Hi aommaster, thanks for your response.
As requested logs to follow:
Logfile of random's system information tool 1.06 (written by random/random)
Run by vikki.latto at 2010-03-01 11:43:26
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (45%) free of 76 GB
Total RAM: 1023 MB (32% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43:38, on 01/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Emerson VPN Client\cvpnd.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\Program Files\iPass\iPassConnect ERAS\iPassPeriodicUpdateService.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\PIPC\BIN\pilogsrv.exe
C:\Program Files\PIPC\BIN\pinetmgr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\PIPC\BIN\pimsgss.exe
C:\Program Files\iPass\iPassConnect ERAS\iPassPeriodicUpdateApp.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office Communicator\communicator.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\vikki.latto\Desktop\RSIT.exe
C:\Program Files\trend micro\vikki.latto.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://portal.metco-uk.com/default.aspxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 172.26.58.225 Europisrv1
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Emerson VPN Client.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://portal.metco-uk.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emrsn.org
O17 - HKLM\Software\..\Telephony: DomainName = emrsn.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emrsn.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emrsn.org
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: PI-Buffer Server (bufserv) - OSI Software Inc. - C:\Program Files\PIPC\BIN\bufserv.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Emerson VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Emerson VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect ERAS\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect ERAS\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect ERAS\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: PIPC Log Server (pilogsrv) - OSI Software - C:\Program Files\PIPC\BIN\pilogsrv.exe
O23 - Service: PI Message Subsystem (pimsgss) - OSI Software, Inc. - C:\Program Files\PIPC\BIN\pimsgss.exe
O23 - Service: PI Network Manager (pinetmgr) - OSI Software, Inc. - C:\Program Files\PIPC\BIN\pinetmgr.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 11155 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-19 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-19 73728]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-07-06 344064]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2005-10-07 176128]
"IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2007-02-21 819200]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2007-02-21 970752]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2007-05-14 1191936]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-03-16 115560]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-12-19 149280]
"Communicator"=C:\Program Files\Microsoft Office Communicator\communicator.exe [2008-12-16 5160288]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-11-10 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-23 2001648]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Emerson VPN Client.lnk - C:\WINDOWS\Installer\{4C271126-C295-4828-A901-5910AE0C258B}\Icon3E5562ED7.ico
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-07-06 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDesktopCleanupWizard"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator"
"C:\Program Files\LANDesk\Shared Files\residentagent.exe"="C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\cba\pds.exe"="C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service"
"C:\WINDOWS\system32\msgsys.exe"="C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service"
"C:\Program Files\LANDesk\LDClient\issuser.exe"="C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent"
"C:\Program Files\LANDesk\LDClient\tmcsvc.exe"="C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast"
"C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Office Communicator"
"C:\Program Files\LANDesk\Shared Files\residentagent.exe"="C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk® Management Agent"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##gbabz-fs1#Central]
shell\AutoRun\command - F:\RECYCLER\recycld.exe
shell\open\command - F:\RECYCLER\recycld.exe
======List of files/folders created in the last 1 months======
2010-03-01 11:43:26 ----D---- C:\rsit
2010-03-01 11:43:26 ----D---- C:\Program Files\trend micro
2010-02-26 15:33:09 ----D---- C:\Program Files\Common Files\Adobe
2010-02-26 15:32:35 ----SHD---- C:\Config.Msi
2010-02-26 11:53:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-26 11:53:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-25 14:34:00 ----D---- C:\Program Files\TrendMicro
2010-02-25 12:24:26 ----D---- C:\WINDOWS\LMI11.tmp
2010-02-25 10:29:38 ----D---- C:\Documents and Settings\vikki.latto\Application Data\Malwarebytes
2010-02-25 10:29:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-25 10:29:05 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-02-25 10:28:21 ----D---- C:\Documents and Settings\vikki.latto\Application Data\Sunbelt
2010-02-25 10:27:56 ----D---- C:\Documents and Settings\All Users\Application Data\Sunbelt
2010-02-25 10:22:31 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-02-22 13:54:27 ----A---- C:\WINDOWS\system32\wmpns.dll
2010-02-22 13:45:36 ----A---- C:\WINDOWS\system32\_000006_.tmp.dll
2010-02-22 13:45:27 ----A---- C:\WINDOWS\system32\_000012_.tmp.dll
2010-02-22 13:45:27 ----A---- C:\WINDOWS\_000013_.tmp.dll
2010-02-22 13:45:27 ----A---- C:\WINDOWS\_000004_.tmp.dll
2010-02-22 13:45:22 ----A---- C:\WINDOWS\system32\_000005_.tmp.dll
2010-02-22 13:45:22 ----A---- C:\WINDOWS\_000006_.tmp.dll
2010-02-22 13:45:21 ----A---- C:\WINDOWS\_000011_.tmp.dll
2010-02-22 13:45:20 ----A---- C:\WINDOWS\system32\_000019_.tmp.dll
2010-02-22 13:45:20 ----A---- C:\WINDOWS\system32\_000008_.tmp.dll
2010-02-22 13:45:20 ----A---- C:\WINDOWS\_000020_.tmp.dll
2010-02-22 13:45:20 ----A---- C:\WINDOWS\_000009_.tmp.dll
2010-02-22 13:45:18 ----A---- C:\WINDOWS\_000067_.tmp.dll
2010-02-22 13:45:15 ----A---- C:\WINDOWS\system32\_000010_.tmp.dll
2010-02-22 13:45:15 ----A---- C:\WINDOWS\system32\_000009_.tmp.dll
2010-02-22 13:45:15 ----A---- C:\WINDOWS\system32\_000007_.tmp.dll
2010-02-22 13:45:15 ----A---- C:\WINDOWS\_000008_.tmp.dll
2010-02-22 13:45:15 ----A---- C:\WINDOWS\_000002_.tmp.dll
2010-02-22 13:45:11 ----A---- C:\WINDOWS\system32\_000054_.tmp.dll
2010-02-22 13:45:11 ----A---- C:\WINDOWS\_000055_.tmp.dll
2010-02-22 13:45:10 ----A---- C:\WINDOWS\system32\_000004_.tmp.dll
2010-02-22 13:45:10 ----A---- C:\WINDOWS\_000005_.tmp.dll
2010-02-22 13:44:49 ----A---- C:\WINDOWS\system32\gpprefcl.dll
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\WsmWmiPl.dll
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\WsmSvc.dll
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\WsmRes.dll
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\WsmAuto.dll
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\wsmanhttpconfig.exe
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\winrssrv.dll
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\winrsmgr.dll
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\winrshost.exe
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\winrscmd.dll
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\winrs.exe
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\winrm.vbs
2010-02-22 13:44:45 ----A---- C:\WINDOWS\system32\winrm.cmd
2010-02-22 13:44:44 ----A---- C:\WINDOWS\system32\wsmprovhost.exe
2010-02-22 13:44:44 ----A---- C:\WINDOWS\system32\wsmplpxy.dll
2010-02-22 13:44:44 ----A---- C:\WINDOWS\system32\winrmprov.dll
2010-02-22 13:44:44 ----A---- C:\WINDOWS\system32\wevtfwd.dll
2010-02-22 13:44:44 ----A---- C:\WINDOWS\system32\pwrshplugin.dll
2010-02-22 13:44:30 ----A---- C:\WINDOWS\system32\wksprtPS.dll
2010-02-22 13:44:30 ----A---- C:\WINDOWS\system32\wksprt.exe
2010-02-22 13:44:30 ----A---- C:\WINDOWS\system32\TSWbPrxy.exe
2010-02-22 13:44:30 ----A---- C:\WINDOWS\system32\MsRdpWebAccess.dll
2010-02-22 13:43:51 ----HD---- C:\ErdUndoCache
2010-02-22 09:13:30 ----D---- C:\VIPRERESCUE
2010-02-22 09:09:19 ----D---- C:\WINDOWS\pss
2010-02-17 16:54:06 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-17 16:53:37 ----DC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-17 16:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-02-17 16:53:07 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2010-02-17 16:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-02-17 16:51:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-02-17 16:49:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-17 16:49:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969084$
2010-02-17 16:48:59 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-17 16:48:53 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-02-17 16:48:21 ----DC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-17 16:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-17 16:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-02-17 16:47:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-02-17 16:47:10 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-02-17 16:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-02-17 16:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971513$
2010-02-17 16:46:43 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-17 16:46:06 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-02-17 16:45:59 ----DC---- C:\WINDOWS\$968930Uinstall_KB968930$
2010-02-17 16:45:57 ----D---- C:\WINDOWS\$NtUninstallKB968930$
2010-02-17 16:45:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-17 16:45:13 ----DC---- C:\WINDOWS\$NtUninstallKB977165$
2010-02-17 16:45:04 ----DC---- C:\WINDOWS\$NtUninstallKB943729$
2010-02-17 16:44:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-02-05 12:56:28 ----D---- C:\Program Files\MSECache
2010-02-05 12:47:20 ----D---- C:\Program Files\Microsoft Office Communicator
======List of files/folders modified in the last 1 months======
2010-03-01 11:43:38 ----D---- C:\WINDOWS\Temp
2010-03-01 11:43:26 ----RD---- C:\Program Files
2010-03-01 10:44:38 ----A---- C:\WINDOWS\PIPC.INI
2010-03-01 10:09:40 ----D---- C:\WINDOWS\security
2010-03-01 09:15:00 ----D---- C:\Documents and Settings\All Users\Application Data\vulScan
2010-03-01 09:06:08 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-28 22:10:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-26 15:34:23 ----SHD---- C:\WINDOWS\Installer
2010-02-26 15:33:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-26 15:33:09 ----D---- C:\Program Files\Common Files
2010-02-26 15:31:56 ----D---- C:\WINDOWS\system32
2010-02-26 15:28:57 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-26 08:33:09 ----D---- C:\Program Files\SUPERAntiSpyware
2010-02-25 15:30:21 ----D---- C:\WINDOWS
2010-02-25 14:40:35 ----D---- C:\WINDOWS\system32\appmgmt
2010-02-25 11:31:17 ----D---- C:\WINDOWS\system32\drivers
2010-02-25 11:17:52 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-25 11:16:26 ----SD---- C:\WINDOWS\Tasks
2010-02-25 10:32:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-25 10:27:22 ----D---- C:\Program Files\Google
2010-02-25 10:24:41 ----A---- C:\WINDOWS\win.ini
2010-02-25 10:24:41 ----A---- C:\WINDOWS\system.ini
2010-02-25 10:24:41 ----A---- C:\boot.ini
2010-02-25 09:42:17 ----D---- C:\WINDOWS\Prefetch
2010-02-24 08:28:00 ----D---- C:\WINDOWS\system32\wbem
2010-02-24 08:24:55 ----D---- C:\Program Files\Microsoft Silverlight
2010-02-24 08:24:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-24 08:24:54 ----D---- C:\WINDOWS\AppPatch
2010-02-23 16:52:47 ----HD---- C:\WINDOWS\inf
2010-02-23 16:52:46 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-23 16:52:16 ----A---- C:\WINDOWS\imsins.BAK
2010-02-23 16:44:46 ----D---- C:\WINDOWS\system32\en-US
2010-02-23 16:44:46 ----D---- C:\Program Files\Internet Explorer
2010-02-22 13:54:25 ----A---- C:\WINDOWS\OEWABLog.txt
2010-02-22 13:52:37 ----SHD---- C:\System Volume Information
2010-02-22 13:47:14 ----D---- C:\WINDOWS\system32\config
2010-02-22 13:47:09 ----D---- C:\Documents and Settings\vikki.latto\Application Data\ICAClient
2010-02-22 13:47:07 ----D---- C:\Program Files\Emerson VPN Client
2010-02-22 09:52:33 ----D---- C:\WINDOWS\Registration
2010-02-22 09:49:15 ----D---- C:\WINDOWS\system32\Restore
2010-02-20 18:50:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-17 16:54:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-17 16:49:08 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-17 16:49:07 ----RSD---- C:\WINDOWS\assembly
2010-02-17 16:46:16 ----D---- C:\WINDOWS\Help
2010-02-17 16:44:30 ----D---- C:\WINDOWS\WinSxS
2010-02-06 23:42:39 ----A---- C:\WINDOWS\king-uninstall.exe
2010-02-05 12:56:51 ----RSD---- C:\WINDOWS\Fonts
2010-02-05 12:56:46 ----D---- C:\Program Files\Microsoft Office
2010-02-05 12:56:45 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-02-05 12:50:54 ----SD---- C:\Documents and Settings\vikki.latto\Application Data\Microsoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SBRE;SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-03-16 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-03-16 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-03-16 191536]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.6.0.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-30 21425]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 iPassP;iPass Protocol (IEEE 802.1x) v3.7.4.0; C:\WINDOWS\system32\DRIVERS\iPassP.sys [2009-11-30 21393]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2007-02-21 12416]
R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\System32\Drivers\WGX.SYS [2009-03-16 38056]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2005-09-28 113847]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-07-06 1132544]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-08-23 121472]
R3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2008-03-29 125328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2006-04-06 88192]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 ldblank;Screen Blanking driver for Remote Control; C:\WINDOWS\system32\DRIVERS\ldblank.sys [2007-05-30 11904]
R3 ldmirror;ldmirror; C:\WINDOWS\system32\DRIVERS\ldmirror.sys [2007-05-30 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall; C:\WINDOWS\system32\DRIVERS\mirrorflt.sys [2007-05-30 3712]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100228.035\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100228.035\NAVEX15.SYS []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-03-16 27696]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2009-03-16 49536]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w29n51;Intel® PRO/Wireless 2915ABG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2007-02-08 2209408]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-03-16 319792]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2009-03-16 91976]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-07-06 364544]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CBA8;LANDesk® Management Agent; C:\Program Files\LANDesk\Shared Files\residentagent.exe [2009-03-23 155648]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-16 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-16 108392]
R2 CVPND;Emerson VPN Service; C:\Program Files\Emerson VPN Client\cvpnd.exe [2008-04-17 1528608]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-02-21 643072]
R2 Intel Local Scheduler Service;Intel Local Scheduler Service; C:\Program Files\LANDesk\LDClient\LocalSch.EXE [2009-03-10 196608]
R2 Intel PDS;Intel PDS; C:\WINDOWS\system32\CBA\pds.exe [2008-01-29 32825]
R2 Intel Targeted Multicast;LANDesk Targeted Multicast; C:\Program Files\LANDesk\LDClient\tmcsvc.exe [2007-11-30 192512]
R2 iPassPeriodicUpdateService;iPassPeriodicUpdateService; C:\Program Files\iPass\iPassConnect ERAS\iPassPeriodicUpdateService.exe [2008-02-07 98304]
R2 ISSUSER;LANDesk Remote Control Service; C:\PROGRA~1\LANDesk\LDClient\issuser.exe [2009-04-15 406528]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-19 153376]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker; C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe [2009-03-24 139264]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-03-10 322120]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2007-05-14 475136]
R2 pilogsrv;PIPC Log Server; C:\Program Files\PIPC\BIN\pilogsrv.exe [2005-11-17 151552]
R2 pimsgss;PI Message Subsystem; C:\Program Files\PIPC\BIN\pimsgss.exe [2004-11-11 724992]
R2 pinetmgr;PI Network Manager; C:\Program Files\PIPC\BIN\pinetmgr.exe [2005-05-05 798720]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-02-21 327680]
R2 S24EventMonitor;Intel® PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2007-02-21 983040]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-03-16 1799496]
R2 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-03-16 320840]
R2 Softmon;LANDesk® Software Monitoring Service; C:\Program Files\LANDesk\LDClient\softmon.exe [2009-04-08 335872]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-03-16 2440120]
R2 WLANKEEPER;Intel® PROSet/Wireless SSO Service; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2007-02-21 294912]
R3 iPassPeriodicUpdateApp;iPassPeriodicUpdateApp; C:\Program Files\iPass\iPassConnect ERAS\iPassPeriodicUpdateApp.exe [2008-02-07 155648]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 bufserv;PI-Buffer Server; C:\Program Files\PIPC\BIN\bufserv.exe [2005-11-17 393216]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPassConnectEngine;iPassConnectEngine; C:\Program Files\iPass\iPassConnect ERAS\iPassConnectEngine.exe [2008-02-07 1687552]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-12-10 3093880]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-03-10 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2010-03-01 11:43:40
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}
Acrobat.com-->MsiExec.exe /I{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Gigabit Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Emerson VPN Client-->MsiExec.exe /X{4C271126-C295-4828-A901-5910AE0C258B}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB969084)-->"C:\WINDOWS\$NtUninstallKB969084$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
iPassConnect 3.60 EN-->Wscript.exe C:\WINDOWS\INS\AddRemoveMsg.vbs
iPassConnect ERAS-->"C:\Program Files\InstallShield Installation Information\{AB6FFA58-F491-11D3-8951-000000015799}\Setup.exe" -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
LANDesk Advance Agent-->MsiExec.exe /I{7E8833A1-AF24-4CAE-82DF-CFE14C14B94D}
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mathcad 14.0 M011 Help-->MsiExec.exe /I{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}
Mathcad 14.0 M011 Resource Center-->MsiExec.exe /I{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}
Mathcad 14.0 M011-->MsiExec.exe /I{CB220938-2571-4030-AB7B-A1C38A4866FF}
mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Communicator 2007 R2-->MsiExec.exe /X{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg-->MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MsOfficeCommunicator2007R2-EN-->Wscript.exe C:\WINDOWS\INS\AddRemoveMsg.vbs
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI-->MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PI DataLink 3.1.5-->MsiExec.exe /I{61298418-C1F5-400D-843A-903598CCC60A}
PI ProcessBook 3.0.15.2-->MsiExec.exe /I{855A0CC6-B710-49F5-98AE-C7BF6E7C8DF5}
PI ProcessBook SVG Add-In 3.0.0.21-->MsiExec.exe /I{7204A268-C827-4D89-B34A-1046A9580C58}
PI Software Development Kit (PI-SDK)-->MsiExec.exe /I{33B43291-29C7-4C0A-8678-D96E56F7C630}
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Symantec Endpoint Protection-->MsiExec.exe /I{C1B0BDC8-0624-4036-90D1-F7DF0EE8C96D}
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\Program Files\InstallShield Installation Information\{0E0479F8-180F-4054-B4F7-17EE657F90BF}\setup.exe -runfromtemp -l0x0409
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell 1.0 MUI pack-->"C:\WINDOWS\$NtUninstallKB926141$\spuninst\spuninst.exe"
Windows PowerShell 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
======Hosts File======
172.26.58.225 Europisrv1
======Security center information======
AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection
======System event log======
Computer Name: GBABZ-LT24
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.
Record Number: 98
Source Name: BTHUSB
Time Written: 20091130150356.000000+000
Event Type: warning
User:
Computer Name: GBABZ-LT24
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.
Record Number: 81
Source Name: BTHUSB
Time Written: 20091130150235.000000+000
Event Type: warning
User:
Computer Name: GBABZ-LT24
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.
Record Number: 60
Source Name: BTHUSB
Time Written: 20091130150039.000000+000
Event Type: warning
User:
Computer Name: GBABZ-LT24
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.
Record Number: 11
Source Name: BTHUSB
Time Written: 20091130114652.000000+000
Event Type: warning
User:
Computer Name: MACHINENAME
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.
Record Number: 4
Source Name: BTHUSB
Time Written: 20091130112428.000000+000
Event Type: warning
User:
=====Application event log=====
Computer Name: GBABZ-LT24
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.
Record Number: 15
Source Name: WinMgmt
Time Written: 20091130113537.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: GBABZ-LT24
Event Code: 5603
Message: A provider, Rsop Planning Mode Provider, has been registered in the WMI namespace, root\RSOP, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.
Record Number: 14
Source Name: WinMgmt
Time Written: 20091130113537.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: GBABZ-LT24
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 13
Source Name: WinMgmt
Time Written: 20091130113536.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: GBABZ-LT24
Event Code: 63
Message: A provider, CmdTriggerConsumer, has been registered in the WMI namespace, Root\cimv2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 12
Source Name: WinMgmt
Time Written: 20091130113536.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: GBABZ-LT24
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 11
Source Name: WinMgmt
Time Written: 20091130113535.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"_NT_SYMBOL_PATH"=%SystemRoot%\symbols;%SystemRoot%\symbols\dll
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"LDMS_LOCAL_DIR"=C:\Program Files\LANDesk\LDClient\Data
-----------------EOF-----------------
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-03-01 13:58:20
Windows 5.1.2600 Service Pack 3
Running: u220804d.exe; Driver: C:\DOCUME~1\VIKKI~1.LAT\LOCALS~1\Temp\pgtorpoc.sys
---- System - GMER 1.0.15 ----
SSDT 86588FD0 ZwAlertResumeThread
SSDT 8659A0B0 ZwAlertThread
SSDT 86431B50 ZwAllocateVirtualMemory
SSDT 865D55B8 ZwConnectPort
SSDT 866843F8 ZwCreateMutant
SSDT 8654B108 ZwCreateThread
SSDT 863A0A88 ZwFreeVirtualMemory
SSDT 865887E0 ZwImpersonateAnonymousToken
SSDT 86588EF8 ZwImpersonateThread
SSDT 86708ED8 ZwMapViewOfSection
SSDT 86588708 ZwOpenEvent
SSDT 86679598 ZwOpenProcessToken
SSDT 863A8A90 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF76B0840]
SSDT 865CEE70 ZwResumeThread
SSDT 865AEEA8 ZwSetContextThread
SSDT 86266A88 ZwSetInformationProcess
SSDT 862F6A90 ZwSetInformationThread
SSDT 86597160 ZwSuspendProcess
SSDT 865A17B8 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xED9710B0]
SSDT 865ACE30 ZwTerminateThread
SSDT 865A03E8 ZwUnmapViewOfSection
SSDT 86686658 ZwWriteVirtualMemory
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\BTHUSB \Device\000000b0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000b0 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F744FB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort0 [F744FB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [F744FB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F744FB3A] atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000ae bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000ae bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device BA367D20
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164119e45a
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00164119e45a (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\vikki.latto\Cookies\vikki.latto@bleepingcomputer[2].txt 0 bytes
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----
Hope you can help
Regards
Martin