Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Being redirected and mysterious hidden instances of IE


  • This topic is locked This topic is locked
7 replies to this topic

#1 Patrick Pawlowski

Patrick Pawlowski

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 11 July 2009 - 09:53 PM

Somehow my machine got comprimised while I was working out of town. I was using it at the hotel one night, hit a web site, and my AV poped up a warning. Not a big deal, happens once a month or so. I clicked OK and assumed whatever it was got blocked. The next day I took my 2nd laptop to the client site and left the now comprimised one running in my hotel room. When I got back that evening there were a dozen or so visible instances of IE open and who knows what else going on with it.

Ultimately I cleaned up a few things via regedits and deleting some files but my normal AV (AVG) wasn't finding much and one of the things I cleaned off manually is know to jack up you AV. So I downloaded the free Avira and found at lead 39 infections that it cleared up.

Even after that I have found a few things that I have manually cleaned up.

The issues that I am having now are 2:

1) IE is being redirected especially when I click on the links in the results of a google search. Mostly I get redirected to some other unknown search page which I'm sure will guide me to some legitimate fixes for my issues ;) Note that it does not redirect my google search. The results of my search at least appear to be legitimate but when I click on one of the results IE gets redirected and does not go to the page that google was pointing to.

2) There seems to be visible and invisible instances of IE being opened by some mystery process that I can't identify. I can't see anything in the HJT log or running that appears out of the ordinary but something is obviously opening sites and redirecting my normal browsing.

thanks for any help

-pat pawlowski







DDS (Ver_09-06-26.01) - NTFSx86
Run by patpawlowski at 22:35:31.21 on Sat 07/11/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1242 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\bmwebcfg.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Cobian Backup 9\cbService.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe -k HPZ12
D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
D:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
svchost.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\Program Files\VMware\VMware Server\vmware-authd.exe
D:\Program Files\Microsoft Virtual Server\vmh.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS\system32\vmnat.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\vmnetdhcp.exe
D:\Program Files\VMware\VMware Server\vmserverdWin32.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\Ati2evxx.exe
C:\LiteStep\litestep.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe
D:\Program Files\KeePass Password Safe 2\KeePass.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Winamp\winamp.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Last.fm\LastFM.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
d:\Documents and Settings\patpawlowski\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uWinlogon: shell=c:\litestep\litestep.exe
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [StartupMonitor] d:\program files\startup inspector for windows\startup monitor\StartMonPrj.exe
uRun: [KeePass Password Safe 2] "d:\program files\keepass password safe 2\KeePass.exe"
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SonicWALLNetExtender] d:\program files\sonicwall\ssl-vpn\netextender\NEGui.exe -hideGUI
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: d:\docume~1\patpaw~1\startm~1\programs\startup\winamp.lnk - d:\program files\winamp\winamp.exe
Trusted Zone: cams
Trusted Zone: crmez.net
Trusted Zone: crmgold.net\test
Trusted Zone: intuit.com
Trusted Zone: no-ip.org\patpawlowski
Trusted Zone: server
Trusted Zone: turbotax.com
Trusted Zone: unva.edu\cams
Trusted Zone: vermar.com
Trusted Zone: vermar.com\sharepoint
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: {5342D0A6-173B-4EFE-8AE4-C4B325F37DA3} = 10.0.0.69 10.0.0.70
Filter: text/html - {880799af-5422-4a52-8702-3a0d10ebe52f} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - d:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2009-7-9 11608]
R1 mfehidk;McAfee Inc. mfehidk;d:\windows\system32\drivers\mfehidk.sys [2009-3-27 213768]
R1 RCFOX;SonicWALL IPsec Driver;d:\windows\system32\drivers\RCFOX.SYS [2009-5-4 86552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2009-7-9 108289]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2009-7-9 185089]
R2 avgntflt;avgntflt;d:\windows\system32\drivers\avgntflt.sys [2009-7-9 55640]
R2 CobianBackupAmanita;Cobian Backup 9 service;d:\program files\cobian backup 9\cbService.exe [2009-4-30 583168]
R2 IntuitUpdateService;Intuit Update Service;d:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 McrdSvc;Media Center Extender Service;d:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Virtual Server;Virtual Server;d:\program files\microsoft virtual server\vssrvc.exe [2007-5-24 3373432]
R2 vmserverdWin32;VMware Registration Service;d:\program files\vmware\vmware server\vmserverdWin32.exe [2008-5-9 1650781]
R3 HSFHWATI;HSFHWATI;d:\windows\system32\drivers\HSFHWATI.sys [2006-4-9 231424]
R3 SSLDrv;SSL-VPN NetExtender Adapter;d:\windows\system32\drivers\SSLDrv.sys [2006-8-28 20504]
R3 vhdbus;Microsoft Virtual Server Storage Bus;d:\windows\system32\drivers\vhdbus.sys [2007-5-5 25480]
R3 vmh;Virtual Machine Helper;d:\program files\microsoft virtual server\vmh.exe [2007-5-24 166808]
R4 AvgRkx86;avgrkx86.sys;d:\windows\system32\drivers\avgrkx86.sys --> d:\windows\system32\drivers\avgrkx86.sys [?]
R4 AvgTdiX;AVG8 Network Redirector;d:\windows\system32\drivers\avgtdix.sys --> d:\windows\system32\drivers\avgtdix.sys [?]
S2 lggxxfslk;lggxxfslk;d:\windows\system32\drivers\ehpaiyprnq.sys [2009-7-9 72960]
S2 msncache;msncache;d:\windows\system32\svchost.exe -k netsvcs [2004-8-10 14336]
S3 ATTRcAppSvc;AT&T RcAppSvc;d:\program files\at&t\communication manager\RcAppSvc.exe [2007-12-21 113176]
S3 GT72NDISIPXP;GT 72 IP NDIS;d:\windows\system32\drivers\Gt51Ip.sys [2008-7-14 95744]
S3 GT72UBUS;GT 72 U BUS;d:\windows\system32\drivers\gt72ubus.sys [2008-7-14 51968]
S3 GTPTSER;GT PT SER;d:\windows\system32\drivers\gtptser.sys [2008-7-14 8064]
S3 MfeAVFK;McAfee Inc. MfeAVFK;d:\windows\system32\drivers\MfeAVFK.sys [2009-3-27 79880]
S3 MfeBOPK;McAfee Inc. MfeBOPK;d:\windows\system32\drivers\MfeBOPK.sys [2009-3-27 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK;d:\windows\system32\drivers\MfeRKDK.sys [2009-3-27 34216]
S3 MsDtsServer;SQL Server Integration Services;d:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2007-3-3 202096]
S3 rcvpn;SonicWALL VPN Adapter;d:\windows\system32\drivers\rcvpn.sys [2009-5-4 24876]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;d:\windows\system32\drivers\SCR3XX2K.sys [2007-10-18 56448]
S4 LkWebLink;Inter-Tel Collaboration Remote Client;d:\documents and settings\patpawlowski\my documents\inter-tel\collaboration client 2.0\lkWebLink.exe [2007-9-20 32768]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]
S4 ReportServer;SQL Server Reporting Services (MSSQLSERVER);d:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2007-3-3 17264]

=============== Created Last 30 ================

2009-07-09 21:33 <DIR> --d----- d:\program files\Avira
2009-07-09 21:33 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Avira
2009-07-09 14:53 <DIR> --d----- d:\program files\Trend Micro
2009-07-08 15:05 <DIR> --d----- d:\docume~1\patpaw~1\applic~1\Messenger

==================== Find3M ====================


============= FINISH: 22:39:04.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:08 AM

Posted 21 July 2009 - 07:37 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:08 AM

Posted 26 July 2009 - 05:01 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Edited by syler, 26 July 2009 - 05:03 AM.

unite.jpg


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:08 AM

Posted 27 July 2009 - 05:03 PM

Topic reopened at OP request.

unite.jpg


#5 Patrick Pawlowski

Patrick Pawlowski
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 27 July 2009 - 06:23 PM

Thanks and the logs are posted. The google results are still being redirected btw.

Malwarebytes' Anti-Malware 1.39
Database version: 2511
Windows 5.1.2600 Service Pack 3

7/27/2009 2:39:44 PM
mbam-log-2009-07-27 (14-39-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 349180
Time elapsed: 2 hour(s), 12 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 20
Registry Values Infected: 12
Registry Data Items Infected: 3
Folders Infected: 4
Files Infected: 14

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
\\?\globalroot\systemroot\system32\hjgruiqlxxcwun.dll (Trojan.TDSS) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdat.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\messengerupdateproject.messengerupdate (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbcc290a-5e32-4e54-80db-f0f3f3892444} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e3a14032-f6fc-426d-a024-bead613d5db3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{d8c0508c-e235-4d9e-a27e-c8bb5f527dc9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5948a52a-ba3a-49a8-bcaf-d578502bda9d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\MessengerUpdateProject.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msncache (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UACd.sys (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
D:\Documents and Settings\patpawlowski\Application Data\Messenger\Drivers (Trojan.Agent.M) -> Quarantined and deleted successfully.
d:\documents and settings\patpawlowski\application data\messenger\Drivers\Aud32 (Trojan.Agent.M) -> Quarantined and deleted successfully.
D:\Documents and Settings\patpawlowski\Application Data\Messenger\Sys (Trojan.Agent.M) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
\\?\globalroot\systemroot\system32\hjgruiqlxxcwun.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
d:\documents and settings\patpawlowski\application data\messenger\Drivers\Aud32\msgutil83.dll (Adware.Agent) -> Quarantined and deleted successfully.
d:\program files\common files\GTK\2.0\lib\gtk-2.0\2.4.0\engines\libwimp.dll (Trojan.Buzus) -> Quarantined and deleted successfully.
d:\documents and settings\patpawlowski\application data\messenger\Drivers\conf.sys (Trojan.Agent.M) -> Quarantined and deleted successfully.
d:\documents and settings\patpawlowski\application data\messenger\Drivers\pub.dll (Trojan.Agent.M) -> Quarantined and deleted successfully.
d:\documents and settings\patpawlowski\application data\messenger\Drivers\serial.sys (Trojan.Agent.M) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
d:\WINDOWS\system32\lowsec\user.ds.lll (Stolen.data) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
d:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.



Logfile of random's system information tool 1.06 (written by random/random)
Run by patpawlowski at 2009-07-27 15:22:36
Microsoft Windows XP Professional Service Pack 3
System drive D: has 14 GB (18%) free of 76 GB
Total RAM: 2046 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:23:03 PM, on 7/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\WINDOWS\system32\bmwebcfg.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\cisvc.exe
D:\Program Files\Cobian Backup 9\cbService.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
D:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
C:\LiteStep\litestep.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\FixCamera.exe
D:\WINDOWS\tsnp2std.exe
D:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe
D:\Program Files\KeePass Password Safe 2\KeePass.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Winamp\winamp.exe
D:\Program Files\RealVNC\VNC4\WinVNC4.exe
D:\WINDOWS\system32\MsPMSPSv.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\Program Files\Last.fm\LastFM.exe
D:\Program Files\Trillian\trillian.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
D:\WINDOWS\system32\mstsc.exe
D:\Documents and Settings\patpawlowski\Local Settings\Temporary Internet Files\Content.IE5\RM3BYIW6\RSIT[1].exe
D:\Program Files\Trend Micro\HijackThis\patpawlowski.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [FixCamera] D:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnp2std] D:\WINDOWS\tsnp2std.exe
O4 - HKCU\..\Run: [StartupMonitor] D:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe
O4 - HKCU\..\Run: [KeePass Password Safe 2] "D:\Program Files\KeePass Password Safe 2\KeePass.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Winamp.lnk = D:\Program Files\Winamp\winamp.exe
O15 - Trusted Zone: http://*.cams
O15 - Trusted Zone: *.crmez.net
O15 - Trusted Zone: http://test.crmgold.net
O15 - Trusted Zone: *.intuit.com
O15 - Trusted Zone: http://patpawlowski.no-ip.org
O15 - Trusted Zone: http://*.turbotax.com
O15 - Trusted Zone: http://sharepoint.vermar.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://execustay.vermar.com/goglobal/ggw-activex.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5342D0A6-173B-4EFE-8AE4-C4B325F37DA3}: Domain = vmi
O17 - HKLM\System\CCS\Services\Tcpip\..\{5342D0A6-173B-4EFE-8AE4-C4B325F37DA3}: NameServer = 10.0.0.69 10.0.0.70
O18 - Filter hijack: text/html - {880799af-5422-4a52-8702-3a0d10ebe52f} - D:\WINDOWS\system32\mst122.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - PCTEL - D:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - D:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cobian Backup 9 service (CobianBackupAmanita) - Luis Cobian - D:\Program Files\Cobian Backup 9\cbService.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - D:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - D:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: ScsiAccess - Unknown owner - D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: SonicWALL NetExtender Service (SONICWALL_NetExtender) - SonicWALL Inc. - D:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - D:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS\system32\vmnat.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 7795 bytes

======Scheduled tasks folder======

D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\Google Software Updater.job
D:\WINDOWS\tasks\User_Feed_Synchronization-{A8EDA690-6084-4173-A4D9-E44583000165}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-06-18 729178]
"avgnt"=D:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"FixCamera"=D:\WINDOWS\FixCamera.exe [2007-07-11 20480]
"tsnp2std"=D:\WINDOWS\tsnp2std.exe [2007-08-31 262144]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StartupMonitor"=D:\Program Files\Startup Inspector for Windows\Startup Monitor\StartMonPrj.exe [2005-01-15 544768]
"KeePass Password Safe 2"=D:\Program Files\KeePass Password Safe 2\KeePass.exe [2009-03-12 1332224]
"ctfmon.exe"=D:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

D:\Documents and Settings\patpawlowski\Start Menu\Programs\Startup
Winamp.lnk - D:\Program Files\Winamp\winamp.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
D:\WINDOWS\system32\Ati2evxx.dll [2005-09-27 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
D:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=D:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=D:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=B1000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"D:\Program Files\Yahoo!\Messenger\YServer.exe"="D:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"D:\Program Files\Google\Google Talk\googletalk.exe"="D:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Messenger\msmsgs.exe"="D:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Program Files\Pinnacle\Studio 10\programs\RM.exe"="D:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager"
"D:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"="D:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio"
"D:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"="D:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"D:\Program Files\Pinnacle\Studio 10\programs\umi.exe"="D:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi"
"D:\Program Files\Winamp Remote\bin\Orb.exe"="D:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"D:\Program Files\Winamp Remote\bin\OrbTray.exe"="D:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="D:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="D:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="D:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"D:\Program Files\MySpace\IM\MySpaceIM.exe"="D:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"D:\Program Files\Microsoft Virtual Server\vssrvc.exe"="D:\Program Files\Microsoft Virtual Server\vssrvc.exe:*:Enabled:Virtual Server"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Program Files\AVG\AVG8\avgam.exe"="D:\Program Files\AVG\AVG8\avgam.exe:*:Enabled:avgam.exe"
"D:\Program Files\AVG\AVG8\avgdiag.exe"="D:\Program Files\AVG\AVG8\avgdiag.exe:*:Enabled:avgdiag.exe"
"D:\Program Files\AVG\AVG8\avgdiagex.exe"="D:\Program Files\AVG\AVG8\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"D:\Program Files\AVG\AVG8\avgupd.exe"="D:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"D:\Program Files\AVG\AVG8\avgnsx.exe"="D:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="D:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
"D:\Program Files\Microsoft Virtual Server\vssrvc.exe"="D:\Program Files\Microsoft Virtual Server\vssrvc.exe:*:Enabled:Virtual Server"

======List of files/folders created in the last 1 months======

2009-07-27 15:22:36 ----D---- D:\rsit
2009-07-27 11:59:10 ----D---- D:\Documents and Settings\patpawlowski\Application Data\Malwarebytes
2009-07-27 11:58:58 ----D---- D:\Program Files\Malwarebytes' Anti-Malware
2009-07-27 11:58:58 ----D---- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-24 23:13:06 ----D---- D:\Program Files\SecondLife
2009-07-22 15:03:05 ----A---- D:\WINDOWS\FixCamera.exe
2009-07-22 15:03:05 ----A---- D:\WINDOWS\Amcap.exe
2009-07-22 15:03:04 ----A---- D:\WINDOWS\WindowsXP-KB822603-x86.exe
2009-07-22 15:03:02 ----A---- D:\WINDOWS\vsnp2std.exe
2009-07-22 15:03:02 ----A---- D:\WINDOWS\tsnp2std.exe
2009-07-22 15:03:02 ----A---- D:\WINDOWS\snp2std.ini
2009-07-22 15:02:56 ----D---- D:\Program Files\Common Files\snp2std
2009-07-22 15:02:56 ----A---- D:\WINDOWS\system32\vsnp2std.dll
2009-07-22 15:02:56 ----A---- D:\WINDOWS\system32\rsnp2std.dll
2009-07-22 15:02:56 ----A---- D:\WINDOWS\system32\csnp2std.dll
2009-07-17 17:04:27 ----D---- D:\Documents and Settings\patpawlowski\Application Data\FileZilla
2009-07-17 17:04:08 ----D---- D:\Program Files\FileZilla FTP Client
2009-07-16 08:09:41 ----HDC---- D:\WINDOWS\$NtUninstallKB973346$
2009-07-16 08:09:33 ----HDC---- D:\WINDOWS\$NtUninstallKB971633$
2009-07-16 08:08:12 ----A---- D:\WINDOWS\system32\MRT.INI
2009-07-16 07:59:38 ----HDC---- D:\WINDOWS\$NtUninstallKB961371$
2009-07-11 17:29:20 ----A---- D:\WINDOWS\system32\muweb.dll
2009-07-09 21:33:16 ----D---- D:\Program Files\Avira
2009-07-09 21:33:16 ----D---- D:\Documents and Settings\All Users\Application Data\Avira
2009-07-09 14:53:39 ----D---- D:\Program Files\Trend Micro
2009-07-09 03:18:45 ----HDC---- D:\WINDOWS\$NtUninstallKB959426$
2009-07-09 03:18:24 ----HDC---- D:\WINDOWS\$NtUninstallKB961373$
2009-07-09 03:16:49 ----HDC---- D:\WINDOWS\$NtUninstallKB970483$
2009-07-09 03:14:55 ----HDC---- D:\WINDOWS\$NtUninstallKB956572$
2009-07-09 03:13:50 ----HDC---- D:\WINDOWS\$NtUninstallKB961501$
2009-07-09 03:13:11 ----HDC---- D:\WINDOWS\$NtUninstallKB952004$
2009-07-09 03:13:00 ----HDC---- D:\WINDOWS\$NtUninstallKB969898$
2009-07-09 03:11:30 ----HDC---- D:\WINDOWS\$NtUninstallKB963093$
2009-07-09 03:03:57 ----HDC---- D:\WINDOWS\$NtUninstallKB970238$
2009-07-09 03:03:43 ----HDC---- D:\WINDOWS\$NtUninstallKB960803$
2009-07-09 03:03:31 ----HDC---- D:\WINDOWS\$NtUninstallKB968537$
2009-07-09 03:01:27 ----HDC---- D:\WINDOWS\$NtUninstallKB923561$
2009-07-08 20:42:04 ----N---- D:\WINDOWS\system32\xpsp4res.dll
2009-07-08 15:05:20 ----D---- D:\Documents and Settings\patpawlowski\Application Data\Messenger
2009-07-08 14:55:35 ----N---- D:\WINDOWS\system32\rn.tmp
2009-07-08 14:30:27 ----D---- D:\Documents and Settings\patpawlowski\Application Data\Download Manager

======List of files/folders modified in the last 1 months======

2009-07-27 15:15:00 ----A---- D:\WINDOWS\SchedLgU.Txt
2009-07-27 14:52:32 ----D---- D:\WINDOWS\system32\inetsrv
2009-07-27 14:51:00 ----D---- D:\WINDOWS\Temp
2009-07-27 14:51:00 ----D---- D:\WINDOWS\system32
2009-07-27 14:50:48 ----D---- D:\WINDOWS\system32\CatRoot2
2009-07-27 14:50:44 ----D---- D:\WINDOWS\Registration
2009-07-27 14:50:14 ----D---- D:\Program Files\Trillian
2009-07-27 14:48:41 ----SD---- D:\WINDOWS\Tasks
2009-07-27 14:48:37 ----D---- D:\WINDOWS\system32\NtmsData
2009-07-27 14:48:31 ----D---- D:\WINDOWS
2009-07-27 14:48:02 ----D---- D:\WINDOWS\system32\drivers
2009-07-27 14:46:38 ----A---- D:\WINDOWS\ModemLog_AC97 Soft Data Fax Modem with SmartCP.txt
2009-07-27 12:51:01 ----A---- D:\WINDOWS\NeroDigital.ini
2009-07-27 12:46:54 ----D---- D:\WINDOWS\Prefetch
2009-07-27 11:58:58 ----RD---- D:\Program Files
2009-07-27 10:44:55 ----A---- D:\WINDOWS\win.ini
2009-07-27 09:37:08 ----A---- D:\WINDOWS\ModemLog_Standard Modem.txt
2009-07-27 08:31:25 ----D---- D:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-27 08:30:25 ----SHD---- D:\WINDOWS\CSC
2009-07-24 23:15:46 ----D---- D:\Documents and Settings\patpawlowski\Application Data\SecondLife
2009-07-24 21:02:14 ----HD---- D:\Config.Msi
2009-07-24 12:37:28 ----SHD---- D:\WINDOWS\Installer
2009-07-22 20:30:39 ----D---- D:\Program Files\Microsoft Silverlight
2009-07-22 15:03:10 ----HD---- D:\WINDOWS\inf
2009-07-22 15:03:02 ----D---- D:\WINDOWS\twain_32
2009-07-22 15:02:56 ----HD---- D:\Program Files\InstallShield Installation Information
2009-07-22 15:02:56 ----D---- D:\Program Files\Common Files
2009-07-20 10:51:53 ----D---- D:\Program Files\VMI
2009-07-19 09:43:52 ----D---- D:\Documents and Settings\All Users\Application Data\VMware
2009-07-17 21:56:28 ----D---- D:\Documents and Settings\patpawlowski\Application Data\Winamp
2009-07-17 17:10:00 ----D---- D:\Program Files\FileZilla
2009-07-17 10:48:02 ----SD---- D:\WINDOWS\Downloaded Program Files
2009-07-17 08:11:36 ----D---- D:\Program Files\Winamp
2009-07-16 08:21:55 ----A---- D:\WINDOWS\system32\PerfStringBackup.INI
2009-07-16 08:10:05 ----D---- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-16 08:09:40 ----HD---- D:\WINDOWS\$hf_mig$
2009-07-16 08:09:38 ----A---- D:\WINDOWS\imsins.BAK
2009-07-16 08:09:36 ----RSHDC---- D:\WINDOWS\system32\dllcache
2009-07-15 08:51:53 ----D---- D:\Documents and Settings\patpawlowski\Application Data\Canon
2009-07-14 11:33:32 ----D---- D:\Documents and Settings\patpawlowski\Application Data\VMware
2009-07-09 21:32:12 ----D---- D:\WINDOWS\WinSxS
2009-07-09 20:27:38 ----N---- D:\WINDOWS\system.ini
2009-07-09 20:04:15 ----D---- D:\WINDOWS\pss
2009-07-09 18:14:23 ----D---- D:\Program Files\MySpace
2009-07-09 03:32:52 ----D---- D:\WINDOWS\Microsoft.NET
2009-07-09 03:32:23 ----RSD---- D:\WINDOWS\assembly
2009-07-09 03:26:43 ----D---- D:\WINDOWS\system32\wbem
2009-07-09 03:26:43 ----D---- D:\WINDOWS\AppPatch
2009-07-09 03:26:43 ----D---- D:\Program Files\Windows Desktop Search
2009-07-09 03:26:43 ----D---- D:\Program Files\Internet Explorer
2009-07-09 03:16:12 ----D---- D:\WINDOWS\ie8updates
2009-07-08 20:21:35 ----D---- D:\Documents and Settings\patpawlowski\Application Data\wsInspector
2009-07-07 11:10:56 ----A---- D:\WINDOWS\system32\MRT.exe
2009-07-06 08:44:14 ----D---- D:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; D:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 avgio;avgio; \??\D:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; D:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 eabfiltr;EABFiltr; \??\D:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 FileDisk;FileDisk; D:\WINDOWS\system32\drivers\FileDisk.sys [2005-10-16 12928]
R1 mfehidk;McAfee Inc. mfehidk; D:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-03 213768]
R1 mfetdik;McAfee Inc. mfetdik; D:\WINDOWS\system32\drivers\mfetdik.sys [2009-03-03 55208]
R1 PCLEPCI;PCLEPCI; \??\D:\WINDOWS\system32\drivers\pclepci.sys []
R1 RCFOX;SonicWALL IPsec Driver; \??\D:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 ssmdrv;ssmdrv; D:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 tcpipBM;Bytemobile Kernel Network Provider; D:\WINDOWS\system32\drivers\tcpipBM.sys [2007-12-21 18816]
R1 truecrypt;truecrypt; D:\WINDOWS\System32\drivers\truecrypt.sys [2008-11-24 215616]
R1 vmm;Virtual Machine Monitor; \??\D:\WINDOWS\system32\Drivers\vmm.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; D:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; D:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]
R2 Aspi32;Aspi32; D:\WINDOWS\system32\drivers\Aspi32.sys [2003-12-17 17005]
R2 avgntflt;avgntflt; D:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-03-24 55640]
R2 hcmon;VMware hcmon; \??\D:\WINDOWS\system32\Drivers\hcmon.sys []
R2 mdmxsdk;mdmxsdk; D:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 VMnetBridge;VMware Bridge Protocol; D:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2008-05-09 23296]
R2 VMnetuserif;VMware Network Application Interface; \??\D:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\D:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2;Vstor2 Virtual Storage Driver; \??\D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys []
R3 Arp1394;1394 ARP Client Protocol; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; D:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2005-01-10 11264]
R3 ati2mtag;ati2mtag; D:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-09-27 1345536]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; D:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-08-11 376320]
R3 CAMCAUD;Conexant AMC Audio; D:\WINDOWS\system32\drivers\camc6aud.sys [2005-08-02 38016]
R3 CAMCHALA;CAMCHALA; D:\WINDOWS\system32\drivers\camc6hal.sys [2005-08-02 349312]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; D:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; D:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-02-08 125200]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HidUsb;Microsoft HID Class Driver; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; D:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2005-08-22 1035008]
R3 HSFHWATI;HSFHWATI; D:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]
R3 mouhid;Mouse HID Driver; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MxlW2k;MxlW2k; D:\WINDOWS\system32\drivers\MxlW2k.sys [2009-01-07 28276]
R3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RimVSerPort;RIM Virtual Serial Port v2; D:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; D:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; D:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-06-19 74496]
R3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SSLDrv;SSL-VPN NetExtender Adapter; D:\WINDOWS\system32\DRIVERS\SSLDrv.sys [2009-02-23 20504]
R3 swmsflt;swmsflt; D:\WINDOWS\System32\drivers\swmsflt.sys [2007-09-04 25736]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-06-18 190400]
R3 tifm21;tifm21; D:\WINDOWS\system32\drivers\tifm21.sys [2005-06-22 162176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; D:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; D:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 vhdbus;Microsoft Virtual Server Storage Bus; D:\WINDOWS\system32\DRIVERS\vhdbus.sys [2007-05-05 25480]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; D:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2008-05-09 9600]
R3 VPCNetS2;Virtual Machine Network Services Driver; D:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-05-05 59792]
R3 Wdf01000;Wdf01000; D:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; D:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S1 kbdhid;Keyboard HID Driver; D:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S2 lggxxfslk;lggxxfslk; \??\D:\WINDOWS\system32\drivers\ehpaiyprnq.sys []
S3 CCDECODE;Closed Caption Decoder; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CVirtA;Cisco Systems VPN Adapter; D:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 eabusb;eabusb; \??\D:\WINDOWS\system32\drivers\eabusb.sys []
S3 GT72NDISIPXP;GT 72 IP NDIS; D:\WINDOWS\system32\DRIVERS\Gt51Ip.sys [2007-08-23 95744]
S3 GT72UBUS;GT 72 U BUS; D:\WINDOWS\system32\DRIVERS\gt72ubus.sys [2007-08-23 51968]
S3 GTPTSER;GT PT SER; D:\WINDOWS\system32\DRIVERS\gtptser.sys [2007-08-23 8064]
S3 hamachi;Hamachi Network Interface; D:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-06-17 25280]
S3 MfeAVFK;McAfee Inc. MfeAVFK; D:\WINDOWS\system32\drivers\MfeAVFK.sys [2009-03-03 79880]
S3 MfeBOPK;McAfee Inc. MfeBOPK; D:\WINDOWS\system32\drivers\MfeBOPK.sys [2009-03-03 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK; D:\WINDOWS\system32\drivers\MfeRKDK.sys [2009-03-03 34216]
S3 MHNDRV;MHN driver; D:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\D:\WINDOWS\system32\PCTINDIS5.SYS []
S3 rcvpn;SonicWALL VPN Adapter; D:\WINDOWS\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]
S3 RimUsb;BlackBerry Smartphone; D:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SCR3XX2K;SCR3xx USB SmartCardReader; D:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys [2007-10-18 56448]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TDIMSYS;TDIMSYS; \??\D:\WINDOWS\system32\drivers\TDIMSYS.SYS []
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464]
S3 usbaudio;USB Audio Driver (WDM); D:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; D:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; D:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WISTechVIDCAP;Dazzle DVC170; D:\WINDOWS\system32\drivers\wisgostrm.sys [2006-03-08 198400]
S3 WpdUsb;WpdUsb; D:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; D:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; D:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; D:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; D:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; D:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-05-11 185089]
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Ati HotKey Poller;Ati HotKey Poller; D:\WINDOWS\system32\Ati2evxx.exe [2005-09-27 376832]
R2 bmwebcfg;Bytemobile Web Configurator; D:\WINDOWS\system32\bmwebcfg.exe [2007-12-21 118784]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 CobianBackupAmanita;Cobian Backup 9 service; D:\Program Files\Cobian Backup 9\cbService.exe [2008-09-21 583168]
R2 ehRecvr;Media Center Receiver Service; D:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; D:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IISADMIN;IIS Admin; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 IntuitUpdateService;Intuit Update Service; D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; D:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440]
R2 McrdSvc;Media Center Extender Service; D:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; D:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 ScsiAccess;ScsiAccess; D:\Program Files\Photodex\ProShowGold\ScsiAccess.exe [2006-09-19 181312]
R2 SONICWALL_NetExtender;SonicWALL NetExtender Service; D:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe [2009-03-25 304976]
R2 W3SVC;World Wide Web Publishing; D:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WinVNC4;VNC Server Version 4; D:\Program Files\RealVNC\VNC4\WinVNC4.exe [2005-03-11 455632]
R2 WMDM PMSP Service;WMDM PMSP Service; D:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
R2 WSearch;Windows Search; D:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; D:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 gusvc;Google Software Updater; D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S2 Virtual Server;Virtual Server; D:\Program Files\Microsoft Virtual Server\vssrvc.exe [2007-05-24 3373432]
S2 VMAuthdService;VMware Authorization Service; D:\Program Files\VMware\VMware Server\vmware-authd.exe [2008-05-09 151643]
S2 VMnetDHCP;VMware DHCP Service; D:\WINDOWS\system32\vmnetdhcp.exe [2008-05-09 106496]
S2 vmount2;VMware Virtual Mount Manager Extended; D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe [2007-05-01 269104]
S2 vmserverdWin32;VMware Registration Service; D:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2008-05-09 1650781]
S2 VMware NAT Service;VMware NAT Service; D:\WINDOWS\system32\vmnat.exe [2008-05-09 135168]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ATTRcAppSvc;AT&T RcAppSvc; D:\Program Files\AT&T\Communication Manager\RcAppSvc.exe [2007-12-21 113176]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; d:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 hpqwmi;HP WMI Interface; D:\Program Files\HPQ\shared\hpqwmi.exe [2005-10-11 102400]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S3 MHN;MHN; D:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MsDtsServer;SQL Server Integration Services; D:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2007-03-03 202096]
S3 msftesql;SQL Server FullText Search (MSSQLSERVER); D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2005-08-26 92880]
S3 MSSQLSERVER;SQL Server (MSSQLSERVER); D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-03-03 28771240]
S3 MSSQLServerOLAPService;SQL Server Analysis Services (MSSQLSERVER); D:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2007-03-03 14560624]
S3 NBService;NBService; D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-05-07 779824]
S3 NMIndexingService;NMIndexingService; D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-07 271920]
S3 odserv;Microsoft Office Diagnostics Service; D:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RampartSvc;SonicWall VPN Client Service; D:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2008-03-24 230672]
S3 SQLBrowser;SQL Server Browser; D:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2005-10-14 239320]
S3 SQLSERVERAGENT;SQL Server Agent (MSSQLSERVER); D:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2005-10-14 318680]
S3 SQLWriter;SQL Server VSS Writer; D:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2005-10-14 87768]
S3 vmh;Virtual Machine Helper; D:\Program Files\Microsoft Virtual Server\vmh.exe [2007-05-24 166808]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; D:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S4 LkWebLink;Inter-Tel Collaboration Remote Client; D:\Documents and Settings\patpawlowski\My Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [2007-09-20 32768]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; D:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2006-12-02 2805000]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 ReportServer;SQL Server Reporting Services (MSSQLSERVER); D:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2007-03-03 17264]

-----------------EOF-----------------



info.txt logfile of random's system information tool 1.06 2009-07-27 15:23:09

======Uninstall list======

-->D:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->D:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->D:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->D:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->D:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->D:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->D:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->D:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->D:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{09715083-BF10-4834-9E28-B5D8820513CA}
-->MsiExec.exe /I{1E049668-AD90-4008-B213-E20CED2324DD}
-->MsiExec.exe /I{35103A8A-E9D8-40FA-AEC7-4D138952DB30}
-->MsiExec.exe /I{5FBCB03F-F72A-49BF-BA46-63B3515EE3A9}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
7-Zip 4.42-->"D:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player 10 ActiveX-->D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->D:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE D:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AnswerWorks 4.0 Runtime - English-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AnswerWorks 5.0 English Runtime-->MsiExec.exe /I{9E5A03E3-6246-4920-9630-0527D5DA9B07}
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AT&T Communication Manager-->MsiExec.exe /X{022F9777-F169-4B47-B425-997B9F320E33}
Athlon 64 Processor Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->D:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Attribute Changer 5.23-->D:\Program Files\Romain's Software\Attribute Changer\uninstall.exe
Audacity 1.2.6-->"D:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->D:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BitTorrent 4.0.4-->"D:\Program Files\BitTorrent\uninstall.exe"
BlackBerry Desktop Software 4.2-->MsiExec.exe /I{F50ACDE0-EC46-4E45-AAA5-A96F9ED6E8DD}
BlackBerry Desktop Software 4.2-->MsiExec.exe /i{F50ACDE0-EC46-4E45-AAA5-A96F9ED6E8DD}
BlackBerry Device Software Updater-->MsiExec.exe /X{628AA77D-DFC9-4B3D-BE8E-CF9F7CD4C3C7}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Borland SQL Links-->D:\WINDOWS\uninst.exe -fc:\goldmine\setup\bdeshare\DeIsL1.isu -cD:\WINDOWS\system32\SQUNINST.DLL
BR7 Utility-->c:\br7\Unstall.exe
Broadcom 802.11 Wireless LAN Adapter-->D:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Camtasia Studio 3-->D:\Program Files\TechSmith\Camtasia Studio 3\CSuninst.EXE
Canon CanoScan Toolbox 4.1-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9 anything
Canon LASER SHOT LBP-1210-->D:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP2UNIK.EXE
CCleaner (remove only)-->"D:\Program Files\CCleaner\uninst.exe"
Cobian Backup 9-->D:\Program Files\Cobian Backup 9\cbUninstall.exe
Conexant AC-Link Audio-->D:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -ICPL309BA.INF
Crimson Editor (remove only)-->D:\Program Files\Crimson Editor\uninstall.exe
Critical Update for Windows Media Player 11 (KB959772)-->"D:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
crmEZOutlookIntegration-->MsiExec.exe /I{016C55D9-3D12-4F78-B35D-6E2FD6A3A039}
Crystal Reports 9-->MsiExec.exe /I{71A7D000-0D1F-4CF9-BB75-BB5920436F0C}
CutePDF Writer 2.7-->D:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
Dev-C++ 4-->D:\WINDOWS\uninst.exe -fD:\Dev-C++\DeIsL1.isu -cD:\Dev-C++\_ISREG32.DLL
DhcpExplorer 1.0-->"D:\Program Files\Nsasoft\DhcpExplorer\unins000.exe"
Diamond Mine 1.5sw-->D:\Program Files\PopCap Games\Diamond Mine\UnGins.exe "D:\Program Files\PopCap Games\Diamond Mine\install.log"
Digital Viewer-->D:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0009 -removeonly -u
DiscAPI (Studio 10)-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX-->D:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Driver Installer-->MsiExec.exe /X{753D852A-D86D-42C9-9978-40AE66FB8985}
Emulator Images for Windows Mobile 5.0 with MSFP-->MsiExec.exe /X{907A5FE4-2A3B-4BAA-B992-C07F06C32EF9}
EPSON Printer Software-->D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
FBLook (remove only)-->"D:\Program Files\TechHit.com\FBLook\uninstall.exe"
FeedReader-->"D:\Program Files\FeedReader30\unins000.exe"
FileZilla Client 3.2.6.1-->D:\Program Files\FileZilla FTP Client\uninstall.exe
FLV Player-->"D:\WINDOWS\FLV Player\uninstall.exe" "/U:D:\Program Files\FLV Player\Uninstall\uninstall.xml"
GDR 1406 for SQL Server Analysis Services 2005 ENU (KB932557)-->D:\WINDOWS\OLAP9_KB932557_ENU\Hotfix.exe /Uninstall
GDR 1406 for SQL Server Database Services 2005 ENU (KB932557)-->D:\WINDOWS\SQL9_KB932557_ENU\Hotfix.exe /Uninstall
GDR 1406 for SQL Server Integration Services 2005 ENU (KB932557)-->D:\WINDOWS\DTS9_KB932557_ENU\Hotfix.exe /Uninstall
GDR 1406 for SQL Server Notification Services 2005 ENU (KB932557)-->D:\WINDOWS\NS9_KB932557_ENU\Hotfix.exe /Uninstall
GDR 1406 for SQL Server Reporting Services 2005 ENU (KB932557)-->D:\WINDOWS\RS9_KB932557_ENU\Hotfix.exe /Uninstall
GDR 1406 for SQL Server Tools and Workstation Components 2005 ENU (KB932557)-->D:\WINDOWS\SQLTools9_KB932557_ENU\Hotfix.exe /Uninstall
GO-Global Client-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{29C9C9B5-1BA2-4782-9D0E-E357FECCE242}\setup.exe" -l0x9 Uninstall -removeonly
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Talk (remove only)-->"D:\Program Files\Google\Google Talk\uninstall.exe"
Google Toolbar for Internet Explorer-->"D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Updater-->"D:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GTK+ 2.6.2 runtime environment-->"D:\Program Files\Common Files\GTK\2.0\unins000.exe"
HelpMaker (Remove Only)-->"D:\Program Files\accviz\help\unins000.exe"
High Definition Audio Driver Package - KB835221-->D:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"D:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"D:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"D:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"D:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"D:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 7.0-->D:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Cameras 7.0-->D:\Program Files\HP\Digital Imaging\{2D1A5223-E01B-4e2f-A05C-266289B389A2}\setup\hpzscr01.exe -datfile hpiscr04.dat
HP Photosmart Premier Software 6.5-->D:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Solution Center 7.0-->D:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
HP User Guides 0008-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{43A6AA2A-74B5-4E1C-91DB-ECB2F99D9ED7}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 C1-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
HTML-Kit-->"D:\Program Files\Chami\HTML-Kit\unins000.exe"
Intellisync® for Yahoo!-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{395131D0-71C3-4411-8DDD-84E7A4EC8754}\Setup.exe" -l0x9 YahooUninstall2
Inter-Tel Collaboration Client 2.0-->MsiExec.exe /X{04f6ffea-6702-11dc-8314-0800200c9a66}
InterVideo WinDVD-->"D:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KeePass Password Safe 2.07 Beta-->"D:\Program Files\KeePass Password Safe 2\unins000.exe"
Keynote Connector-->D:\WINDOWS\DOWNLO~1\CONNEC~2.EXE /Uninstall
Last.fm 1.5.4.24567-->"D:\Program Files\Last.fm\unins000.exe"
LightScribe Applications-->MsiExec.exe /X{06B7F0D8-2421-4267-AFA8-ADA99A498ACA}
Malwarebytes' Anti-Malware-->"D:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manual CanoScan 3000,3000F-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{E088AC54-7379-4C8F-A8B6-D2381E5A1172}\setup.exe" -l0x9
MasterMine v5.0 for GoldMine-->MsiExec.exe /X{2B11E976-93A2-424D-8B41-88A17E03E0AE}
MetaFrame Presentation Server Web Client for Win32-->D:\WINDOWS\system32\ctxsetup.exe /uninst D:\PROGRA~1\Citrix\icaweb32\uninst.inf
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP-->"D:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Device Emulator version 1.0 - ENU-->MsiExec.exe /X{78B75C6D-E53C-424C-BF83-4B63BD4A6682}
Microsoft Internationalized Domain Names Mitigation APIs-->"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"D:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90A40409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Live Meeting 2005-->MsiExec.exe /I{5E82BAA1-1036-4B61-BB3B-4D3034270DB5}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{E3CD4EA8-68BB-46E8-9E79-20A417A82C53}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"D:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Analysis Services-->MsiExec.exe /I{8ABF8FEB-ABB0-40DC-9945-85AF36EF30A9}
Microsoft SQL Server 2005 Backward compatibility-->MsiExec.exe /I{96327C3C-96BE-4C7A-A6F7-A71635E5949A}
Microsoft SQL Server 2005 Books Online (English)-->MsiExec.exe /I{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}
Microsoft SQL Server 2005 Integration Services-->MsiExec.exe /I{EE8CFFD9-6E29-4DC3-A967-7348D5F41F44}
Microsoft SQL Server 2005 Notification Services-->MsiExec.exe /I{37E9AD9F-3217-4229-B5A5-7A0C82364C6C}
Microsoft SQL Server 2005 Reporting Services-->MsiExec.exe /I{E930E839-998E-42F9-97E2-71FC960DB1B7}
Microsoft SQL Server 2005 Tools-->MsiExec.exe /I{1DD463C0-A50A-4394-B7E4-5895C02F9E0D}
Microsoft SQL Server 2005-->"d:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005-->MsiExec.exe /I{130A3BE1-85CC-4135-8EA7-5A724EE6CE2C}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{1CBE3804-20DF-48DA-B048-895C206E80A5}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"D:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Virtual Server 2005 R2 SP1-->MsiExec.exe /I{84FAA867-8743-44C3-B22E-B5A152456D77}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual Studio 2005 Premier Partner Edition - ENU-->MsiExec.exe /I{C25EF637-BE7A-4761-9B45-9069989C319F}
Microsoft Visual Studio 2005 Tools for Office Runtime-->MsiExec.exe /X{388E4B09-3E71-4649-8921-F44A3A2954A7}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Motorola Driver Installation-->MsiExec.exe /I{9579E862-5FC7-4337-B1CC-5E37451524C5}
Mozilla Firefox (2.0.0.13)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multitrack Stopwatch-->D:\WINDOWS\IsUninst.exe -f"D:\Program Files\Multitrack Stopwatch\Uninst.isu" -c"D:\Program Files\Multitrack Stopwatch\setupsub.dll"
MUSICMATCH Jukebox-->D:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.exe
muvee autoProducer 4.0 - SE-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
My Drivers 3.11-->D:\PROGRA~1\MYDRIV~1\UNWISE.EXE D:\PROGRA~1\MYDRIV~1\INSTALL.LOG
Nero 7 Essentials-->MsiExec.exe /X{E11BD6A7-5046-4D25-ABCB-386A54F71033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Notepad++-->D:\Program Files\Notepad++\uninstall.exe
Nullsoft Install System-->"D:\Program Files\NSIS\uninst-nsis.exe"
Oilcap Pro 3.0-->"D:\Program Files\Solsoft\Oilcap Pro\unins000.exe"
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
Photodex Presenter-->D:\Program Files\Photodex Presenter\uninst.exe
Picasa 3-->"D:\Program Files\Google\Picasa3\Uninstall.exe"
proDAD Heroglyph 2.5-->"D:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
ProShow Gold-->D:\Program Files\Photodex\ProShowGold\proshow.exe . -u
PWGen 1.4-->"D:\Program Files\PWGen\unins000.exe"
Quick Launch Buttons 5.20 D2-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickBooks Pro Edition 2003-->D:\Program Files\Installshield Installation Information\{237a4b22-78c2-11d6-a394-00104bd190b1}\QBReplace.exe {237a4b22-78c2-11d6-a394-00104bd190b1}#{AD46C591-FB19-11D5-A316-00104BD190B1}
Quicken Home & Business 99-->D:\WINDOWS\IsUninst.exe -fD:\QUICKENW\Uninst.isu
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RAPID (Studio 10)-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Rollem 2.1b-->"D:\Program Files\Solsoft\Rollem\unins000.exe"
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
SecondLife (remove only)-->"D:\Program Files\SecondLife\uninst.exe"
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"D:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"D:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"D:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"D:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"D:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"D:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"D:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"D:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"D:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"D:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"D:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"D:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"D:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"D:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"D:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"D:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"D:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"D:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"D:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"D:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"D:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"D:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"D:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"D:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"D:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"D:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"D:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"D:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"D:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"D:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"D:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"D:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"D:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartSound Quicktracks Plugin-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Soft Data Fax Modem with SmartCP-->D:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378\HXFSETUP.EXE -U -Icpl309bk.inf
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicAC3Encoder-->MsiExec.exe /I{52FBAE98-D389-4281-8C14-21B4046CCB4E}
SonicMPEGEncoder-->MsiExec.exe /I{B16AF568-A644-483C-A6DA-5028CD019C8C}
SonicWALL Global VPN Client 4.0.0.835-->D:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe -runfromtemp -l0x0009 -FromCPL -removeonly
SonicWALL SSL-VPN NetExtender-->D:\Program Files\SonicWALL\SSL-VPN\NetExtender\uninst.exe
SQLXML4-->MsiExec.exe /I{8C62A94B-4AB6-485F-A111-93056684D340}
Startup Monitor 1.0-->"D:\Program Files\Startup Inspector for Windows\Startup Monitor\unins000.exe"
Stellarium 0.8.0-->"D:\Program Files\Stellarium\unins000.exe"
Studio 10 Bonus DVD-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{6A012D9C-2E2E-405A-B87C-E909F5297C3F}\Setup.exe" -l0x9 UNINSTALL
Studio 10-->RunDll32 D:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "D:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup2.exe" -l0x9 UNINSTALL
Synaptics Pointing Device Driver-->rundll32.exe "D:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->D:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{FF6F491D-BC82-4DCC-A72F-1824957C6466} /l1033
The GIMP 2.2.3-->"D:\Program Files\GIMP-2.2\unins000.exe"
TopStyle Lite (Version 3.0)-->D:\WINDOWS\unlite3.exe "D:\Program Files\Bradbury\TopStyle3"
Trillian-->D:\Program Files\Trillian\Trillian.exe /uninstall
TrueCrypt-->"D:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
TurboTax 2008 winiper-->MsiExec.exe /I{010F7E2B-9ACA-4D31-B87C-09EC5CC8D3F1}
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerProgramHelp-->MsiExec.exe /I{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}
TurboTax 2008 WinPerReleaseEngine-->MsiExec.exe /I{88214092-836F-4E22-A5AC-569AC9EE6A0F}
TurboTax 2008 WinPerTaxSupport-->MsiExec.exe /I{B23726CF-68BF-41A6-A4EB-72F12F87FE05}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wrapper-->MsiExec.exe /I{B1DB1AD8-C07E-4052-81A1-D2930232BA70}
TurboTax 2008-->D:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
Tweak UI-->D:\WINDOWS\rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 D:\WINDOWS\Inf\Tweakui.Inf
Uninstall Startup Inspector-->"D:\Program Files\Startup Inspector for Windows\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update for Windows Internet Explorer 8 (KB968220)-->"D:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB910393)-->"D:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"D:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"D:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"D:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"D:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"D:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Virtual Earth 3D (Beta)-->MsiExec.exe /I{619B8475-0F48-41B7-A370-5147F7092989}
Visual Studio 2005 Tools for Office Second Edition Runtime-->d:\Program Files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
VMware Server-->MsiExec.exe /I{FEE84D71-7FF0-46C1-AED4-1BD821D53A9F}
VNC Free Edition 4.1.1-->"D:\Program Files\RealVNC\VNC4\unins000.exe"
WebEx-->D:\WINDOWS\DOWNLO~1\atcliun.exe
Winamp-->"D:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)-->rundll32.exe D:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage D:\WINDOWS\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf
Windows Imaging Component-->"D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Internet Explorer 7-->"D:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"D:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"D:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"D:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"D:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"D:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"D:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB894553-->D:\WINDOWS\$NtUninstallKB894553$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB908250-->"D:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"D:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
X-Lite 3.0-->"D:\Program Files\CounterPath\X-Lite\unins000.exe"
X-Lite 3.0-->"D:\Program Files\CounterPath\X-Lite\unins001.exe"
XML Notepad 2007-->MsiExec.exe /I{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}
Yahoo! Autosync-->MsiExec.exe /X{98B672F2-857C-4CC9-A25D-6B218077F4F6}
Yahoo! Messenger-->D:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U D:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

O1 - Hosts: 209.44.111.57 www.inetavirus.com [2009-07-09]
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') [2009-07-09]
O1 - Hosts: 209.44.111.57 inetavirus.com [2009-07-09]
O20 - AppInit_DLLs: ,D:\DOCUME~1\PATPAW~1\LOCALS~1\Temp\105285593828mxx.dll [2009-07-09]
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) [2009-07-09]
O1 - Hosts: 209.44.111.57 security.microsoft.com [2009-07-09]
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') [2009-07-09]
O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - D:\Documents and Settings\patpawlowski\Application Data\Messenger\Drivers\MsgUpdate.dll (file missing) [2009-07-09]
O18 - Filter hijack: text/html - {880799af-5422-4a52-8702-3a0d10ebe52f} - D:\WINDOWS\system32\mst122.dll [2009-07-09]
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - D:\WINDOWS\system32\msxml71.dll [2009-07-11]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll [2009-07-11]
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2009-07-11]
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-11]
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-07-11]
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-11]
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-07-11]
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-11]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing) [2009-07-11]
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 [2009-07-11]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200 [2009-07-11]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe [2009-07-11]
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop [2009-07-11]
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM) [2009-07-11]
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) [2009-07-11]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab [2009-07-11]
O15 - Trusted Zone: http://*.mcafee.com (HKLM) [2009-07-11]
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM) [2009-07-11]
O15 - Trusted IP range: http://207.145.33.201 [2009-07-11]
O15 - Trusted IP range: http://66.239.192.230 [2009-07-11]
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM) [2009-07-11]
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM) [2009-07-11]
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM) [2009-07-11]
O15 - Trusted IP range: http://192.168.0.100 [2009-07-11]
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM) [2009-07-11]
O16 - DPF: {0FAA926E-2AF4-11D3-9995-00A0CC3A27A9} (ProtoView ComboBox Control) - http://cams/ecams/pvcombo.cab [2009-07-11]
O16 - DPF: {1BB282C4-2CB9-11D0-ADA6-00400520799C} (ProtoView Button Control) - http://cams/ecams/pvbutton.cab [2009-07-11]
O16 - DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} (XTSAC Control) - https://98.172.22.98/XTSAC.cab [2009-07-11]
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab [2009-07-11]
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://vmi-moss/projectserver/objects/pjclient.cab [2009-07-11]
O16 - DPF: {4AA2F030-DB04-47EE-B0CB-7DE0DF47D5F6} (axCEExport.trsExport) - http://cams/ecams/axCEExport.CAB [2009-07-11]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230998804504 [2009-07-11]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230998787572 [2009-07-11]
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://salesteam.com/NELX.cab [2009-07-11]
O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://cams/crystalreportviewers115/Active...tiveXViewer.cab [2009-07-11]
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://salesteam.com/msrdp.cab [2009-07-11]
O16 - DPF: {7667BA0B-72B6-11D3-8896-0020781534B9} (Lincoln Messaging Control) - http://cams/ecams/lincoln.cab [2009-07-11]
O16 - DPF: {76850F2A-FCAA-454F-82D3-BD46CB186EF5} (IEGCtrl Class) - http://www.salesteam.com/marriottexecustay/ggw-activex.cab [2009-07-11]
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://vmi-moss/projectserver/objects/1033/pjcintl.cab [2009-07-11]
O16 - DPF: {B283E20C-2CB3-11D0-ADA6-00400520799C} (ProtoView Progress Bar) - http://cams/ecams/pvprgbar.cab [2009-07-11]
O16 - DPF: {B8C0306D-37BF-44F5-8E90-6FC3E4487E9F} (xWebView Control) - http://10.1.0.29/template/xWebView.cab [2009-07-11]
O16 - DPF: {C2000000-FFFF-1100-8100-000000000004} (ProtoView Currency Control) - http://cams/ecams/pvcurr.cab [2009-07-11]
O16 - DPF: {C2000000-FFFF-1100-8200-000000000004} (ProtoView Numeric Control) - http://cams/ecams/pvnum.cab [2009-07-11]
O16 - DPF: {CC696B63-4159-11D0-BDCB-0020A90B183A} (ProtoView Date Edit Control) - http://cams/ecams/pvdatecal.cab [2009-07-11]
O16 - DPF: {D3CCEFAF-8EE1-40FE-BE25-366E2B016DAB} (Microsoft Virtual Server VMRC Control) - http://vmi-pat-laptop/VirtualServer/active...tiveXClient.cab [2009-07-11]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://frontrange.webex.com/client/T26L/event/ieatgpc.cab [2009-07-11]
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - D:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-07-11]
O20 - Winlogon Notify: avgrsstarter - D:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-07-11]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll [2009-07-11]
O18 - Filter hijack: text/html - {880799af-5422-4a52-8702-3a0d10ebe52f} - D:\WINDOWS\system32\mst122.dll [2009-07-11]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [2009-07-11]
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - D:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-07-11]
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-11]
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-11]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL [2009-07-11]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-11]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-11]

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: VMI-PAT-LAPTOP
Event Code: 256
Message: Timed out sending notification of device interface change to window of "SAS window"

Record Number: 26569
Source Name: PlugPlayManager
Time Written: 20090707094819.000000-240
Event Type: warning
User:

Computer Name: VMI-PAT-LAPTOP
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 26568
Source Name: Ftdisk
Time Written: 20090707094749.000000-240
Event Type: warning
User:

Computer Name: VMI-PAT-LAPTOP
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 26567
Source Name: Ftdisk
Time Written: 20090707094749.000000-240
Event Type: warning
User:

Computer Name: VMI-PAT-LAPTOP
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 26566
Source Name: Ftdisk
Time Written: 20090707094749.000000-240
Event Type: warning
User:

Computer Name: VMI-PAT-LAPTOP
Event Code: 57
Message: The system failed to flush data to the transaction log. Corruption may occur.

Record Number: 26565
Source Name: Ftdisk
Time Written: 20090707094749.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: VMI-PAT-LAPTOP
Event Code: 5541
Message: Virtual machine posted dialog: C:\Virtual Machines\IISnSQL\Windows Server 2003 Enterprise Edition.vmx

The network bridge on device VMnet0 is temporarily down because the bridged Ethernet interface is down. The virtual machine may not be able to communicate with the host or with other machines on your network.


Record Number: 133523
Source Name: VMware Server
Time Written: 20090613072850.000000-240
Event Type: warning
User:

Computer Name: VMI-PAT-LAPTOP
Event Code: 5541
Message: Virtual machine posted dialog: C:\Virtual Machines\IISnSQL\Windows Server 2003 Enterprise Edition.vmx

The network bridge on device VMnet0 is temporarily down because the bridged Ethernet interface is down. The virtual machine may not be able to communicate with the host or with other machines on your network.


Record Number: 133522
Source Name: VMware Server
Time Written: 20090613072819.000000-240
Event Type: warning
User:

Computer Name: VMI-PAT-LAPTOP
Event Code: 1517
Message: Windows saved user VMI-PAT-LAPTOP\patpawlowski registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 133374
Source Name: Userenv
Time Written: 20090610173453.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: VMI-PAT-LAPTOP
Event Code: 5000
Message: EventType clr20r3, P1 outlook.exe, P2 12.0.6316.5000, P3 4833a470, P4 mscorlib, P5 2.0.0.0, P6 492b834a, P7 343f, P8 21c, P9 system.io.ioexception, P10 NIL.

Record Number: 133364
Source Name: Microsoft Office 12
Time Written: 20090610153749.000000-240
Event Type: error
User:

Computer Name: VMI-PAT-LAPTOP
Event Code: 5000
Message: EventType clr20r3, P1 outlook.exe, P2 12.0.6316.5000, P3 4833a470, P4 mscorlib, P5 2.0.0.0, P6 492b834a, P7 343f, P8 21c, P9 system.io.ioexception, P10 NIL.

Record Number: 133363
Source Name: .NET Runtime 2.0 Error Reporting
Time Written: 20090610153738.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;D:\Program Files\ATI Technologies\ATI Control Panel;D:\Program Files\GoldMine\Outlook\;D:\Program Files\Common Files\GTK\2.0\bin;C:\goldmine70\;c:\VMIGoldMine\Gold\Outlook\;C:\VMIGoldMine\Gold\;D:\Program Files\Microsoft SQL Server\80\Tools\Binn\;D:\Program Files\Microsoft SQL Server\90\DTS\Binn\;D:\Program Files\Microsoft SQL Server\90\Tools\binn\;D:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\;D:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\;D:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=D:\Program Files\Common Files\Sonic Shared\Sonic Central\
"lib"=D:\Program Files\SQLXML 4.0\bin\
"CLASSPATH"=.;D:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=D:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by syler, 28 July 2009 - 01:04 PM.
Remove attached posts


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:08 AM

Posted 28 July 2009 - 01:05 PM

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#7 Patrick Pawlowski

Patrick Pawlowski
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:08 PM

Posted 29 July 2009 - 03:11 PM

I was hoping to avoid reformatting but I will do so. I know it's the best thing to do but dread going through it. I have no problem reformatting I set up machines almost daily but mine is highly customized and I dread reconfiguring everything.

thanks much for you help though.

-pat

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:08 AM

Posted 29 July 2009 - 07:27 PM

I think it is the best option, thanks for letting me no :thumbup2:


Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users