Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection: found Trojan.ServicesSS, and others


  • This topic is locked This topic is locked
24 replies to this topic

#1 isin

isin

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 21 May 2009 - 03:07 PM

Hi,
I had an infection in January and managed to remove it by running SpyBot S&D, SuperAntiSpyware, Malwarebytes Antimalware, Spyware Blaster, Kaspersky online scan, Bitdefender online scan, CCleaner and finally ComboFix. I did that in the usual recommended way first in safe mode, disabling system restore, and then in normal mode. It seemed to work fine.

Now, since a couple of weeks ago, my computer seems to be infected again, although it's probably an unrelated infection. I have tried the same method (I have not tried ComboFix this time) that seemed to remove my infection in January. The various scans with the programs mentioned above found at some point the following stuff:

Trojan.ServicesSS
Adware.Tracking.Cookie
Trojan.SVCHost/Fake
Trojan.Dropper/SVCHost-Fake (sxml.exe)
Trojan.Agent
Heuristics.Malware
Trojan.Ransom.Win32.BlueScreen.al
Tradedoubler tracking cookie
Webtrends Live tracking cookie

The antivirus/antispyware... programs found these things and had no problem removing them. The only one I was finding back after re-start was the Adware.Tracking.Cookie.
So after removing things found in safe mode, I was not finding anything in normal mode with any of the programs, nor with the online scanners Kaspersky and Bitdefender. So it looked like my laptop was clean.
However, after a couple of days trying to use the web, I think my laptop is infected again. I work at Imperial College, in London, and I believe that their internet connection has some safety features and is protected, so that if I am in normal mode, my connection does not work, starts up OK, tries to send some packets of data, and then the connection dies, I presume because college security does not allow my computer in...

I am not sure of what to do then. I can keep on running scans and disinfection tools, but I have done that twice already, and after finding nothing, I keep being infected. The internet connection works fine in safe mode, by the way.

Some suspicious processes running in normal mode were: lsass.exe, services.exe, csrss.exe, smss.exe, which are running from start up.

I would really appreciate it if you could help. I would really rather not having to reformat my hard drive.
I paste at the end the DDS log as you recommend (I run DDS on safe mode). I don't know where kaspersky's logs are saved, please let me know, since I have scanned the drives a couple of times with this, so that I could post it too.
I also attach the Attach.txt file from dds as you suggest.

Thank you so much.

Isabel.


DDS (Ver_09-05-14.01) - NTFSx86 NETWORK
Run by isabel at 19:00:27.82 on 21/05/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.722 [GMT 1:00]


============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ctfmon.exe
C:\Documents and Settings\isabel.PH-ISABELLAP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uWindow Title = Microsoft Internet Explorer provided by Imperial College
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IMJPMIG8.1] "c:\winnt\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\winnt\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [IntelZeroConfig] c:\program files\intel\wireless\bin\ZCfgSvc.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [igfxtray] c:\winnt\system32\igfxtray.exe
mRun: [EPA_EZ_GPO_Tool] c:\winnt\system32\EZ_GPO_Tool.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [MSConfig] c:\winnt\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [<NO NAME>]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoWelcomeScreen = 1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1238964834218
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205859273734
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18}
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://quickscan.bitdefender.com/cab/ActiveQscan.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5618/mcfscan.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: opnnlLcA - opnnlLcA.dll
AppInit_DLLs: fmdqqb.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 c:\winnt\system32\nnnkIcCU

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\isabel~1.ph-\applic~1\mozilla\firefox\profiles\3wgv5kpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13123.dll
FF - plugin: c:\program files\real\realplayer enterprise\netscape6\nppl3260.dll

============= SERVICES / DRIVERS ===============

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
S2 EPA_GPO_PMService;Energy Starâ„¢ EZ GPO Power Management Configuration Tool;c:\winnt\system32\PMService.exe [2005-1-21 81920]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]

=============== Created Last 30 ================

2009-05-19 19:50 <DIR> --d----- c:\docume~1\isabel~1.ph-\applic~1\QuickScan
2009-05-18 17:49 <DIR> --d----- c:\winnt\McAfee.com
2009-05-18 17:23 <DIR> --d----- c:\winnt\LastGood.Tmp
2009-05-10 17:55 272,128 -------- c:\winnt\system32\drivers\bthport.sys
2009-05-10 17:55 272,128 -------- c:\winnt\system32\dllcache\bthport.sys
2009-05-09 17:15 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-05-08 01:16 <DIR> --d----- c:\program files\SpywareBlaster

==================== Find3M ====================

2009-04-06 15:32 38,496 a------- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\winnt\system32\drivers\mbam.sys
2009-03-21 15:18 986,112 a------- c:\winnt\system32\dllcache\kernel32.dll
2009-03-06 15:44 283,648 a------- c:\winnt\system32\pdh.dll
2009-03-06 15:44 283,648 a------- c:\winnt\system32\dllcache\pdh.dll
2009-03-03 00:27 1,499,136 a------- c:\winnt\system32\dllcache\shdocvw.dll
2009-02-21 03:14 3,067,904 a------- c:\winnt\system32\dllcache\mshtml.dll
2008-03-14 21:33 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 19:01:00.65 ===============

Attached Files


Edited by jgweed, 06 June 2009 - 10:34 AM.
truncated topic to preserve board format.jgw


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:42 PM

Posted 04 June 2009 - 06:00 AM

Hello and welcome to the BleepingComputer.com! :thumbup2:

I will be helping you today. :) Please give me some time to look through your logfiles. If you still need help, please let me know by replying to this thread. :)


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.


Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 isin

isin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 04 June 2009 - 07:27 AM

Hi there!
Thank you very much for your reply.

I think i am still having problems with the computer. It's all strange now.
Since time was passing and I got no reply, I ran ComboFix in my laptop (sorry, I know you hate this, but I had done it twice before and it had worked fine.). I ran it twice, actually. The first time it deleted two files and asked me to re-start, and the second time nothing. I have the log file of the last time if you want it.
Since then I haven't done much with the laptop. The internet connection in college works fine, but for some reason I cannot connect to the wireless at home or detect any wireless networks, it says I have no network adapter in the system, but this might be an unrelated problem. I am not sure of how to turn the wireless on again, though...

The other thing is that many times when I restart I find a process called hpbdfawep.exe that is taking up most (99%) of the CPU and slowing everything down enormously. I can terminate it and nothing seems to happen. But I don't know what it is, and I suspect my computer is still infected.

I would really appreciate your help then.

thanks a lot.

isabel.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:42 PM

Posted 05 June 2009 - 09:57 AM

Hi Isabel,


your log indicates, that you are not using an antivirus program.

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Two good antivirus programs free for non-commercial home use are Avast! and Antivir
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as wellas impairing the performance of your PC.
Please install an anti virus program as quickly as possible.

Some suspicious processes running in normal mode were: lsass.exe, services.exe, csrss.exe, smss.exe, which are running from start up

Those are all names of legit windows files if they are locate in the following folder: C:\windows\ſystem23. Please do not touch them. :thumbup2:
If the files are present in any other folder than system32, the chances are high, that it is actually malware. But I do not see any indication for this right now.


The detected infections indicate that you have run superantispyware and malwarebytes successfully. Could you please provide the logs from these two programs?
For Malwarebytes simply start the program, click on the logs-tab and double-click on the wanted date to see the log.
For Superantispyware start the program, click on preferences, select Statistics/Logs tab and double-click SUPERAntiSpyware Scan Log. Select the wanted date and click on view log.

Please also make a scan with RSIT:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
RSIT may try to connect to the internet to download Hijackthis. This is normal, no need to be worried. :)

please also post the logs you got from combofix. The last log shold be located at C:\combofix.txt and the previous one should be found at C:\qoobox\combofix2.txt.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 isin

isin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 05 June 2009 - 01:57 PM

Hi there,
Thanks a lot for your reply.

I am a bit desperate now. I have been trying to do everything you suggested.
I had not installed an antivirus yet because I was running scans and the online ones say you should uninstall the antivirus...
Anyway, I downloaded Avast (up to now I was using Symantec, provided by college, but it's the 2nd time I am infected...), and installed it. I registered online and put the key in. All fine but Avast won't start. It gives me an error: "The AAVM subsystem detected a RPC error". When I follow the help from Avast they say I should run Windows Update to make sure everything is updated. When I try this, Windows update does not start, gives error 8007043C, and this error number is not in their help.... So I didn't manage to do the update. Avast suggests checking in My Computer, Manage, Services and applications, Services, that the service Avast is set to Automatic Start up, and to start it. When I try to start it it tells me that I can't because I am in safe mode. But I am not in safe mode. I have been switching from normal mode to safe mode several times and I know I am not in safe mode. I restarted a couple of times but same thing again, my computer thinks I am in safe mode. I went to safe mode once, and after coming back to normal mode now my network connections folder is empty and tells me to make sure the network Connections service is running. Again, when I try to start it it tells me I cannot do it in safe mode... I have no idea what's going on.

I am sending the logs you asked for from a different PC, since I have no internet connection in the laptop anymore.


Here are the Malware bytes logs, from older to more recent:


Malwarebytes' Anti-Malware 1.32
Database version: 1648
Windows 5.1.2600 Service Pack 2

08/05/2009 00:10:15
mbam-log-2009-05-08 (00-10-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 309165
Time elapsed: 2 hour(s), 24 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------------------------
Malwarebytes' Anti-Malware 1.36
Database version: 2109
Windows 5.1.2600 Service Pack 2

11/05/2009 20:33:15
mbam-log-2009-05-11 (20-33-15).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 366665
Time elapsed: 58 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Reference Manager 11\WiseUpdt.EXE (Rogue.Installer) -> Quarantined and deleted successfully.

------------------------------------------------


Malwarebytes' Anti-Malware 1.36
Database version: 2147
Windows 5.1.2600 Service Pack 2

18/05/2009 13:00:43
mbam-log-2009-05-18 (13-00-43).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 369562
Time elapsed: 38 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\tmp328.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

-------------------------------------------

Malwarebytes' Anti-Malware 1.36
Database version: 2162
Windows 5.1.2600 Service Pack 2

21/05/2009 14:09:14
mbam-log-2009-05-21 (14-09-14).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 369029
Time elapsed: 38 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------








Here are the Superantispyware logs:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/07/2009 at 02:35 AM

Application Version : 4.26.1002

Core Rules Database Version : 3877
Trace Rules Database Version: 1825

Scan type : Complete Scan
Total Scan Time : 01:46:59

Memory items scanned : 252
Memory threats detected : 0
Registry items scanned : 6237
Registry threats detected : 0
File items scanned : 24918
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@revsci[1].txt
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@msnportal.112.2o7[1].txt

------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/08/2009 at 11:58 AM

Application Version : 4.26.1002

Core Rules Database Version : 3882
Trace Rules Database Version: 1830

Scan type : Complete Scan
Total Scan Time : 01:51:52

Memory items scanned : 235
Memory threats detected : 0
Registry items scanned : 6240
Registry threats detected : 0
File items scanned : 24903
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@revsci[2].txt
---------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/09/2009 at 07:26 PM

Application Version : 4.26.1002

Core Rules Database Version : 3882
Trace Rules Database Version: 1830

Scan type : Complete Scan
Total Scan Time : 00:54:12

Memory items scanned : 284
Memory threats detected : 0
Registry items scanned : 6171
Registry threats detected : 0
File items scanned : 24532
File threats detected : 0

------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/18/2009 at 12:13 PM

Application Version : 4.26.1002

Core Rules Database Version : 3898
Trace Rules Database Version: 1844

Scan type : Complete Scan
Total Scan Time : 00:52:37

Memory items scanned : 274
Memory threats detected : 0
Registry items scanned : 6124
Registry threats detected : 1
File items scanned : 26186
File threats detected : 9

Trojan.ServicesSS
[Windows Update] C:\PROGRAM FILES\COMMON FILES\SYSTEM\SERVICESS.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\SERVICESS.EXE
C:\WINNT\Prefetch\SERVICESS.EXE-352A0E2B.pf

Adware.Tracking Cookie
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@indextools[2].txt
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@kaspersky.122.2o7[1].txt
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@www.counters[2].txt

Trojan.SVCHost/Fake
C:\RECYCLER\S-1-5-21-1482276501-1663491937-6831267430-1013\SVCHOST.EXE
C:\WINNT\Prefetch\SVCHOST.EXE-0E08B18C.pf

Trojan.Dropper/SVCHost-Fake
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\SVCHOST.EXE
C:\WINNT\Prefetch\SVCHOST.EXE-35A5649B.pf

---------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/19/2009 at 03:13 PM

Application Version : 4.26.1002

Core Rules Database Version : 3900
Trace Rules Database Version: 1846

Scan type : Complete Scan
Total Scan Time : 00:51:36

Memory items scanned : 279
Memory threats detected : 0
Registry items scanned : 6118
Registry threats detected : 0
File items scanned : 25670
File threats detected : 0

----------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/20/2009 at 12:13 PM

Application Version : 4.26.1002

Core Rules Database Version : 3902
Trace Rules Database Version: 1848

Scan type : Complete Scan
Total Scan Time : 01:32:59

Memory items scanned : 339
Memory threats detected : 0
Registry items scanned : 6115
Registry threats detected : 0
File items scanned : 25736
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@indextools[2].txt
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@kaspersky.122.2o7[1].txt

----------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/21/2009 at 10:56 AM

Application Version : 4.26.1002

Core Rules Database Version : 3904
Trace Rules Database Version: 1849

Scan type : Complete Scan
Total Scan Time : 00:53:07

Memory items scanned : 272
Memory threats detected : 0
Registry items scanned : 6097
Registry threats detected : 0
File items scanned : 25813
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@indextools[2].txt
C:\Documents and Settings\isabel.PH-ISABELLAP\Cookies\isabel@kaspersky.122.2o7[1].txt

------------------------------------






Now the Combofix logs:



ComboFix 09-05-21.03 - isabel 22/05/2009 14:42.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.740 [GMT 1:00]
Running from: c:\documents and settings\isabel.PH-ISABELLAP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://ICSMS1:80
hxxp://icwus1.cc.ic.ac.uk
.
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-19 18:50 . 2009-05-19 18:50 -------- d-----w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\QuickScan
2009-05-19 12:05 . 2009-05-19 12:05 -------- d-----w c:\program files\RegCure
2009-05-18 16:49 . 2009-05-18 16:49 -------- d-----w c:\winnt\McAfee.com
2009-05-18 16:23 . 2009-05-18 16:24 -------- d-----w c:\winnt\LastGood.Tmp
2009-05-12 13:56 . 2009-05-12 13:56 -------- d-----w c:\documents and settings\isabel\Local Settings\Application Data\Mozilla
2009-05-10 16:55 . 2008-06-13 13:10 272128 ------w c:\winnt\system32\drivers\bthport.sys
2009-05-10 16:55 . 2008-06-13 13:10 272128 ------w c:\winnt\system32\dllcache\bthport.sys
2009-05-09 16:15 . 2009-05-09 16:30 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 00:33 . 2009-05-08 00:33 2967799 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-08 00:16 . 2009-05-11 19:38 -------- d-----w c:\program files\SpywareBlaster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-21 13:09 . 2009-01-09 14:16 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-21 09:02 . 2009-04-05 20:50 117760 ----a-w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-20 21:27 . 2008-03-17 22:22 -------- d-----w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\Skype
2009-05-20 21:24 . 2008-03-17 22:23 -------- d-----w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\skypePM
2009-05-20 21:17 . 2009-02-02 17:53 -------- d-----w c:\program files\Yahoo!
2009-05-19 12:20 . 2009-01-09 12:44 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-13 17:22 . 2006-12-28 23:58 -------- d-----w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\WinEdt
2009-05-11 19:33 . 2006-03-30 09:34 -------- d-----w c:\program files\Reference Manager 11
2009-05-09 11:43 . 2009-01-14 11:02 -------- d-----w c:\program files\COMODO
2009-05-09 11:35 . 2006-03-29 12:28 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-09 11:35 . 2009-01-14 14:48 -------- d-----w c:\program files\Symantec
2009-05-09 11:35 . 2006-03-29 12:28 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-09 11:32 . 2009-01-14 11:02 -------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-05-08 00:33 . 2009-01-09 14:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 23:49 . 2009-01-09 14:54 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-06 14:32 . 2009-01-09 14:15 38496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-01-09 14:15 15504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-03-06 14:44 . 1979-12-31 23:00 283648 ----a-w c:\winnt\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-03 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-29 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-29 98304]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 385024]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2004-08-03 143360]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"igfxtray"="c:\winnt\system32\igfxtray.exe" [2005-10-14 94208]
"EPA_EZ_GPO_Tool"="c:\winnt\system32\EZ_GPO_Tool.exe" [2005-01-21 69632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-23 618496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"MSConfig"="c:\winnt\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-03 158208]

c:\documents and settings\isabel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-4-2 233472]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-22 21:46 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=icautologoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-143685\Scripts\Logoff\0\0]
"Script"=userlog_logoff_3.04.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-143685\Scripts\Logon\0\0]
"Script"=%logonserver%\netlogon\user4-GPO.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\math.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\java.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 12:06 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12:05 55024]
S2 EPA_GPO_PMService;Energy Star™ EZ GPO Power Management Configuration Tool;c:\winnt\system32\PMService.exe [21/01/2005 15:07 81920]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12:06 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCG-11CF-AAX5-81CX5C625612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612}]
c:\recycler\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\winnt\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\winnt\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-05-19 c:\winnt\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - stsystra.exe
Notify-NavLogon - (no file)
Notify-opnnlLcA - opnnlLcA.dll
Notify-userlog - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\isabel.PH-ISABELLAP\Application Data\Mozilla\Firefox\Profiles\3wgv5kpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13123.dll
FF - plugin: c:\program files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 14:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-746137067-682003330-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A760CD5F-FFD3-DA19-7EA7-3B22AF401224}*]
"dakanjlf"=hex:64,62,6c,6f,67,6a,63,70,64,67,69,6c,64,68,6a,66,6e,62,6e,6b,69,
68,64,61,6a,6e,68,61,70,6c,69,6b,63,6d,66,62,67,66,6d,70,00,00
"iapoegmgedcekdmbgi"=hex:6b,61,64,65,68,68,6a,6e,6a,67,6c,65,6e,6b,6e,6d,6d,6b,
62,67,6b,6a,00,00
"hafogpmfmdlnccmd"=hex:6b,61,64,65,68,68,6a,6e,6a,67,6c,65,6e,6b,6e,6d,6d,6b,
62,67,6b,6a,00,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(988)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-22 14:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 13:52

Pre-Run: 6,146,715,648 bytes free
Post-Run: 7,025,352,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /safeboot:network

198 --- E O F --- 2009-05-18 09:02


---------------------------------------


ComboFix 09-05-21.03 - isabel 22/05/2009 15:04.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1015.706 [GMT 1:00]
Running from: c:\documents and settings\isabel.PH-ISABELLAP\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.

2009-05-19 18:50 . 2009-05-19 18:50 -------- d-----w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\QuickScan
2009-05-19 12:05 . 2009-05-19 12:05 -------- d-----w c:\program files\RegCure
2009-05-18 16:49 . 2009-05-18 16:49 -------- d-----w c:\winnt\McAfee.com
2009-05-18 16:23 . 2009-05-18 16:24 -------- d-----w c:\winnt\LastGood.Tmp
2009-05-12 13:56 . 2009-05-12 13:56 -------- d-----w c:\documents and settings\isabel\Local Settings\Application Data\Mozilla
2009-05-10 16:55 . 2008-06-13 13:10 272128 ------w c:\winnt\system32\drivers\bthport.sys
2009-05-10 16:55 . 2008-06-13 13:10 272128 ------w c:\winnt\system32\dllcache\bthport.sys
2009-05-09 16:15 . 2009-05-09 16:30 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-08 00:33 . 2009-05-08 00:33 2967799 ----a-w c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-08 00:16 . 2009-05-11 19:38 -------- d-----w c:\program files\SpywareBlaster

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 13:59 . 2008-03-17 22:22 -------- d-----w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\Skype
2009-05-22 13:59 . 2008-03-17 22:23 -------- d-----w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\skypePM
2009-05-22 13:58 . 2009-04-05 20:50 117760 ----a-w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-21 13:09 . 2009-01-09 14:16 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-20 21:17 . 2009-02-02 17:53 -------- d-----w c:\program files\Yahoo!
2009-05-19 12:20 . 2009-01-09 12:44 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-13 17:22 . 2006-12-28 23:58 -------- d-----w c:\documents and settings\isabel.PH-ISABELLAP\Application Data\WinEdt
2009-05-11 19:33 . 2006-03-30 09:34 -------- d-----w c:\program files\Reference Manager 11
2009-05-09 11:43 . 2009-01-14 11:02 -------- d-----w c:\program files\COMODO
2009-05-09 11:35 . 2006-03-29 12:28 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-09 11:35 . 2009-01-14 14:48 -------- d-----w c:\program files\Symantec
2009-05-09 11:35 . 2006-03-29 12:28 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-05-09 11:32 . 2009-01-14 11:02 -------- d-----w c:\documents and settings\All Users\Application Data\comodo
2009-05-08 00:33 . 2009-01-09 14:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 23:49 . 2009-01-09 14:54 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-06 14:32 . 2009-01-09 14:15 38496 ----a-w c:\winnt\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2009-01-09 14:15 15504 ----a-w c:\winnt\system32\drivers\mbam.sys
2009-03-06 14:44 . 1979-12-31 23:00 283648 ----a-w c:\winnt\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\winnt\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-03 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\winnt\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\winnt\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-29 151552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-03-29 98304]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-07-22 401408]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-07-22 385024]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"Synchronization Manager"="c:\winnt\system32\mobsync.exe" [2004-08-03 143360]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"igfxtray"="c:\winnt\system32\igfxtray.exe" [2005-10-14 94208]
"EPA_EZ_GPO_Tool"="c:\winnt\system32\EZ_GPO_Tool.exe" [2005-01-21 69632]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-12-23 618496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\isabel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-4-2 233472]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2005-07-22 21:46 110592 ----a-w c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0]
"Script"=icautologoff.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-143685\Scripts\Logoff\0\0]
"Script"=userlog_logoff_3.04.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-243037206-41955558-561332275-143685\Scripts\Logon\0\0]
"Script"=%logonserver%\netlogon\user4-GPO.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\Mathematica.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\MathKernel.exe"=
"c:\\Program Files\\Wolfram Research\\Mathematica\\5.1\\math.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\java.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [22/12/2008 12:06 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [22/12/2008 12:05 55024]
S2 EPA_GPO_PMService;Energy Star™ EZ GPO Power Management Configuration Tool;c:\winnt\system32\PMService.exe [21/01/2005 15:07 81920]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [22/12/2008 12:06 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCG-11CF-AAX5-81CX5C625612}]
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{98ZVD5C0-4FCB-11CF-AAX5-81CX1C635612}]
c:\recycler\S-1-5-21-1482276501-1663491937-6831267430-1013\svchost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\winnt\INF\wmactedp.inf,PerUserStub,,4
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\winnt\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-05-19 c:\winnt\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\isabel.PH-ISABELLAP\Application Data\Mozilla\Firefox\Profiles\3wgv5kpo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPJPI150_05.dll
FF - plugin: c:\program files\Java\jre1.5.0_05\bin\NPOJI610.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13123.dll
FF - plugin: c:\program files\Real\RealPlayer Enterprise\Netscape6\nppl3260.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-22 15:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-746137067-682003330-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A760CD5F-FFD3-DA19-7EA7-3B22AF401224}*]
"dakanjlf"=hex:64,62,6c,6f,67,6a,63,70,64,67,69,6c,64,68,6a,66,6e,62,6e,6b,69,
68,64,61,6a,6e,68,61,70,6c,69,6b,63,6d,66,62,67,66,6d,70,00,00
"iapoegmgedcekdmbgi"=hex:6b,61,64,65,68,68,6a,6e,6a,67,6c,65,6e,6b,6e,6d,6d,6b,
62,67,6b,6a,00,00
"hafogpmfmdlnccmd"=hex:6b,61,64,65,68,68,6a,6e,6a,67,6c,65,6e,6b,6e,6d,6d,6b,
62,67,6b,6a,00,61

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2009-05-22 15:07
ComboFix-quarantined-files.txt 2009-05-22 14:07
ComboFix2.txt 2009-05-22 13:52

Pre-Run: 5,954,846,720 bytes free
Post-Run: 5,940,916,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINNT
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

185 --- E O F --- 2009-05-18 09:02
----------------------------------------------------------------------------------------------









And finally the RSIT logs (I had no internet connection when I ran it, and it did not ask for it to get HiJackThis...):



log.txt:


Logfile of random's system information tool 1.06 (written by random/random)
Run by isabel at 2009-06-05 19:28:22
Microsoft Windows XP Professional Service Pack 2
System drive C: has 6 GB (27%) free of 20 GB
Total RAM: 1015 MB (62% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINNT\tasks\RegCure Program Check.job
C:\WINNT\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"PHIME2002ASync"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-29 151552]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-03-29 98304]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-07-22 401408]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-07-22 385024]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"Synchronization Manager"=C:\WINNT\system32\mobsync.exe [2004-08-04 143360]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"igfxtray"=C:\WINNT\system32\igfxtray.exe [2005-10-14 94208]
"EPA_EZ_GPO_Tool"=C:\WINNT\system32\EZ_GPO_Tool.exe [2005-01-21 69632]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"hpbdfawep"=C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-12-23 618496]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"avast!"=D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-04 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-05 1830128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2005-07-22 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2006-06-02 402736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINNT\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Wolfram Research\Mathematica\5.1\Mathematica.exe"="C:\Program Files\Wolfram Research\Mathematica\5.1\Mathematica.exe:*:Enabled:Mathematica 5.1 for Students"
"C:\Program Files\Wolfram Research\Mathematica\5.1\MathKernel.exe"="C:\Program Files\Wolfram Research\Mathematica\5.1\MathKernel.exe:*:Enabled:Mathematica 5.1 for Students Kernel"
"C:\Program Files\Wolfram Research\Mathematica\5.1\math.exe"="C:\Program Files\Wolfram Research\Mathematica\5.1\math.exe:*:Enabled:math.exe"
"C:\Program Files\Maple 10\jre\bin\java.exe"="C:\Program Files\Maple 10\jre\bin\java.exe:*:Disabled:java"
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\hppapd.exe"="E:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"E:\setup\HPNTWKEXE.EXE"="E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

======List of files/folders created in the last 1 months======

2009-06-05 19:28:23 ----D---- C:\Program Files\trend micro
2009-06-05 19:28:22 ----D---- C:\rsit
2009-06-05 18:41:33 ----A---- C:\WINNT\ntbtlog.txt
2009-06-05 17:13:24 ----A---- C:\WINNT\system32\aswBoot.exe
2009-05-22 15:12:12 ----D---- C:\WINNT\LastGood
2009-05-22 15:07:38 ----D---- C:\WINNT\temp
2009-05-22 15:07:37 ----A---- C:\ComboFix.txt
2009-05-22 15:00:42 ----RASHD---- C:\cmdcons
2009-05-22 14:39:03 ----A---- C:\Boot.bak
2009-05-22 14:37:31 ----A---- C:\WINNT\zip.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\SWXCACLS.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\SWSC.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\SWREG.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\sed.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\PEV.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\NIRCMD.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\grep.exe
2009-05-22 14:34:25 ----D---- C:\WINNT\ERDNT
2009-05-22 14:34:23 ----D---- C:\Qoobox
2009-05-19 19:50:09 ----D---- C:\Documents and Settings\isabel.PH-ISABELLAP\Application Data\QuickScan
2009-05-19 13:05:02 ----D---- C:\Program Files\RegCure
2009-05-18 17:49:54 ----D---- C:\WINNT\McAfee.com
2009-05-18 17:23:55 ----D---- C:\WINNT\LastGood.Tmp
2009-05-10 18:14:36 ----HDC---- C:\WINNT\$NtUninstallKB951376-v2$
2009-05-10 18:14:21 ----HDC---- C:\WINNT\$NtUninstallKB952954$
2009-05-10 18:14:10 ----HDC---- C:\WINNT\$NtUninstallKB959426$
2009-05-10 18:14:00 ----HDC---- C:\WINNT\$NtUninstallKB946648$
2009-05-10 18:13:51 ----HDC---- C:\WINNT\$NtUninstallKB961373$
2009-05-10 18:13:39 ----HDC---- C:\WINNT\$NtUninstallKB956803$
2009-05-10 18:12:43 ----HDC---- C:\WINNT\$NtUninstallKB950974$
2009-05-10 18:11:55 ----HDC---- C:\WINNT\$NtUninstallKB960225$
2009-05-10 18:11:03 ----HDC---- C:\WINNT\$NtUninstallKB956572$
2009-05-10 18:09:49 ----HDC---- C:\WINNT\$NtUninstallKB938464-v2$
2009-05-10 18:09:39 ----HDC---- C:\WINNT\$NtUninstallKB952069_WM9$
2009-05-10 18:09:24 ----HDC---- C:\WINNT\$NtUninstallKB952004$
2009-05-10 18:08:59 ----HDC---- C:\WINNT\$NtUninstallKB950762$
2009-05-10 18:08:49 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2009-05-10 18:08:38 ----HDC---- C:\WINNT\$NtUninstallKB958687$
2009-05-10 18:07:31 ----HDC---- C:\WINNT\$NtUninstallKB950760$
2009-05-10 18:07:21 ----HDC---- C:\WINNT\$NtUninstallKB951066$
2009-05-10 18:07:10 ----HDC---- C:\WINNT\$NtUninstallKB958690$
2009-05-10 18:05:32 ----HDC---- C:\WINNT\$NtUninstallKB951748$
2009-05-10 18:04:32 ----HDC---- C:\WINNT\$NtUninstallKB960803$
2009-05-10 18:04:17 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2009-05-10 18:04:02 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2009-05-10 18:03:47 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2009-05-10 18:03:36 ----HDC---- C:\WINNT\$NtUninstallKB956802$
2009-05-10 17:59:43 ----HDC---- C:\WINNT\$NtUninstallKB963027$
2009-05-10 17:58:39 ----HDC---- C:\WINNT\$NtUninstallKB923561$
2009-05-09 17:15:27 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-05-08 01:16:46 ----D---- C:\Program Files\SpywareBlaster

======List of files/folders modified in the last 1 months======

2009-06-05 19:28:23 ----RD---- C:\Program Files
2009-06-05 19:04:56 ----D---- C:\Documents and Settings\isabel.PH-ISABELLAP\Application Data\Skype
2009-06-05 19:03:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-05 18:47:27 ----RASH---- C:\boot.ini
2009-06-05 18:47:27 ----A---- C:\WINNT\win.ini
2009-06-05 18:47:27 ----A---- C:\WINNT\system.ini
2009-06-05 18:41:33 ----D---- C:\WINNT
2009-06-05 18:28:52 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-05 17:52:28 ----D---- C:\WINNT\security
2009-06-05 17:44:18 ----SD---- C:\WINNT\Downloaded Program Files
2009-06-05 17:44:17 ----D---- C:\WINNT\system32
2009-06-05 17:44:16 ----D---- C:\WINNT\system32\CatRoot2
2009-06-05 17:33:38 ----D---- C:\WINNT\SoftwareDistribution
2009-06-05 17:16:32 ----D---- C:\Documents and Settings\isabel.PH-ISABELLAP\Application Data\skypePM
2009-06-05 17:13:46 ----D---- C:\WINNT\system32\drivers
2009-06-04 17:23:07 ----D---- C:\WINNT\BDOSCAN8
2009-06-02 20:42:09 ----D---- C:\WINNT\system32\config
2009-05-22 15:05:40 ----D---- C:\TEMP
2009-05-22 15:05:10 ----D---- C:\WINNT\AppPatch
2009-05-22 15:05:07 ----D---- C:\Program Files\Common Files
2009-05-22 14:51:14 ----SD---- C:\WINNT\Tasks
2009-05-22 14:45:56 ----SHD---- C:\System Volume Information
2009-05-22 14:45:56 ----D---- C:\WINNT\system32\Restore
2009-05-21 19:10:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-20 22:17:56 ----D---- C:\Program Files\Yahoo!
2009-05-19 19:46:23 ----HD---- C:\WINNT\inf
2009-05-19 19:37:55 ----D---- C:\cygwin
2009-05-19 13:20:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 13:00:43 ----SHD---- C:\RECYCLER
2009-05-18 10:06:48 ----A---- C:\WINNT\SMSCFG.ini
2009-05-18 10:03:22 ----D---- C:\Program Files\Mozilla Firefox
2009-05-18 10:02:12 ----SHD---- C:\WINNT\Installer
2009-05-18 10:02:11 ----HD---- C:\Config.Msi
2009-05-13 18:22:30 ----D---- C:\Documents and Settings\isabel.PH-ISABELLAP\Application Data\WinEdt
2009-05-13 15:15:02 ----D---- C:\Documents and Settings
2009-05-12 17:14:33 ----D---- C:\WINNT\Help
2009-05-12 15:30:17 ----D---- C:\WINNT\Prefetch
2009-05-12 15:00:52 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2009-05-12 14:51:22 ----HD---- C:\WINNT\system32\WLANProfiles
2009-05-11 22:08:23 ----RSHD---- C:\Program Files\Common Files\System
2009-05-11 20:33:15 ----D---- C:\Program Files\Reference Manager 11
2009-05-11 17:21:58 ----RSHD---- C:\WINNT\system32\dllcache
2009-05-11 17:21:58 ----D---- C:\WINNT\system32\wbem
2009-05-10 18:14:34 ----HD---- C:\WINNT\$hf_mig$
2009-05-10 18:14:02 ----D---- C:\Program Files\Messenger
2009-05-10 18:09:50 ----D---- C:\WINNT\WinSxS
2009-05-10 18:00:08 ----D---- C:\Program Files\Internet Explorer
2009-05-09 12:43:49 ----D---- C:\Program Files\COMODO
2009-05-09 12:35:23 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-09 12:35:20 ----D---- C:\Program Files\Symantec
2009-05-09 12:35:15 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-05-09 12:32:58 ----D---- C:\Documents and Settings\All Users\Application Data\comodo
2009-05-09 12:24:36 ----D---- C:\WINNT\system32\appmgmt
2009-05-09 11:38:31 ----D---- C:\WINNT\Debug
2009-05-08 01:33:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINNT\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINNT\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINNT\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2008-11-06 9336]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2008-11-06 9464]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINNT\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2006-04-20 143834]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UdfReadr_xp;UdfReadr_xp; C:\WINNT\system32\drivers\UdfReadr_xp.sys [2002-12-17 206464]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINNT\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINNT\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2006-04-20 25898]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINNT\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINNT\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINNT\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINNT\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINNT\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINNT\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 rimmptsk;rimmptsk; C:\WINNT\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINNT\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINNT\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 sdbus;sdbus; C:\WINNT\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINNT\system32\drivers\sthda.sys [2005-09-09 1032472]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINNT\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINNT\system32\DRIVERS\w29n51.sys [2005-07-19 3289088]
R3 winachsf;winachsf; C:\WINNT\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
R4 sr;System Restore Filter Driver; C:\WINNT\system32\DRIVERS\sr.sys [2004-08-03 73472]
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINNT\system32\DRIVERS\AegisP.sys [2006-03-30 17801]
S2 aswFsBlk;aswFsBlk; C:\WINNT\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 aswMon2;avast! Standard Shield Support; C:\WINNT\system32\drivers\aswMon2.sys [2009-02-05 94032]
S2 mdmxsdk;mdmxsdk; C:\WINNT\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
S2 s24trans;WLAN Transport; C:\WINNT\system32\DRIVERS\s24trans.sys [2005-07-22 11354]
S3 aswRdr;aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 catchme;catchme; \??\C:\DOCUME~1\ISABEL~1.PH-\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINNT\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2006-04-20 30630]
S3 mouhid;Mouse HID Driver; C:\WINNT\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINNT\system32\CCM\prepdrv.sys []
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sffdisk;SFF Storage Class Driver; C:\WINNT\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINNT\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINNT\system32\drivers\sfng32.sys [2005-04-04 35712]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 aswUpdSv;avast! iAVS4 Control Service; D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
S2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 CcmExec;SMS Agent Host; C:\WINNT\system32\CCM\CcmExec.exe [2007-04-13 590712]
S2 EPA_GPO_PMService;Energy Star™ EZ GPO Power Management Configuration Tool; C:\WINNT\system32\PMService.exe [2005-01-21 81920]
S2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-07-22 86016]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-03-19 335872]
S2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-03-29 196608]
S2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-07-22 139264]
S2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-07-22 372809]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\system32\wdfmgr.exe [2005-01-28 38912]
S2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-07-22 225353]
S2 WSearch;Windows Search; C:\WINNT\system32\SearchIndexer.exe [2007-02-05 300032]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------






info.txt:



info.txt logfile of random's system information tool 1.06 2009-06-05 19:28:25

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
ActivePerl 5.8.3 Build 809-->MsiExec.exe /I{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AFPL Ghostscript 8.51-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.51\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ArcSoft Panorama Maker 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CABB679-3958-44AA-BFFF-4E68A2684255}\Setup.exe" -l0xa -uninst
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus-->D:\Program Files\Alwil Software\Avast4\aswRunDll.exe "D:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Color LaserJet 2600n-->C:\Program Files\Zenographics\{6AA1F018-7129-4A63-8E00-17599B7129AC}\setup.exe -u "HPCLJKCInstaller.dll=CLJ2600.INF"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EndNote-->C:\PROGRA~1\EndNote\UNWISE.EXE C:\PROGRA~1\EndNote\INSTALL.LOG
eWebEditPro+XML 5 Client-->MsiExec.exe /I{0D2465F3-C826-4ECC-A36D-12B7604284FD}
EZ GPO Power Management Config Tool-->MsiExec.exe /X{C5B83F18-6959-4760-9879-709E29E75DAF}
GSview 4.7-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
GTK+ 2.6.8-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINNT\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINNT\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINNT\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800)-->"C:\WINNT\$NtUninstallKB915800$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINNT\$NtUninstallKB915865$\spuninst\spuninst.exe"
HP Care Pack Core-->MsiExec.exe /I{3BC341BD-3736-45F0-B0E0-5664792AC528}
HP LaserJet P2015 Series 1.0-->C:\Program Files\HP\Digital Imaging\{BE4CEA63-8351-4A12-9E3A-556F8B76683A}\setup\hpzscr01.exe -datfile hppscr05.dat -forcereboot
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINNT\Installer\iProInst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
K-Lite Mega Codec Pack 1.52-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Authorware Web Player-->C:\WINNT\system32\Macromed\AUTHORWA\UNWISE.EXE C:\WINNT\system32\Macromed\AUTHORWA\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maple 10-->"C:\Program Files\Maple 10\Uninstall_Maple 10\Uninstall Maple 10.exe"
Mathematica 5.1 for Students-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{382035BC-42A5-4BD8-8CF0-26A3733360E2}
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Memory Key Boot Utility-->MsiExec.exe /X{D3943D0B-C281-4BF7-9FFB-2A4497986BF9}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->c:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINNT\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visio Viewer 2002-->MsiExec.exe /I{94F9723E-900A-43C5-8F4E-AD2D2ED09273}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual Studio .NET Professional 2003 - English-->"C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Professional 2003 - English\setup.exe" /MaintMode
MiKTeX 2.7-->"C:\Program Files\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.7\miktex\config\uninstall.dat"
MiKTeX-->"C:\Miktex\texmf\miktex\bin\copystart.exe" "C:\Miktex\texmf\miktex\config\uninstall.dat"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607}
Nikon View 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
O2Micro Smartcard Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C5BED10B-42A9-4142-B4C2-008C0FDE27D5} /l1033
Oracle JInitiator 1.1.8.16-->C:\PROGRA~1\Oracle\JINITI~1.16\bin\uninstall.exe C:\WINNT\uninst.exe -f"C:\PROGRA~1\Oracle\JINITI~1.16\DeIsL1.isu" -cC:\PROGRA~1\Oracle\JINITI~1.16\_ISREG32.DLL
Oracle JInitiator 1.3.1.23-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0123-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
QuickTime-->C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log
RealPlayer Enterprise-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealOneEnt|6.0
Reference Manager 11-->MsiExec.exe /I{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}
RegCure 1.5.2.7-->C:\Program Files\RegCure\uninst.exe
RssReader-->MsiExec.exe /I{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINNT\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINNT\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINNT\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINNT\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINNT\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINNT\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINNT\system32\MacroMed\Flash\genuinst.exe C:\WINNT\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB913446)-->"C:\WINNT\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINNT\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINNT\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINNT\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINNT\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINNT\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINNT\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINNT\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINNT\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINNT\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINNT\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINNT\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINNT\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINNT\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINNT\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINNT\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINNT\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINNT\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINNT\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINNT\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINNT\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINNT\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINNT\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINNT\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINNT\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINNT\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINNT\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINNT\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINNT\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINNT\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINNT\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINNT\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINNT\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINNT\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINNT\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINNT\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINNT\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINNT\$NtUninstallKB963027$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Texas Instruments PCIxx20 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F16F258A-6300-4A1C-BC49-7929EFF455E2} /l1033
TeXnicCenter Version 1 Beta 6.20 (Fawkes)-->"C:\Program Files\TeXnicCenter\unins000.exe"
The GIMP 2.2.8-->"C:\Program Files\GIMP-2.0\unins000.exe"
TreeSize-->rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINNT\INF\TInstall.inf
Update for Windows XP (KB894391)-->"C:\WINNT\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINNT\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINNT\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908521)-->"C:\WINNT\$NtUninstallKB908521$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINNT\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINNT\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINNT\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINNT\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINNT\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINNT\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINNT\$NtUninstallKB946627$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Windows Desktop Search 3.01-->"C:\WINNT\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINNT\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINNT\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINNT\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINNT\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Enterprise Deployment-->MsiExec.exe /I{C2CDE75C-CA51-4335-9C13-84C00E6093A5}
Windows XP Hotfix - KB873339-->C:\WINNT\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINNT\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINNT\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINNT\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINNT\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINNT\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINNT\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINNT\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINNT\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINNT\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe
WinEdt-->"C:\Program Files\WinEdt Team\WinEdt\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.6-->"C:\Program Files\WinSCP\unins000.exe"
WinView/32 v2.5.16.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BA89D56-CF3C-4577-9BD7-F4967A0BF180}\Setup.exe" -l0x9 UNINSTALL
WinView_Documentation v2.5.16-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9414427-3B5D-4987-9356-6B3C6B751074}\Setup.exe" -l0x9 UNINSTALL
WinZip-->"c:\program files\winzip\WINZIP32.EXE" /uninstall

======System event log======

Computer Name: PH-ISABELLAP
Event Code: 14103
Message: QoS [Adapter {4097440B-452D-4461-92B4-1B9002B48604}]:
The netcard driver failed the query for OID_GEN_LINK_SPEED.

Record Number: 378
Source Name: PSched
Time Written: 20060329190433.000000+060
Event Type: error
User:

Computer Name: PH-ISABELLAP
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.

Record Number: 114
Source Name: Print
Time Written: 20060329132734.000000+060
Event Type: warning
User: PH-ISABELLAP\Administrator

Computer Name: PH-ISABELLAP
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.

Record Number: 113
Source Name: Print
Time Written: 20060329132731.000000+060
Event Type: warning
User: PH-ISABELLAP\Administrator

Computer Name: PH-ISABELLAP
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 35
Source Name: Print
Time Written: 20060329130751.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/ns0.ic.ac.uk. No authentication protocol was available.

Record Number: 12
Source Name: LSASRV
Time Written: 20060329130357.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: PH-ISABELLAP
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 18
Source Name: WinMgmt
Time Written: 20060329125813.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 17
Source Name: WinMgmt
Time Written: 20060329125813.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20060329125640.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20060329125640.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20060329125639.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\MiKTeX 2.7\miktex\bin;C:\perl\Perl\bin;c:\ic-utils;c:\program files\unxutils\usr\local\wbin;c:\Program Files\unxutils\bin;C:\Program Files\Common Files\GTK\2.0\bin;C:\Miktex\texmf\miktex\bin;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;c:\cygwin\bin;c:\cygwin\lib\gcc-lib\i686-pc-cygwin\3.3.3;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=c:\temp
"TMP"=c:\temp
"INCLUDE"=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\;C:\watcom-1.3\h;C:\watcom-1.3\h\nt;C:\watcom-1.3\maple\include
"KMP_DUPLICATE_LIB_OK"=TRUE
"WATCOM"=C:\watcom-1.3
"LIB"=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
"VS71COMNTOOLS"=C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
"JAVA_PLUGIN_WEBCONTROL_ENABLE"=TRUE
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------



I hope this helps...
As I write this, I went to safe mode again and I am running Superantispyware again: so far it's already found 6 of Adware.Tracking Cookies... I can post the new log when it finishes if you want me to...

Thank you so much for your help!
It's very kind of you.

Take care and have a good weekend.

Isabel.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:42 PM

Posted 07 June 2009 - 05:07 PM

Hi Isabel, :)

your PC really seems to be confused. :thumbup2: It does believe to be in safe mode, which is why Avast! will not run and why you can't update.
We will try to help you figure out, what is actually wrong and how to get back into normal mode. :)

First I have some more questions:
Could you please tell me how you boot into safe mode? Are you using msconfig or do you hit F2 (or another key) after booting?
Secondly do you remember if you ran Combofix in safe mode the first and in normal mode the second time? Or did you run Combofix in the same mode twice? (Or do you not remember?)

Also please
  • Download & extract this file to it's own folder: Registry Search
  • Launch Registry Search
  • In the search box, enter (on separate lines)
    OptionValue
    SAFEBOOT_OPTION
  • Under "Search", make sure only the "Value" box is checked in the first row of checkboxes.
    All other checkboxes should be checked as well.
  • click "Ok"
  • Notepad will open with some text in it (the file will also be saved in the program's folder as well).
Post this text in your next reply.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 isin

isin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 08 June 2009 - 06:25 AM

Hi,
Thank you very much for your reply.

When going to safe mode I nearly always do run -> msconfig -> BOOT.INI -> safeboot. And the same to go back to normal mode.
But actually when this thing happened I went to normal mode through restarting the computer, pressing the F key and then F8, then safe mode or start windows normally, then Microsoft windowns Xp professional (not windows recovery console).


About ComboFix, I am nearly sure that I ran it in the same mode both times. I think it was in normal mode, now that I think of it, but I am not 100% sure. I remember ComboFix re-started the computer by itself, I think it was normal mode... I think at this point, also, I might have re-eneabled system restore and forgotten to disable it before running ComboFix... Sorry I can't be more specific...


Here is the Registry Search log file:
-----------------------------------------
Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 08/06/2009 11:26:10 for strings:
; 'optionvalue'
; 'safeboot_option'
; Strings excluded from search:
; (None)
; Search in:
; Registry Values
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Option]
"OptionValue"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"SAFEBOOT_OPTION"="NETWORK"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
"OptionValue"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"SAFEBOOT_OPTION"="NETWORK"

; End Of The Log...

-----------------------------------------

I have to say that the window that opens with msconfig seems to be different. On the BOOT.INI tab, I think of these two options for the operating system:

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console"/cmdcons

milti(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Professional"/noexecute=optin/fastdetect

the second one use to be highlighted by default. But now it is the first one, and then I change it to the second one by hand. This might be just an impression, but I have a feeling something has changed there.

On restarting my computer to check what key I was pressing to go to safe/normal mode, to write it in this email, I re-started it once without pressing any key (I was doing other stuff and missed the time to press it), and then another time pressing F8 and going to normal mode. Somehow, magically, I have internet connection again, and the Network connections folder is full again, as it used to be...

However, Windows Update is still not working, and the computer still thinks it's in Safe Mode...

The process hpbdfawep.exe still appears on start up and uses 99% of my CPU, making everything incredibly slow until I quit it.

OK then, I don't know what else to do. Please let me know what to do next.

Thank you very much.

take care,
Isabel.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:42 PM

Posted 08 June 2009 - 04:36 PM

Heya Isabel, :thumbup2:

So far we've only analyzed the situation on your PC, we haven't changed anything yet, which is why your PC isn't doing better than before.

This is about to change though. :)

But please also bear in mind that cleaning your PC can be a long process, it'll take several steps to erradicate all the signs your PC is showing.
Please do not try to rush and run any programs on your own nor install or uninstall any programs if you haven't been instructed to do so first as this might hamper with and delay the recovery process.

Please follow these instructions:
  • Please follow steps 1-3 behind this link to backup your registry with ERUNT (use current date while naming the location).
  • Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

    REGEDIT4
    
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
    
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
    "SAFEBOOT_OPTION"=-
  • It should look like this ->Posted Image
  • Doubleclick fix.reg, when a window pops up and ask if this information should be merged, press Yes and ok.
Reboot and post a fresh set of logs from RSIT.
Please tell me how your PC is doing after the reboot.

I have a couple of further remarks:
  • First of all please do not deactivate system restore. Restore points can be very useful if something goes wrong.
    Combofix itself tries to set a System Restore point the first time it is run, so do many other of the powerful tools.
  • The process that is eating up your CPU is a legitimate file from HP, it might be annoying but it is not dangerous. We will try and see what is causing this problem after getting your PC back into normal mode. :)
  • Please try to use the F8-method when booting into safe mode.
    If your safe mode got corrupted and you modify the boot.ini with msconfig to boot into it, you will be stuck in an endless reboot-loop where windows tries to force the boot into safe mode.
    If you used F8, Windows will try to boot into safe mode once, fail, and afterwards boot into normal mode again. Giving you the possibility to troubleshoot the problem.
regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 isin

isin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 09 June 2009 - 07:18 AM

Hi there!

Thank you very much!

I did what you told me and it seems to have worked well so far.
The wireless is working again, and so is Avast and everything else. The process that was eating the CPU does not seem to be there anymore. So thank you so much! That's great!

I wonder if you can tell me, though, if my computer is infected or not... I re-enabled system restore now.

Here is the fresh RSIT log (no fresh info.txt was generated):


log.txt


Logfile of random's system information tool 1.06 (written by random/random)
Run by isabel at 2009-06-09 13:10:57
Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (27%) free of 20 GB
Total RAM: 1015 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:04, on 09/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINNT\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINNT\system32\PMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\SearchIndexer.exe
C:\WINNT\system32\CCM\CcmExec.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\isabel.PH-ISABELLAP\Desktop\RSIT.exe
C:\Program Files\trend micro\isabel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EPA_EZ_GPO_Tool] C:\WINNT\system32\EZ_GPO_Tool.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238964834218
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1244220235406
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) -
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} (F-Secure Online Scanner 4.0 Launcher) - http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab
O16 - DPF: {E001C731-5E37-4538-A5CB-8168736A2360} (ActiveQscan Control) - http://quickscan.bitdefender.com/cab/ActiveQscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...618/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\Software\..\Telephony: DomainName = ic.ac.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ic.ac.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ic.ac.uk
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Energy Star™ EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINNT\system32\PMService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8410 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\RegCure Program Check.job
C:\WINNT\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-03-29 151552]
"Synchronization Manager"=C:\WINNT\system32\mobsync.exe [2004-08-04 143360]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-03-29 98304]
"PHIME2002ASync"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"PHIME2002A"=C:\WINNT\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-07-22 401408]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-07-22 385024]
"IMJPMIG8.1"=C:\WINNT\IME\imjp8_1\IMJPMIG.EXE [2004-08-03 208952]
"igfxtray"=C:\WINNT\system32\igfxtray.exe [2005-10-14 94208]
"hpbdfawep"=C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-12-23 618496]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"EPA_EZ_GPO_Tool"=C:\WINNT\system32\EZ_GPO_Tool.exe [2005-01-21 69632]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2004-08-04 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-06-05 1830128]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2008-11-07 21633320]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxdev.dll [2005-10-14 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2005-07-22 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2006-06-02 402736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINNT\system32\upnpui.dll [2004-08-04 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Wolfram Research\Mathematica\5.1\Mathematica.exe"="C:\Program Files\Wolfram Research\Mathematica\5.1\Mathematica.exe:*:Enabled:Mathematica 5.1 for Students"
"C:\Program Files\Wolfram Research\Mathematica\5.1\MathKernel.exe"="C:\Program Files\Wolfram Research\Mathematica\5.1\MathKernel.exe:*:Enabled:Mathematica 5.1 for Students Kernel"
"C:\Program Files\Wolfram Research\Mathematica\5.1\math.exe"="C:\Program Files\Wolfram Research\Mathematica\5.1\math.exe:*:Enabled:math.exe"
"C:\Program Files\Maple 10\jre\bin\java.exe"="C:\Program Files\Maple 10\jre\bin\java.exe:*:Disabled:java"
"C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE"="C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE:*:Enabled:SUPERAntiSpyware Alternate Start"
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\setup\HPZNET01.EXE"="E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\setup\hppapd.exe"="E:\setup\hppapd.exe:*:Enabled:hppapd.exe"
"E:\setup\HPNTWKEXE.EXE"="E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

======List of files/folders created in the last 1 months======

2009-06-09 12:47:28 ----A---- C:\WINNT\SchedLgU.Txt
2009-06-09 11:31:19 ----D---- C:\Program Files\ERUNT
2009-06-05 19:28:23 ----D---- C:\Program Files\trend micro
2009-06-05 19:28:22 ----D---- C:\rsit
2009-06-05 18:41:33 ----A---- C:\WINNT\ntbtlog.txt
2009-06-05 17:13:24 ----A---- C:\WINNT\system32\aswBoot.exe
2009-05-22 15:07:38 ----D---- C:\WINNT\temp
2009-05-22 15:07:37 ----A---- C:\ComboFix.txt
2009-05-22 15:00:42 ----RASHD---- C:\cmdcons
2009-05-22 14:39:03 ----A---- C:\Boot.bak
2009-05-22 14:37:31 ----A---- C:\WINNT\zip.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\SWXCACLS.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\SWSC.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\SWREG.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\sed.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\PEV.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\NIRCMD.exe
2009-05-22 14:37:31 ----A---- C:\WINNT\grep.exe
2009-05-22 14:34:25 ----D---- C:\WINNT\ERDNT
2009-05-22 14:34:23 ----D---- C:\Qoobox
2009-05-19 19:50:09 ----D---- C:\Documents and Settings\isabel.PH-ISABELLAP\Application Data\QuickScan
2009-05-19 13:05:02 ----D---- C:\Program Files\RegCure
2009-05-18 17:49:54 ----D---- C:\WINNT\McAfee.com
2009-05-10 18:14:36 ----HDC---- C:\WINNT\$NtUninstallKB951376-v2$
2009-05-10 18:14:21 ----HDC---- C:\WINNT\$NtUninstallKB952954$
2009-05-10 18:14:10 ----HDC---- C:\WINNT\$NtUninstallKB959426$
2009-05-10 18:14:00 ----HDC---- C:\WINNT\$NtUninstallKB946648$
2009-05-10 18:13:51 ----HDC---- C:\WINNT\$NtUninstallKB961373$
2009-05-10 18:13:39 ----HDC---- C:\WINNT\$NtUninstallKB956803$
2009-05-10 18:12:43 ----HDC---- C:\WINNT\$NtUninstallKB950974$
2009-05-10 18:11:55 ----HDC---- C:\WINNT\$NtUninstallKB960225$
2009-05-10 18:11:03 ----HDC---- C:\WINNT\$NtUninstallKB956572$
2009-05-10 18:09:49 ----HDC---- C:\WINNT\$NtUninstallKB938464-v2$
2009-05-10 18:09:39 ----HDC---- C:\WINNT\$NtUninstallKB952069_WM9$
2009-05-10 18:09:24 ----HDC---- C:\WINNT\$NtUninstallKB952004$
2009-05-10 18:08:59 ----HDC---- C:\WINNT\$NtUninstallKB950762$
2009-05-10 18:08:49 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2009-05-10 18:08:38 ----HDC---- C:\WINNT\$NtUninstallKB958687$
2009-05-10 18:07:31 ----HDC---- C:\WINNT\$NtUninstallKB950760$
2009-05-10 18:07:21 ----HDC---- C:\WINNT\$NtUninstallKB951066$
2009-05-10 18:07:10 ----HDC---- C:\WINNT\$NtUninstallKB958690$
2009-05-10 18:05:32 ----HDC---- C:\WINNT\$NtUninstallKB951748$
2009-05-10 18:04:32 ----HDC---- C:\WINNT\$NtUninstallKB960803$
2009-05-10 18:04:17 ----HDC---- C:\WINNT\$NtUninstallKB954600$
2009-05-10 18:04:02 ----HDC---- C:\WINNT\$NtUninstallKB958644$
2009-05-10 18:03:47 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2009-05-10 18:03:36 ----HDC---- C:\WINNT\$NtUninstallKB956802$
2009-05-10 17:59:43 ----HDC---- C:\WINNT\$NtUninstallKB963027$
2009-05-10 17:58:39 ----HDC---- C:\WINNT\$NtUninstallKB923561$

======List of files/folders modified in the last 1 months======

2009-06-09 13:04:34 ----D---- C:\WINNT\Prefetch
2009-06-09 13:01:51 ----D---- C:\WINNT\system32\CatRoot2
2009-06-09 12:57:10 ----D---- C:\TEMP
2009-06-09 12:54:36 ----D---- C:\Documents and Settings\isabel.PH-ISABELLAP\Application Data\Skype
2009-06-09 12:53:45 ----A---- C:\WINNT\SMSCFG.ini
2009-06-09 12:53:15 ----D---- C:\WINNT
2009-06-09 12:49:42 ----D---- C:\WINNT\system32\Restore
2009-06-09 12:49:41 ----SHD---- C:\System Volume Information
2009-06-09 12:48:23 ----D---- C:\WINNT\security
2009-06-09 11:31:19 ----RD---- C:\Program Files
2009-06-09 10:55:35 ----D---- C:\Documents and Settings\isabel.PH-ISABELLAP\Application Data\skypePM
2009-06-06 13:28:05 ----A---- C:\WINNT\win.ini
2009-06-06 12:52:08 ----RASH---- C:\boot.ini
2009-06-06 12:52:08 ----A---- C:\WINNT\system.ini
2009-06-05 19:33:31 ----D---- C:\WINNT\pss
2009-06-05 19:03:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-05 18:28:52 ----D---- C:\Program Files\SUPERAntiSpyware
2009-06-05 17:44:18 ----SD---- C:\WINNT\Downloaded Program Files
2009-06-05 17:44:17 ----D---- C:\WINNT\system32
2009-06-05 17:33:38 ----D---- C:\WINNT\SoftwareDistribution
2009-06-05 17:13:46 ----D---- C:\WINNT\system32\drivers
2009-06-04 17:23:07 ----D---- C:\WINNT\BDOSCAN8
2009-06-02 20:42:09 ----D---- C:\WINNT\system32\config
2009-05-22 15:05:10 ----D---- C:\WINNT\AppPatch
2009-05-22 15:05:07 ----D---- C:\Program Files\Common Files
2009-05-22 14:51:14 ----SD---- C:\WINNT\Tasks
2009-05-21 19:10:40 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-20 22:17:56 ----D---- C:\Program Files\Yahoo!
2009-05-19 19:46:23 ----HD---- C:\WINNT\inf
2009-05-19 19:37:55 ----D---- C:\cygwin
2009-05-19 13:20:09 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-18 13:00:43 ----SHD---- C:\RECYCLER
2009-05-18 10:03:22 ----D---- C:\Program Files\Mozilla Firefox
2009-05-18 10:02:12 ----SHD---- C:\WINNT\Installer
2009-05-18 10:02:11 ----HD---- C:\Config.Msi
2009-05-13 18:22:30 ----D---- C:\Documents and Settings\isabel.PH-ISABELLAP\Application Data\WinEdt
2009-05-13 15:15:02 ----D---- C:\Documents and Settings
2009-05-12 17:14:33 ----D---- C:\WINNT\Help
2009-05-12 15:00:52 ----A---- C:\WINNT\system32\PerfStringBackup.INI
2009-05-12 14:51:22 ----HD---- C:\WINNT\system32\WLANProfiles
2009-05-11 22:08:23 ----RSHD---- C:\Program Files\Common Files\System
2009-05-11 20:38:15 ----D---- C:\Program Files\SpywareBlaster
2009-05-11 20:33:15 ----D---- C:\Program Files\Reference Manager 11
2009-05-11 17:21:58 ----RSHD---- C:\WINNT\system32\dllcache
2009-05-11 17:21:58 ----D---- C:\WINNT\system32\wbem
2009-05-10 18:14:34 ----HD---- C:\WINNT\$hf_mig$
2009-05-10 18:14:02 ----D---- C:\Program Files\Messenger
2009-05-10 18:09:50 ----D---- C:\WINNT\WinSxS
2009-05-10 18:00:08 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINNT\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINNT\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINNT\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2008-11-06 9336]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2008-11-06 9464]
R1 cdudf_xp;cdudf_xp; C:\WINNT\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINNT\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 pwd_2k;pwd_2k; C:\WINNT\system32\drivers\pwd_2k.sys [2006-04-20 143834]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 UdfReadr_xp;UdfReadr_xp; C:\WINNT\system32\drivers\UdfReadr_xp.sys [2002-12-17 206464]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINNT\system32\DRIVERS\AegisP.sys [2006-03-30 17801]
R2 aswFsBlk;aswFsBlk; C:\WINNT\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINNT\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 mdmxsdk;mdmxsdk; C:\WINNT\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINNT\system32\DRIVERS\s24trans.sys [2005-07-22 11354]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINNT\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 Arp1394;1394 ARP Client Protocol; C:\WINNT\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 aswRdr;aswRdr; C:\WINNT\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINNT\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINNT\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 dvd_2K;dvd_2K; C:\WINNT\system32\drivers\dvd_2K.sys [2006-04-20 25898]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINNT\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HSF_DPV;HSF_DPV; C:\WINNT\system32\DRIVERS\HSF_DPV.sys [2005-07-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINNT\system32\DRIVERS\HSFHWAZL.sys [2005-07-22 201600]
R3 ialm;ialm; C:\WINNT\system32\DRIVERS\ialmnt5.sys [2005-10-14 1302812]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINNT\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 NIC1394;1394 Net Driver; C:\WINNT\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 rimmptsk;rimmptsk; C:\WINNT\system32\DRIVERS\rimmptsk.sys [2005-07-14 28544]
R3 rimsptsk;rimsptsk; C:\WINNT\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINNT\system32\DRIVERS\rixdptsk.sys [2005-07-14 307968]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 sdbus;sdbus; C:\WINNT\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINNT\system32\drivers\sthda.sys [2005-09-09 1032472]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINNT\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 w29n51;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINNT\system32\DRIVERS\w29n51.sys [2005-07-19 3289088]
R3 winachsf;winachsf; C:\WINNT\system32\DRIVERS\HSF_CNXT.sys [2005-07-22 717952]
S3 catchme;catchme; \??\C:\DOCUME~1\ISABEL~1.PH-\LOCALS~1\Temp\catchme.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINNT\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mmc_2K;mmc_2K; C:\WINNT\system32\drivers\mmc_2K.sys [2006-04-20 30630]
S3 mouhid;Mouse HID Driver; C:\WINNT\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 prepdrvr;SMS Process Event Driver; \??\C:\WINNT\system32\CCM\prepdrv.sys []
S3 sffdisk;SFF Storage Class Driver; C:\WINNT\system32\DRIVERS\sffdisk.sys [2004-08-04 11136]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINNT\system32\DRIVERS\sffp_sd.sys [2004-08-04 10240]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINNT\system32\drivers\sfng32.sys [2005-04-04 35712]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 CcmExec;SMS Agent Host; C:\WINNT\system32\CCM\CcmExec.exe [2007-04-13 590712]
R2 EPA_GPO_PMService;Energy Star™ EZ GPO Power Management Configuration Tool; C:\WINNT\system32\PMService.exe [2005-01-21 81920]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-07-22 86016]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-03-19 335872]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-03-29 196608]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-07-22 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-07-22 372809]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\system32\wdfmgr.exe [2005-01-28 38912]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2005-07-22 225353]
R2 WSearch;Windows Search; C:\WINNT\system32\SearchIndexer.exe [2007-02-05 300032]
R3 avast! Mail Scanner;avast! Mail Scanner; D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; D:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-07-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 855552]

-----------------EOF-----------------




It did not create a new info.txt. Here is the old one, from the 5th of June, in case you need it again:

info.txt logfile of random's system information tool 1.06 2009-06-05 19:28:25

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7875FD9-6ADB-4D4B-A756-3A2306A3D5E1}\setup.exe" -l0x9 anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
ActivePerl 5.8.3 Build 809-->MsiExec.exe /I{09C32A3E-CE8E-461F-A2E6-AE798827EB2E}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 Plugin-->C:\WINNT\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
AFPL Ghostscript 8.51-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.51\uninstal.txt"
AFPL Ghostscript Fonts-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ArcSoft Panorama Maker 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1CABB679-3958-44AA-BFFF-4E68A2684255}\Setup.exe" -l0xa -uninst
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
avast! Antivirus-->D:\Program Files\Alwil Software\Avast4\aswRunDll.exe "D:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Broadcom 440x 10/100 Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{52504CE6-E909-4113-B232-4AFEC6543A61} /l1033
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Color LaserJet 2600n-->C:\Program Files\Zenographics\{6AA1F018-7129-4A63-8E00-17599B7129AC}\setup.exe -u "HPCLJKCInstaller.dll=CLJ2600.INF"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EndNote-->C:\PROGRA~1\EndNote\UNWISE.EXE C:\PROGRA~1\EndNote\INSTALL.LOG
eWebEditPro+XML 5 Client-->MsiExec.exe /I{0D2465F3-C826-4ECC-A36D-12B7604284FD}
EZ GPO Power Management Config Tool-->MsiExec.exe /X{C5B83F18-6959-4760-9879-709E29E75DAF}
GSview 4.7-->C:\Program Files\Ghostgum\gsview\uninstgs.exe "C:\Program Files\Ghostgum\gsview\uninstal.txt"
GTK+ 2.6.8-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
High Definition Audio Driver Package - KB835221-->C:\WINNT\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINNT\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB896344)-->"C:\WINNT\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800)-->"C:\WINNT\$NtUninstallKB915800$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINNT\$NtUninstallKB915865$\spuninst\spuninst.exe"
HP Care Pack Core-->MsiExec.exe /I{3BC341BD-3736-45F0-B0E0-5664792AC528}
HP LaserJet P2015 Series 1.0-->C:\Program Files\HP\Digital Imaging\{BE4CEA63-8351-4A12-9E3A-556F8B76683A}\setup\hpzscr01.exe -datfile hppscr05.dat -forcereboot
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINNT\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software-->C:\WINNT\Installer\iProInst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
K-Lite Mega Codec Pack 1.52-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Authorware Web Player-->C:\WINNT\system32\Macromed\AUTHORWA\UNWISE.EXE C:\WINNT\system32\Macromed\AUTHORWA\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maple 10-->"C:\Program Files\Maple 10\Uninstall_Maple 10\Uninstall Maple 10.exe"
Mathematica 5.1 for Students-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{382035BC-42A5-4BD8-8CF0-26A3733360E2}
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver-->MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
Memory Key Boot Utility-->MsiExec.exe /X{D3943D0B-C281-4BF7-9FFB-2A4497986BF9}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->c:\WINNT\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINNT\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visio Viewer 2002-->MsiExec.exe /I{94F9723E-900A-43C5-8F4E-AD2D2ED09273}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual Studio .NET Professional 2003 - English-->"C:\Program Files\Microsoft Visual Studio .NET 2003\Setup\Visual Studio .NET Professional 2003 - English\setup.exe" /MaintMode
MiKTeX 2.7-->"C:\Program Files\MiKTeX 2.7\miktex\bin\copystart_admin.exe" "C:\Program Files\MiKTeX 2.7\miktex\config\uninstall.dat"
MiKTeX-->"C:\Miktex\texmf\miktex\bin\copystart.exe" "C:\Miktex\texmf\miktex\config\uninstall.dat"
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{7CD7A451-7224-49C8-95EF-9A1859C66607}
Nikon View 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}\setup.exe" UNINSTALL
O2Micro Smartcard Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{C5BED10B-42A9-4142-B4C2-008C0FDE27D5} /l1033
Oracle JInitiator 1.1.8.16-->C:\PROGRA~1\Oracle\JINITI~1.16\bin\uninstall.exe C:\WINNT\uninst.exe -f"C:\PROGRA~1\Oracle\JINITI~1.16\DeIsL1.isu" -cC:\PROGRA~1\Oracle\JINITI~1.16\_ISREG32.DLL
Oracle JInitiator 1.3.1.23-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0123-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
QuickTime-->C:\WINNT\unvise32qt.exe C:\WINNT\system32\QuickTime\Uninstall.log
RealPlayer Enterprise-->C:\Program Files\Common Files\Real\Update_OB\rnuninst.exe RealNetworks|RealOneEnt|6.0
Reference Manager 11-->MsiExec.exe /I{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}
RegCure 1.5.2.7-->C:\Program Files\RegCure\uninst.exe
RssReader-->MsiExec.exe /I{D88857C8-B36B-42CE-AC26-9FFFEEDB181A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINNT\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Media Player (KB911564)-->"C:\WINNT\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINNT\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINNT\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINNT\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINNT\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINNT\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINNT\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINNT\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINNT\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINNT\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINNT\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINNT\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINNT\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINNT\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINNT\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINNT\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINNT\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINNT\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINNT\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINNT\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINNT\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINNT\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINNT\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINNT\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINNT\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINNT\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINNT\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINNT\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINNT\system32\MacroMed\Flash\genuinst.exe C:\WINNT\system32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB913446)-->"C:\WINNT\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINNT\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINNT\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINNT\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINNT\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINNT\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINNT\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINNT\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINNT\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINNT\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINNT\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINNT\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINNT\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINNT\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINNT\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINNT\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINNT\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINNT\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINNT\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINNT\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINNT\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINNT\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINNT\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINNT\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINNT\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINNT\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINNT\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINNT\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINNT\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINNT\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINNT\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINNT\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINNT\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINNT\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINNT\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINNT\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINNT\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINNT\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINNT\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINNT\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINNT\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINNT\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINNT\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINNT\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINNT\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINNT\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINNT\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINNT\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINNT\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINNT\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINNT\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINNT\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINNT\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINNT\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINNT\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINNT\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINNT\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINNT\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINNT\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINNT\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINNT\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINNT\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINNT\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINNT\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINNT\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINNT\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINNT\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINNT\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINNT\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINNT\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINNT\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINNT\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINNT\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINNT\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINNT\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINNT\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINNT\$NtUninstallKB963027$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
SSH Secure Shell-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}\Setup.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Texas Instruments PCIxx20 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F16F258A-6300-4A1C-BC49-7929EFF455E2} /l1033
TeXnicCenter Version 1 Beta 6.20 (Fawkes)-->"C:\Program Files\TeXnicCenter\unins000.exe"
The GIMP 2.2.8-->"C:\Program Files\GIMP-2.0\unins000.exe"
TreeSize-->rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 132 C:\WINNT\INF\TInstall.inf
Update for Windows XP (KB894391)-->"C:\WINNT\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINNT\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINNT\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINNT\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908521)-->"C:\WINNT\$NtUninstallKB908521$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINNT\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINNT\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINNT\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINNT\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINNT\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINNT\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINNT\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINNT\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINNT\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINNT\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINNT\$NtUninstallKB946627$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Windows Desktop Search 3.01-->"C:\WINNT\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINNT\system32\DRVSTORE\rimsptsk_469677EEC4F8D39ABD61046D242B2A1651DE8AEF\rimsptsk.inf
Windows Driver Package - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINNT\system32\DRVSTORE\rimmptsk_EA24AF82DAB6BA6CF6FB1A3004EE91F51D3FDCF9\rimmptsk.inf
Windows Driver Package - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINNT\system32\DRVSTORE\rixdptsk_30B42BE4DA4D11DB80E5D3DD10180621BA0A53DD\rixdptsk.inf
Windows Installer 3.1 (KB893803)-->"C:\WINNT\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINNT\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player Enterprise Deployment-->MsiExec.exe /I{C2CDE75C-CA51-4335-9C13-84C00E6093A5}
Windows XP Hotfix - KB873339-->C:\WINNT\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINNT\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINNT\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINNT\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINNT\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINNT\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINNT\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINNT\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINNT\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINNT\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINNT\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINNT\$NtUninstallKB891781$\spuninst\spuninst.exe
WinEdt-->"C:\Program Files\WinEdt Team\WinEdt\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.6-->"C:\Program Files\WinSCP\unins000.exe"
WinView/32 v2.5.16.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BA89D56-CF3C-4577-9BD7-F4967A0BF180}\Setup.exe" -l0x9 UNINSTALL
WinView_Documentation v2.5.16-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9414427-3B5D-4987-9356-6B3C6B751074}\Setup.exe" -l0x9 UNINSTALL
WinZip-->"c:\program files\winzip\WINZIP32.EXE" /uninstall

======System event log======

Computer Name: PH-ISABELLAP
Event Code: 14103
Message: QoS [Adapter {4097440B-452D-4461-92B4-1B9002B48604}]:
The netcard driver failed the query for OID_GEN_LINK_SPEED.

Record Number: 378
Source Name: PSched
Time Written: 20060329190433.000000+060
Event Type: error
User:

Computer Name: PH-ISABELLAP
Event Code: 3
Message: Printer Microsoft Office Document Image Writer was deleted.

Record Number: 114
Source Name: Print
Time Written: 20060329132734.000000+060
Event Type: warning
User: PH-ISABELLAP\Administrator

Computer Name: PH-ISABELLAP
Event Code: 4
Message: Printer Microsoft Office Document Image Writer is pending deletion.

Record Number: 113
Source Name: Print
Time Written: 20060329132731.000000+060
Event Type: warning
User: PH-ISABELLAP\Administrator

Computer Name: PH-ISABELLAP
Event Code: 20
Message: Printer Driver Microsoft Office Document Image Writer Driver for Windows NT x86 Version-3 was added or updated. Files:- mdigraph.dll, mdiui.dll, mdiui.dll.

Record Number: 35
Source Name: Print
Time Written: 20060329130751.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 40961
Message: The Security System could not establish a secured connection with the server DNS/ns0.ic.ac.uk. No authentication protocol was available.

Record Number: 12
Source Name: LSASRV
Time Written: 20060329130357.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: PH-ISABELLAP
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 18
Source Name: WinMgmt
Time Written: 20060329125813.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 17
Source Name: WinMgmt
Time Written: 20060329125813.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 13
Source Name: WinMgmt
Time Written: 20060329125640.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 12
Source Name: WinMgmt
Time Written: 20060329125640.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: PH-ISABELLAP
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

Record Number: 11
Source Name: WinMgmt
Time Written: 20060329125639.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\MiKTeX 2.7\miktex\bin;C:\perl\Perl\bin;c:\ic-utils;c:\program files\unxutils\usr\local\wbin;c:\Program Files\unxutils\bin;C:\Program Files\Common Files\GTK\2.0\bin;C:\Miktex\texmf\miktex\bin;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;c:\cygwin\bin;c:\cygwin\lib\gcc-lib\i686-pc-cygwin\3.3.3;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Adobe\AGL
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=c:\temp
"TMP"=c:\temp
"INCLUDE"=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\include\;C:\watcom-1.3\h;C:\watcom-1.3\h\nt;C:\watcom-1.3\maple\include
"KMP_DUPLICATE_LIB_OK"=TRUE
"WATCOM"=C:\watcom-1.3
"LIB"=C:\Program Files\Microsoft Visual Studio .NET 2003\SDK\v1.1\Lib\
"VS71COMNTOOLS"=C:\Program Files\Microsoft Visual Studio .NET 2003\Common7\Tools\
"JAVA_PLUGIN_WEBCONTROL_ENABLE"=TRUE
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------



Thank you so much again.

I will be waiting for your instructions.

Take care,
Isabel.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:42 PM

Posted 10 June 2009 - 06:41 PM

Heya Isabel,

glad to hear that Avast! is working now. :thumbup2:
Could you please check that your Windows Updates are back to working as usual?

Your logs show some left overs from Symantec. We are going to remove those, so that they won't interfer with Avast!
Please follow the instructions on this site to complete remove Symantec from your PC:
Removal Instructions

I do not see any signs of infections present in your last logs. However, just to be sure, I would like to ask you to run the following tools:
Please Run Malwarebytes:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware[
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

As well as gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
.

Please post back the log from Malwarebytes and gmer, as well as any remaining problems you might have.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 isin

isin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 12 June 2009 - 07:23 AM

Dear helper,

thanks a lot for your email.

I will reply in bits, since I will have to restart in between...

The first couple of times I tried, Windows Updates did not work, it did not get to the point when it tells me what updates are available. Then I shut down my laptop and left it alone for a couple of days, and today, when I started it, the yellow baloon was there on the lower right corner telling me to do a few updates. I did them and then tried going to the Windows Update webpage as I was doing before, and now it seems to work fine... By the way, shall I install Windows XP service pack 3 or not? It recomments to back up my system first, and I don't know first if I need it, and second, if it's going to mess up my things...

#12 isin

isin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 12 June 2009 - 08:24 AM

hi again,

here is the malwarebytes log:

Malwarebytes' Anti-Malware 1.37
Database version: 2266
Windows 5.1.2600 Service Pack 2

12/06/2009 14:23:16
mbam-log-2009-06-12 (14-23-16).txt

Scan type: Quick Scan
Objects scanned: 109359
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#13 isin

isin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 12 June 2009 - 12:55 PM

And here is the GMER log:


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-12 18:37:12
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA91E6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA91E574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA91EA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA91E14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA91E64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA91E08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA91E0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA91E76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA91E72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA91E8AE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAAADAF20]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2430 80501320 4 Bytes JMP D610AA91
.text ntkrnlpa.exe!ZwCallbackReturn + 2708 805015F8 4 Bytes CALL 85C2C08E

---- User code sections - GMER 1.0.15 ----

.text C:\WINNT\system32\SearchIndexer.exe[736] kernel32.dll!WriteFile 7C810D97 7 Bytes JMP 00D51B19 C:\WINNT\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\system32\services.exe[1128] @ C:\WINNT\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINNT\system32\services.exe[1128] @ C:\WINNT\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A760CD5F-FFD3-DA19-7EA7-3B22AF401224}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A760CD5F-FFD3-DA19-7EA7-3B22AF401224}@dakanjlf 0x64 0x62 0x6C 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A760CD5F-FFD3-DA19-7EA7-3B22AF401224}@iapoegmgedcekdmbgi 0x6B 0x61 0x64 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A760CD5F-FFD3-DA19-7EA7-3B22AF401224}@hafogpmfmdlnccmd 0x6B 0x61 0x64 0x65 ...

---- EOF - GMER 1.0.15 ----








I have now re-enabled Avast and have Superantispyware running on my computer. I also re enabled Spybot S&D teatimer protection.

I haven't found anything wrong with my computer so far. I am only wondering why the errors I had happened. If it was because I somehow messed up the rebooting option without noticing or if it's because of any of the viruses I had, like the Trojan.ServicesSS, etc...

Please let me know what your opinion is, and if you think my computer is safe and clean now.

I really thank you very very much for your help!

Enjoy the weekend,

Isabel.

#14 isin

isin
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:42 PM

Posted 12 June 2009 - 12:57 PM

By the way, I also used the norton removal tool to get rid of Symantec traces as you said.
Hope it's all fine now.

thanks again,
Isabel.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:09:42 PM

Posted 14 June 2009 - 08:24 AM

Heya Isabel,

please do not update to SP3 just yet. I will tell you to do so, when I think that your PC is safe. :thumbup2:

Even though it doesn't look as if your PC is still infected, there are leftovers from infections showing. Therefore I would like to ask you, to do the following to remove them:

Please locate and delete the copy of Combofix that is currently on your PC.
Afterwards download a fresh copy of ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Connect all your external media to your PC, eg usb drive, external disks,etc.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

I can not tell you exactly where your problems came from. However we've been seeing this happen on infected PCs lately.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users