-14 17:33:28 ----D---- C:\Program Files\Legato
2008-11-14 17:33:27 ----D---- C:\Program Files\Common Files\OTG
2008-11-14 17:33:05 ----D---- C:\WINDOWS\Downloaded Installations
2008-11-13 11:30:02 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Help
2008-11-11 12:18:56 ----A---- C:\WINDOWS\briohlp.ini
2008-11-11 12:14:04 ----A---- C:\WINDOWS\brioqplg.ini
2008-11-11 12:08:39 ----A---- C:\WINDOWS\oraodbc.ini
2008-11-11 12:08:16 ----D---- C:\WINDOWS\ADMINI~1
2008-11-10 22:06:39 ----D---- C:\WINDOWS\.jagex_cache_32
2008-11-10 08:36:12 ----D---- C:\temp
2008-11-10 08:25:04 ----D---- C:\WINDOWS\system32\log
2008-11-07 14:41:16 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-11-07 14:39:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-11-07 14:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-11-07 14:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-11-07 14:33:46 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-11-07 14:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-11-07 14:30:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-07 14:30:14 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-11-07 14:26:18 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-11-07 14:23:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-11-07 14:22:38 ----D---- C:\Program Files\MSXML 4.0
2008-11-07 14:20:14 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-11-07 14:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-11-07 14:13:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-11-06 14:46:13 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Embarcadero
2008-11-06 14:45:30 ----RA---- C:\WINDOWS\system32\tspopup.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsslic.txt
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71ut55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71tl55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71sl55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71ol55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71nl55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71mg55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71hl55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71ex55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71ed55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71di55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71dg55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71ct55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71cl55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71bl55.dll
2008-11-06 14:45:30 ----A---- C:\WINDOWS\system32\tsgetx71ag55.dll
2008-11-06 14:45:25 ----RA---- C:\WINDOWS\system32\Machnm1.exe
2008-11-06 14:45:12 ----D---- C:\Program Files\Embarcadero
2008-11-06 14:43:11 ----D---- C:\Downloads
2008-11-06 14:34:38 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\TextPad
2008-11-06 14:34:33 ----D---- C:\Program Files\TextPad 4
2008-11-06 14:33:50 ----D---- C:\Program Files\Textpad
2008-11-06 14:06:58 ----D---- C:\Taft Stuff
2008-11-06 11:10:56 ----D---- C:\Clarity
2008-11-06 11:01:09 ----D---- C:\WINDOWS\system32\E177E04D548C4006A465EEB92D3DE021
2008-11-06 11:01:00 ----N---- C:\WINDOWS\system32\wbhelp2.dll
2008-11-06 11:00:59 ----D---- C:\Documents and Settings\All Users\Application Data\Ipswitch
2008-11-06 09:44:05 ----A---- C:\WINDOWS\pexpcfg.INI
2008-11-06 09:39:56 ----D---- C:\Program Files\Oracle
2008-11-06 09:36:56 ----D---- C:\FTP
2008-11-06 09:36:28 ----D---- C:\Program Files\WS_FTP
2008-11-06 08:54:50 ----D---- C:\Program Files\Symantec
2008-11-06 08:54:50 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-06 08:54:43 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-06 08:48:57 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Download Manager
2008-11-06 04:14:00 ----D---- C:\WINDOWS\system32\VPCache
2008-11-05 12:53:38 ----D---- C:\PS3
2008-11-05 12:53:38 ----D---- C:\PS2
2008-11-05 12:42:05 ----D---- C:\Oracle
2008-11-05 12:39:21 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-05 09:47:46 ----D---- C:\sp
2008-11-05 09:46:41 ----D---- C:\Skillb
2008-11-05 09:46:41 ----D---- C:\NRS
2008-11-05 09:46:38 ----D---- C:\Music
2008-11-05 09:46:38 ----D---- C:\MS
2008-11-05 09:45:29 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Ipswitch
2008-11-05 09:45:26 ----D---- C:\Clarity Work
2008-11-05 09:45:21 ----D---- C:\BW Worksheet
2008-11-05 09:45:21 ----D---- C:\Business
2008-11-05 09:30:25 ----D---- C:\Program Files\Iron Mountain
2008-11-05 08:20:33 ----ASH---- C:\Documents and Settings\bf5c3mt\Application Data\desktop.ini
2008-11-05 08:20:30 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Macromedia
2008-11-05 08:20:30 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Identities
2008-11-05 08:20:30 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Dell
2008-11-05 08:20:30 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\CyberLink
2008-11-05 08:20:30 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Adobe
2008-11-05 08:20:29 ----SD---- C:\Documents and Settings\bf5c3mt\Application Data\Microsoft
2008-11-05 08:20:29 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Sun
2008-11-05 08:20:29 ----D---- C:\Documents and Settings\bf5c3mt\Application Data\Roxio
2008-11-05 08:14:26 ----D---- C:\WINDOWS\ms

======List of files/folders modified in the last 2 months======

2008-12-23 09:17:46 ----D---- C:\WINDOWS\Temp
2008-12-23 09:04:20 ----D---- C:\WINDOWS\system32
2008-12-23 09:04:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-23 09:01:20 ----D---- C:\MDT
2008-12-23 09:00:43 ----A---- C:\WINDOWS\smscfg.ini
2008-12-23 08:59:41 ----A---- C:\WINDOWS\system32\log.txt
2008-12-23 07:38:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-23 07:33:58 ----D---- C:\WINDOWS\system32\drivers
2008-12-23 07:33:56 ----D---- C:\WINDOWS
2008-12-23 07:31:29 ----A---- C:\WINDOWS\system.ini
2008-12-23 07:28:42 ----D---- C:\WINDOWS\system32\config
2008-12-23 07:27:53 ----D---- C:\WINDOWS\AppPatch
2008-12-23 07:27:53 ----D---- C:\Program Files\Common Files
2008-12-23 07:26:34 ----RASH---- C:\boot.ini
2008-12-23 07:25:03 ----D---- C:\WINDOWS\Prefetch
2008-12-23 07:21:59 ----RD---- C:\Program Files
2008-12-23 06:37:25 ----D---- C:\Program Files\Trend Micro
2008-12-23 06:25:59 ----ASH---- C:\WINDOWS\system32\sizehawi.dll
2008-12-22 18:38:26 ----D---- C:\WINDOWS\Registration
2008-12-22 11:59:44 ----ASH---- C:\WINDOWS\system32\dorugeba.dll
2008-12-22 11:12:46 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-22 11:12:45 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-22 11:12:44 ----SHD---- C:\WINDOWS\Installer
2008-12-22 11:11:50 ----D---- C:\Program Files\Java
2008-12-22 10:34:32 ----D---- C:\WINDOWS\security
2008-12-22 09:44:31 ----A---- C:\WINDOWS\cfgall.ini
2008-12-20 08:55:00 ----SHD---- C:\System Volume Information
2008-12-19 14:18:41 ----HD---- C:\WINDOWS\inf
2008-12-19 14:18:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-19 14:18:17 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 14:17:04 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-19 14:15:32 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 14:13:51 ----D---- C:\Program Files\Internet Explorer
2008-12-18 11:02:08 ----D---- C:\WINDOWS\system32\wbem
2008-12-18 08:01:29 ----D---- C:\notes
2008-12-18 08:01:21 ----D---- C:\Program Files\WebEx
2008-12-12 12:27:54 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 12:10:44 ----D---- C:\Program Files\Microsoft Office Communicator
2008-12-03 10:52:27 ----D---- C:\Documents and Settings
2008-11-11 12:08:39 ----A---- C:\WINDOWS\ODBCINST.INI
2008-11-10 08:30:08 ----A---- C:\tmuninst.ini
2008-11-07 14:31:59 ----D---- C:\Program Files\Messenger
2008-11-07 14:22:38 ----D---- C:\WINDOWS\WinSxS
2008-11-07 14:12:27 ----RSD---- C:\WINDOWS\assembly
2008-11-06 14:45:13 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-06 11:06:31 ----A---- C:\WINDOWS\win.ini
2008-11-06 10:21:58 ----D---- C:\Oldpc
2008-11-06 04:16:04 ----D---- C:\Utilities
2008-11-06 04:15:52 ----D---- C:\WINDOWS\system32\CatRoot
2008-11-06 04:14:04 ----D---- C:\WINDOWS\SoftwareDistribution
2008-11-05 08:22:14 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-05 08:20:57 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-05 08:14:57 ----D---- C:\WINDOWS\system32\ccmsetup
2008-11-05 08:14:51 ----D---- C:\WINDOWS\system32\CCM
2008-11-05 08:11:06 ----A---- C:\WINDOWS\setuplog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2008-11-09 72072]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 ATNT40K;ActiveTouch NT Appsharing Driver; C:\WINDOWS\SYSTEM32\DRIVERS\ATNT40K.SYS [2005-10-14 51304]
R2 CVPNDRVA;Cisco Systems IPsec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 iPassP;iPass Protocol (IEEE 802.1x) v3.5.1.0; C:\WINDOWS\system32\DRIVERS\iPassP.sys [2007-09-26 21419]
R2 LV_Tracker;LV_Tracker; C:\WINDOWS\system32\DRIVERS\LV_Tracker.sys [2007-03-14 36480]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 TmFilter;Trend Micro Filter; \??\c:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys []
R2 TmPreFilter;Trend Micro PreFilter; \??\c:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys []
R2 VSApiNt;Trend Micro VSAPI NT; \??\c:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-02-17 132608]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-01-30 160256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-03-16 604928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-23 127376]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-04-28 6727136]
R3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-04 5888]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-02-19 1228296]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2008-11-09 335888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-08-03 307712]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-09-14 2455040]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872]
S3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-01-31 56320]
S3 HECI;Intel® Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-06-12 45056]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgentService;AgentService; C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe [2007-03-14 5160960]
R2 atchksrv;Intel® Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-06-12 183064]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2006-02-09 578784]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-04-03 1516584]
R2 iPassPeriodicUpdateService;iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect BF\iPassPeriodicUpdateService.exe [2006-07-21 86016]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-22 152984]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2002-02-14 299008]
R2 LMS;Intel® Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-06-12 109336]
R2 Lotus Notes Single Logon;Lotus Notes Single Logon; C:\WINDOWS\system32\nslsvice.exe [2004-09-15 20530]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\notes\ntmulti.exe [2004-09-15 57393]
R2 NGSERVER;Symantec Ghost Configuration Server; C:\Program Files\Symantec\Ghost\ngserver.exe [2008-04-22 1119624]
R2 ntrtscan;OfficeScanNT RealTime Scan; c:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2008-11-09 906536]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-04-28 163908]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-02-19 90112]
R2 tmlisten;OfficeScan NT Listener; c:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2008-11-09 984360]
R2 UNS;Intel® Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-06-12 2521880]
R3 iPassPeriodicUpdateApp;iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect BF\iPassPeriodicUpdateApp.exe [2006-07-21 122880]
R3 NGDBSERV;Symantec Ghost Database Service Wrapper; C:\Program Files\Symantec\Ghost\bin\dbserv.exe [2008-04-22 87432]
R3 TmPfw;OfficeScan NT Firewall; c:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe [2008-11-09 488768]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-09-14 483328]
S2 OracleMTSRecoveryService;OracleMTSRecoveryService; C:\oracle\ora92\bin\omtsreco.exe OracleMTSRecoveryService []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPassConnectEngine;iPassConnectEngine; C:\Program Files\iPass\iPassConnect BF\iPassConnectEngine.exe [2006-07-27 1306624]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache; C:\oracle\ora81\bin\ONRSD.EXE [2000-10-19 411244]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TmProxy;OfficeScan NT Proxy Service; c:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [2008-11-09 652552]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

*****************************************************************************************************************************

info.txt logfile of random's system information tool 1.05 2008-12-23 09:51:10

======Uninstall list======

-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9CEFD131-4469-4DAE-868F-0E102CA76533}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
BF Word Templates-->MsiExec.exe /I{34628212-9DF1-45A7-B966-A3105ABE5B99}
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{550EEF19-4073-4836-9214-35FA2DC8B597}
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{550EEF19-4073-4836-9214-35FA2DC8B597}
Brio Intelligence Client-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Brio\BrioQuery\Uninst.isu"
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{B7F54262-AB66-44B3-88BF-9FC69941B643}
Calendar Printing Assistant for Microsoft Office Outlook 2007-->MsiExec.exe /X{90120000-00A7-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Connected Backup/PC Agent-->MsiExec.exe /I{393E4C89-67E9-43BF-AD29-94D19F7624F7}
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DBArtisan 8.1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE1E454E-79F7-495D-9883-522BB73C3C97}\setup.exe" -l0x9 HELLO -removeonly
Dell Touchpad-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Office (KB951701)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CC30F991-CDE5-40D0-95A2-0F04542840B4}
Hotfix for Office (KB958720)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D3907D2C-19C9-41CF-B06B-F3B5EC4504FB}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
ieSpell-->"C:\Program Files\ieSpell\uninst.exe"
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PRO Network Connections Drivers-->Prounstl.exe
Intel® Active Management Technology-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel® Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
iPassConnect BF-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000031468}\setup.exe"
Ipswitch WS_FTP Professional 2006-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
Jack Daniels Font-->MsiExec.exe /I{294316B7-FE4D-4014-BF17-84FA43035AD8}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Junk E-mail Reporting Tool-->MsiExec.exe /I{B72B06E0-0C54-495F-896F-E3ED2905624D}
LEGATO EmailXtender® 4.81 Client-->MsiExec.exe /I{DA9E949F-3C63-476C-9248-FF64D95A0031}
Lexmark Supplies Monitor-->C:\WINDOWS\system32\LXSMUNIN.EXE
Lexmark Z25-Z35-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXAXUN5C.EXE -dLexmark Z25-Z35
Lotus Notes 6.5.3-->MsiExec.exe /I{897891A6-6F93-49E0-B7D9-74FAF2AA862D}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Communicator 2007-->MsiExec.exe /X{E5BA0430-919F-46DD-B656-0796F8A5ADFF}
Microsoft Office Excel 2007 Get Started Tab-->MsiExec.exe /I{AB706D91-2242-4E1D-B4D0-1ED35387F5A7}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint 2007 Get Started Tab-->MsiExec.exe /I{5AE5DB70-5CE6-4876-A83E-8246CC36FC28}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Viewer 2007-->MsiExec.exe /I{95120000-0052-0409-0000-0000000FF1CE}
Microsoft Office Word 2007 Get Started Tab-->MsiExec.exe /I{68B52EFD-86CC-486E-A8D0-A3A1554CB5BC}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Oracle 8i-->MsiExec.exe /I{06BA0126-DFF7-4ECC-A4B1-529FE39D363C}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -l0x9 -cluninstall
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Set Temp Internet Files-->MsiExec.exe /I{39C751AC-F469-4934-99C6-E524034DA2F1}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
ST Microelectronics TPM Driver Installer-->MsiExec.exe /I{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}
Symantec Ghost Console and Standard Tools-->MsiExec.exe /I{8DB64BCF-A6CC-4E0F-0859-000009671916}
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
Trend Micro OfficeScan Client-->msiexec /x {ECEA7878-2100-4525-915D-B09174E36971}
Uninstall CutePDF-->MsiExec.exe /I{B038246D-15F6-4637-A478-4ABFF6A258A8}
Update for Outlook 2007 Junk Email Filter (kb936644)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {2B581052-BF85-4AA6-91C5-7B0090712B65}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\Setup.exe" -l0x9 VpnUninstall
WebEx Meeting Manager for Internet Explorer-->MsiExec.exe /I{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}
WebEx Productivity Tools-->MsiExec.exe /X{83B1FF4F-A661-4C3B-835D-585D24C4ED1E}
WebEx-->C:\PROGRA~1\WebEx\atcliun.exe
Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\tpmdrv_DD4ED559570FACD4E2A0BF969022A5E209FEA420\tpmdrv.inf
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinZip-->"C:\Program Files\WinZip\winzip32.exe" /uninstall

======Security center information======

AV: Trend Micro OfficeScan Antivirus
AV: Trend Micro OfficeScan Antivirus
FW: Trend Micro Personal Firewall

System event log

Computer Name: BF5C3MTD630L2
Event Code: 7036
Message: The Windows Installer service entered the running state.

Record Number: 3507
Source Name: Service Control Manager
Time Written: 20081126081743.000000-300
Event Type: information
User:

Computer Name: BF5C3MTD630L2
Event Code: 7035
Message: The Windows Installer service was successfully sent a start control.

Record Number: 3506
Source Name: Service Control Manager
Time Written: 20081126081743.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: BF5C3MTD630L2
Event Code: 7036
Message: The Network Location Awareness (NLA) service entered the running state.

Record Number: 3505
Source Name: Service Control Manager
Time Written: 20081126081743.000000-300
Event Type: information
User:

Computer Name: BF5C3MTD630L2
Event Code: 7035
Message: The Network Location Awareness (NLA) service was successfully sent a start control.

Record Number: 3504
Source Name: Service Control Manager
Time Written: 20081126081743.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: BF5C3MTD630L2
Event Code: 7035
Message: The Symantec Ghost Database Service Wrapper service was successfully sent a start control.

Record Number: 3503
Source Name: Service Control Manager
Time Written: 20081126081743.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: BF5C3MTD630L2
Event Code: 0
Message:
Record Number: 1294
Source Name: iPassPeriodicUpdateService
Time Written: 20081221120527.000000-300
Event Type: information
User:

Computer Name: BF5C3MTD630L2
Event Code: 1054
Message: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Record Number: 1293
Source Name: Userenv
Time Written: 20081221120527.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: BF5C3MTD630L2
Event Code: 1000
Message: Performance counters for the WmiApRpl (WmiApRpl) service were loaded successfully.
The Record Data contains the new index values assigned
to this service.

Record Number: 1292
Source Name: LoadPerf
Time Written: 20081221044838.000000-300
Event Type: information
User:

Computer Name: BF5C3MTD630L2
Event Code: 1001
Message: Performance counters for the WmiApRpl (WmiApRpl) service were removed successfully.
The Record Data contains the new values of the system Last Counter and
Last Help registry entries.

Record Number: 1291
Source Name: LoadPerf
Time Written: 20081221044838.000000-300
Event Type: information
User:

Computer Name: BF5C3MTD630L2
Event Code: 15
Message: Automatic certificate enrollment for XYZ\bf5c3mt failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Record Number: 1290
Source Name: AutoEnrollment
Time Written: 20081221044639.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\OTG;C:\oracle\ora81\bin;C:\Program Files\Oracle\jre\1.1.7\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;C:\oracle\ora92\bin;C:\Oracle\bin;C:\Oracle\olap\xsa632;C:\Program Files\Common Files\Roxio Shared\DLLShared;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"OLAP_HOME"=C:\Oracle\olap

-----------------EOF-----------------

Thank you in advance for your help!
ICEHatchet

BC AdBot (Login to Remove)

 


#2 Michael Taft

Michael Taft
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 24 December 2008 - 07:33 AM

The pop-up Window showed up again first thing this morning and I read what it was before killing the IEXPLORE.exe process in Task Manager. The offending "program" is Antispyware 360, which I saw in your malware removal guides. So I followed the instructions to that guide and it found 27 infected files and all of them were marked Vundo.H. Should that be sufficient?

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:31 PM

Posted 01 January 2009 - 02:38 PM

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • After it has finished, two logs will open. Please post the contents of both. log.txt will be maximized and info.txt will be minimized.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem. Thank you for your patience.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 Michael Taft

Michael Taft
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:31 PM

Posted 01 January 2009 - 07:09 PM

I used the guide here on Bleeping Computer for the Antispyware 360 Trojan and have not had another problem. I think this can be considered closed. By all means, close this and help someone else. Thank you for volunteering your time! It is much appreciated. Obviously, making the guides so people can find answers to common issues is fantastic. Thank you for all that you do!

ICEHatchet

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:05:31 PM

Posted 02 January 2009 - 06:46 AM

Thank you for letting me know. I am glad that the guides helped you solve your computer problem. Let us know if you need help again.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users