PDA

View Full Version : trojan win32.agent.xxx and possibly others



compsrdumb
2008-10-31, 11:07
Hi there
we're having problems with our office computers being infected by one (ore more) :spider:s copying themsleve(s) to our usb thumbdrives. They create executables named like folders originally on the drives (and settingg the original ones to "inivisible") AND/OR creating a "notepad.exe", both of which having a "folder" symbol, not the "executable" symbol.

kaspersky online scanner defined them as

win32.agent.something
and
win32.VB.something

SpybotS&D does not recognize them, Symantec anti Virus recognizes them but can't get rid of them. I tried to delete them by hand, then, I ran malwarebytes anti-malware , it sez:


Malwarebytes' Anti-Malware 1.30
Database version: 1341
Windows 5.1.2600 Service Pack 2

10/31/2008 11:58:52 AM
mbam-log-2008-10-31 (11-58-52).txt

Scan type: Quick Scan
Objects scanned: 57560
Time elapsed: 6 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.



this is the latest HJT logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:54 PM, on 10/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Altiris\AClient\AClntUsr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.murdoch.edu.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.murdoch.edu.au/autocache
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Bginfo.lnk = C:\bginfo\Bginfo.exe (User 'Default user')
O4 - Startup: Bginfo.lnk = C:\bginfo\Bginfo.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: maps.google.com.au
O15 - Trusted Zone: dms3.murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = ad.murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C046DC1-C235-4D31-9BF8-3B635293FE17}: Domain = ad.murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C046DC1-C235-4D31-9BF8-3B635293FE17}: NameServer = 134.115.253.11,134.115.253.10
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll
O20 - AppInit_DLLs: AMINIT.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

--
End of file - 11092 bytes


now what's next?

thanks so far
Chris

Blade81
2008-10-31, 17:24
Hello again Chris :)


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report and continue with RSIT below.


Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

compsrdumb
2008-11-03, 04:23
Alright, I used ATF and ran RSIT :


Logfile of random's system information tool 1.04 (written by random/random)
Run by Local1 at 2008-11-03 10:14:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 29 GB (75%) free of 38 GB
Total RAM: 1014 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:09 AM, on 3/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Local1\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Local1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.murdoch.edu.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.murdoch.edu.au/autocache
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193385769515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193385536218
O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} (JInitiator 1.3.1.23) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = ad.murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D7A313-76D7-4A8E-B83D-EFCAB1F28F4B}: Domain = murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D7A313-76D7-4A8E-B83D-EFCAB1F28F4B}: NameServer = 134.115.253.11,134.115.253.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C3BCC4-67E1-42CE-A2FC-B716EA1B12C5}: Domain = ad.murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C3BCC4-67E1-42CE-A2FC-B716EA1B12C5}: NameServer = 134.115.253.10,134.115.253.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll
O20 - AppInit_DLLs: AMINIT.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 9401 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-06-15 124656]
"AeXAgentLogon"=C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [2008-05-12 143360]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"AClntUsr"=C:\Program Files\Altiris\AClient\AClntUsr.EXE [2008-10-31 184320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" AMINIT.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0
"DisableStatusMessages"=0
"RunLogonScriptSync"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{210b59be-53d1-11dd-8ed8-0011430037b0}]
shell\AutoRun\command - MntDrCore.exe
shell\Open\command - MntDrCore.exe
shell\Open With...\command - MntDrCore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c562e8-5d13-11dd-8eda-0011430037b0}]
shell\AutoRun\command - MntDrCore.exe
shell\Open\command - MntDrCore.exe
shell\Open With...\command - MntDrCore.exe


======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 3 months======

2008-11-03 10:07:45 ----D---- C:\rsit
2008-10-31 16:57:15 ----RASHD---- C:\autorun.inf
2008-10-30 15:31:27 ----D---- C:\Program Files\Trend Micro
2008-10-28 12:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-10-24 11:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 18:49:43 ----D---- C:\Documents and Settings\Local1\Application Data\Malwarebytes
2008-10-17 18:49:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-17 18:49:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-17 18:49:27 ----D---- C:\3f1d943467a9625862e5f958608c140c
2008-10-17 17:16:53 ----HD---- C:\WINDOWS\PIF
2008-10-17 14:24:29 ----D---- C:\Program Files\Robotics4
2008-10-17 13:01:10 ----D---- C:\Program Files\Microsoft Office
2008-10-17 13:01:01 ----D---- C:\Program Files\MSECache
2008-10-15 19:07:15 ----D---- C:\WINDOWS\Sun
2008-10-15 19:07:14 ----D---- C:\Documents and Settings\Local1\Application Data\Sun
2008-10-15 11:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 11:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 11:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 11:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 11:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-09 09:40:55 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-08 16:24:06 ----A---- C:\WINDOWS\Vnti40.ini
2008-10-08 16:21:27 ----D---- C:\Documents and Settings\All Users\Application Data\Informax
2008-10-08 16:17:29 ----D---- C:\Program Files\Invitrogen
2008-10-08 16:17:08 ----D---- C:\VNTI Database
2008-10-08 16:16:43 ----D---- C:\Program Files\Common Files\Informax
2008-10-08 16:16:28 ----A---- C:\WINDOWS\system32\roboex32.dll
2008-10-08 16:13:40 ----D---- C:\Program Files\Informax Installations
2008-10-08 16:13:06 ----D---- C:\Program Files\Vector NTI 10 Distributive
2008-10-08 16:12:09 ----A---- C:\WINDOWS\system32\Lpng.dll
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\ZIP32.DLL
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\tlbinf32.DLL
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\regobj.dll
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\gslcblas.DLL
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\gsl.DLL
2008-10-08 16:12:04 ----D---- C:\Program Files\RotorGene 6
2008-09-17 13:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-09-17 13:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-09-17 13:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-09-17 13:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-09-17 13:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-09-17 13:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-09-17 13:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-09-17 13:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-09-17 13:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-09-17 13:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-09-17 13:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB936357-v2$
2008-09-17 13:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB935843$
2008-09-17 13:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-09-16 16:00:03 ----A---- C:\WINDOWS\client.INI
2008-09-11 11:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 11:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 14:28:23 ----A---- C:\WINDOWS\Psapi.Dll
2008-08-25 11:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-25 11:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-25 11:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-25 11:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-25 11:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-25 11:08:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-25 11:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-08-25 11:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-25 11:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-25 11:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-25 11:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-25 11:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-25 11:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-08-25 11:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

======List of files/folders modified in the last 3 months======

2008-11-03 10:07:57 ----D---- C:\WINDOWS\Temp
2008-11-03 10:06:22 ----D---- C:\WINDOWS\Prefetch
2008-11-02 20:40:20 ----D---- C:\WINDOWS\security
2008-11-01 13:00:40 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-31 11:20:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-31 10:22:17 ----HD---- C:\WINDOWS\inf
2008-10-31 10:22:16 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-30 15:31:27 ----RD---- C:\Program Files
2008-10-30 13:01:16 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 10:10:20 ----D---- C:\WINDOWS\system32
2008-10-29 10:10:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-29 10:09:01 ----D---- C:\WINDOWS
2008-10-28 12:01:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-28 12:01:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 11:00:28 ----A---- C:\WINDOWS\imsins.BAK
2008-10-22 12:30:01 ----D---- C:\Documents and Settings
2008-10-21 13:32:08 ----SHD---- C:\RECYCLER
2008-10-19 11:00:24 ----SHD---- C:\WINDOWS\Installer
2008-10-19 11:00:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-17 13:35:04 ----D---- C:\Documents and Settings\Local1\Application Data\Adobe
2008-10-16 01:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 11:03:00 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:02:28 ----A---- C:\WINDOWS\win.ini
2008-10-09 09:40:34 ----SD---- C:\Documents and Settings\Local1\Application Data\Microsoft
2008-10-08 16:16:43 ----D---- C:\Program Files\Common Files
2008-10-07 13:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-04 02:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-17 15:53:28 ----D---- C:\WINDOWS\system32\config
2008-09-16 23:59:32 ----D---- C:\Program Files\Dell
2008-09-16 23:59:25 ----D---- C:\Program Files\Altiris
2008-09-16 15:59:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-11 11:00:54 ----D---- C:\WINDOWS\WinSxS
2008-08-28 17:00:38 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-08-28 17:00:38 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-08-28 08:10:18 ----D---- C:\WINDOWS\Help
2008-08-27 17:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 16:24:29 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 16:24:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 16:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 17:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 17:37:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-25 11:10:13 ----D---- C:\Program Files\Messenger
2008-08-25 11:10:01 ----A---- C:\WINDOWS\vbaddin.ini
2008-08-23 14:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-08-14 18:58:27 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 18:22:14 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CCDevice;CCDevice; C:\WINDOWS\system32\drivers\CCDevice.sys [2005-03-23 9216]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2006-10-27 19968]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AlKernel;Altiris Kernel Driver; C:\WINDOWS\System32\Drivers\AlKernel.sys [2008-11-03 2401]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-07-14 156160]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-02-02 139604]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081102.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081102.004\navex15.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-01-24 12992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-01-24 110784]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-01-24 31936]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081030.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-01-24 28352]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-05 241152]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-03-08 121344]
S3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-23 56576]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-03 209152]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2004-09-17 732928]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Altiris\AClient\AClient.exe [2008-05-22 5169228]
R2 AeXNSClient;Altiris Agent; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2008-05-12 1523712]
R2 CarbonCopy32;Altiris Carbon Copy; C:\WINDOWS\system32\ccsrvc.exe [2005-03-23 65536]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-03-24 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-06-16 1433616]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2007-01-19 239864]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-06-07 87728]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-06-07 173744]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 CarbonCopyScheduler;Carbon Copy Scheduler; C:\WINDOWS\system32\schdsrvc.exe [2005-03-23 274432]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------









and the info.txt:
info.txt logfile of random's system information tool 1.04 2008-11-03 10:07:57

======Uninstall list======

-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{0B073228-62C7-41A6-84EC-9D6DD9A28E4D}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Altiris Application Metering Agent-->MsiExec.exe /I{AFCCB0E5-9D0D-409D-ABE5-C5DE75FBBC82}
Altiris Carbon Copy Solution Agent -->MsiExec.exe /X{BC13AD87-65E7-4963-A2DA-1ED419D3DC34}
Altiris Carbon Copy Solution Agent 6.1-->MsiExec.exe /x {BC13AD87-65E7-4963-A2DA-1ED419D3DC34} /qf
Altiris Software Delivery Solution Agent-->MsiExec.exe /X{A0A1EB01-A6FD-423A-8480-364055A7C961}
Altiris Task Synchronization Agent-->MsiExec.exe /X{2851123E-5786-41BE-A3F1-A9B21E499EEB}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Cisco Systems VPN Client 4.0.4 (D)-->MsiExec.exe /X{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Corbett Robotics CAS Robotics v4.09.01-->"C:\Program Files\Robotics4\unins000.exe"
Dell Client Manager Agent-->MsiExec.exe /X{00293E7E-A756-42B3-A555-202D352A3021}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
DivX-->C:\Program Files\Multimedia\DivX\DivXCodecUninstall.exe /CODEC
EndNote 9.0.1 Volume License Edition-->MsiExec.exe /I{53C020C2-8C1A-11D9-8BDE-F66BAD1E3F3A}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935843)-->"C:\WINDOWS\$NtUninstallKB935843$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB936357-v2)-->"C:\WINDOWS\$NtUninstallKB936357-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
JMP 7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70BA8212-E087-4992-8E65-9BE31944586F}\setup.exe" -l0x9 -removeonly
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaFrame Presentation Server Client-->MsiExec.exe /I{DF1D5FEC-D67C-43C8-9230-41F5DF350196}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Internet\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
Oracle JInitiator 1.3.1.23-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0123-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Real Alternative 1.49-->"C:\Program Files\Multimedia\Real Alternative\unins000.exe"
Rotor-Gene 6.1.93-->"C:\Program Files\RotorGene 6\unins000.exe"
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)-->C:\Program Files\SAS\Shared Files\JRE\1.4.2_09\_uninst\Uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Symantec Client Security-->MsiExec.exe /I{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Unified Messaging for Microsoft Exchange-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Unified Messaging Client\Uninst.isu"
UnitSmartTag-->MsiExec.exe /I{77A9540F-342A-4230-A024-345C1D84B988}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
V10CC-->MsiExec.exe /I{0FC497E5-4EC1-4FE7-98C0-9AF57021F818}
V10CNT-->MsiExec.exe /I{0CDE246F-1197-4374-91BE-1C8927755298}
V10COM-->MsiExec.exe /I{EA19EDB3-DF71-448F-AFBF-1EEB3ACB9B31}
V10DT-->MsiExec.exe /I{81BF6FB0-34E7-4897-A544-61AA6C3B1284}
V10NQ-->MsiExec.exe /I{B017026E-FC02-4CD4-A848-52447D60676B}
V10PFAM-->MsiExec.exe /I{9611D325-5333-4415-8338-CA957D8564D0}
Vector NTI 10-->MsiExec.exe /I{9876E8C6-F8D7-4F43-84D3-B97D177F9466}
ViceVersa Pro 2 (Build 2014)-->"C:\Program Files\ViceVersa Pro 2\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Multimedia\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
XviD Video Codec 30082002-1 (Koepi's build with EPSZ ME)-->"C:\Program Files\Multimedia\XviD\UninstXviD.exe"

======Security center information======

AV: Symantec AntiVirus Corporate Edition
FW: Symantec Client Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Multimedia\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Multimedia\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\Multimedia\QuickTime\QTSystem\QTJava.zip
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------




interestingly, kaspersky would not load as it said java appled was not loaded. this is strange, becaus it was running on that particular machine bevor.
Anyway, I downloaded the latest java (which I learned in this forum is a good thing to do anyway :bigthumb:) and will post the Kaspersky report later!

Chris

Blade81
2008-11-03, 07:34
Ok. Shall wait for your input :)

compsrdumb
2008-11-04, 11:32
Hi,
can't get kaspersky online scanner to run. java console says:

=> MainApplet.init MainApplet.start <=
java.lang.NoClassDefFoundError: com/kaspersky/kosp/common/Trace
at com.kaspersky.kosp.MainApplet.start(MainApplet.java:78)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
java.lang.NoClassDefFoundError: Could not initialize class com.kaspersky.kosp.ReportApplet
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

But finally the IT guys stopped sending us their interns and send somebody over that seemed to know what he was doing and cleared the PC. At this moment there's no sign of the virus... (but for how long ?)

Thanks again for your help, Blade :-)

Blade81
2008-11-04, 12:35
Hi Chris,

If you want you could check what ESET scanner tells :)

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic, along with a new RSIT report.

compsrdumb
2008-11-06, 11:15
here we go:


the ESET online scanner found:


# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3589 (20081106)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=85d6622f2a23104080dd91621bbcbdeb
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-11-06 06:53:33
# local_time=2008-11-06 03:53:33 (+0800, W. Australia Daylight Time)
# country="Australia"
# osver=5.1.2600 NT Service Pack 2
# scanned=271857
# found=0
# scan_time=2034





and RSIT says:


Logfile of random's system information tool 1.04 (written by random/random)
Run by Local1 at 2008-11-06 18:11:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 29 GB (75%) free of 38 GB
Total RAM: 1014 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:11:13 PM, on 6/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Local1\Desktop\protection stuff\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Local1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.murdoch.edu.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.murdoch.edu.au/autocache
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193385769515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1193385536218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSCDL/jdk/6u10/jinstall-6u10-windows-i586-jc.cab?e=1225678752497&h=fa0535bbc5bcdd65d53123c76987b087/&filename=jinstall-6u10-windows-i586-jc.cab
O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} (JInitiator 1.3.1.23) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
O17 - HKLM\Software\..\Telephony: DomainName = ad.murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D7A313-76D7-4A8E-B83D-EFCAB1F28F4B}: Domain = murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D7A313-76D7-4A8E-B83D-EFCAB1F28F4B}: NameServer = 134.115.253.11,134.115.253.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C3BCC4-67E1-42CE-A2FC-B716EA1B12C5}: Domain = ad.murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C3BCC4-67E1-42CE-A2FC-B716EA1B12C5}: NameServer = 134.115.253.10,134.115.253.11
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll
O20 - AppInit_DLLs: AMINIT.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 10313 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-06-15 124656]
"AeXAgentLogon"=C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [2008-05-12 143360]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
"AClntUsr"=C:\Program Files\Altiris\AClient\AClntUsr.EXE [2008-11-04 184320]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-03 136600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" AMINIT.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"disablecad"=0
"DisableStatusMessages"=0
"RunLogonScriptSync"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{210b59be-53d1-11dd-8ed8-0011430037b0}]
shell\AutoRun\command - MntDrCore.exe
shell\Open\command - MntDrCore.exe
shell\Open With...\command - MntDrCore.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c562e8-5d13-11dd-8eda-0011430037b0}]
shell\AutoRun\command - MntDrCore.exe
shell\Open\command - MntDrCore.exe
shell\Open With...\command - MntDrCore.exe


======File associations======

.bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
.ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

======List of files/folders created in the last 3 months======

2008-11-06 15:17:49 ----D---- C:\Program Files\EsetOnlineScanner
2008-11-03 12:28:27 ----D---- C:\Program Files\Common Files\Adobe
2008-11-03 12:28:27 ----D---- C:\Program Files\Adobe
2008-11-03 12:28:18 ----D---- C:\WINDOWS\SxsCaPendDel
2008-11-03 12:27:50 ----SHD---- C:\Config.Msi
2008-11-03 11:19:33 ----D---- C:\Program Files\Sun
2008-11-03 11:19:19 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-03 11:19:19 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-03 11:19:19 ----A---- C:\WINDOWS\system32\java.exe
2008-11-03 11:19:19 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-03 10:07:45 ----D---- C:\rsit
2008-10-31 16:57:15 ----RASHD---- C:\autorun.inf
2008-10-30 15:31:27 ----D---- C:\Program Files\Trend Micro
2008-10-28 12:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2008-10-24 11:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 18:49:43 ----D---- C:\Documents and Settings\Local1\Application Data\Malwarebytes
2008-10-17 18:49:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-17 18:49:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-17 18:49:27 ----D---- C:\3f1d943467a9625862e5f958608c140c
2008-10-17 17:16:53 ----HD---- C:\WINDOWS\PIF
2008-10-17 14:24:29 ----D---- C:\Program Files\Robotics4
2008-10-17 13:01:10 ----D---- C:\Program Files\Microsoft Office
2008-10-17 13:01:01 ----D---- C:\Program Files\MSECache
2008-10-15 19:07:15 ----D---- C:\WINDOWS\Sun
2008-10-15 19:07:14 ----D---- C:\Documents and Settings\Local1\Application Data\Sun
2008-10-15 11:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-15 11:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-15 11:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-15 11:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 11:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-09 09:40:55 ----D---- C:\WINDOWS\system32\NtmsData
2008-10-08 16:24:06 ----A---- C:\WINDOWS\Vnti40.ini
2008-10-08 16:21:27 ----D---- C:\Documents and Settings\All Users\Application Data\Informax
2008-10-08 16:17:29 ----D---- C:\Program Files\Invitrogen
2008-10-08 16:17:08 ----D---- C:\VNTI Database
2008-10-08 16:16:43 ----D---- C:\Program Files\Common Files\Informax
2008-10-08 16:16:28 ----A---- C:\WINDOWS\system32\roboex32.dll
2008-10-08 16:13:40 ----D---- C:\Program Files\Informax Installations
2008-10-08 16:13:06 ----D---- C:\Program Files\Vector NTI 10 Distributive
2008-10-08 16:12:09 ----A---- C:\WINDOWS\system32\Lpng.dll
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\ZIP32.DLL
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\tlbinf32.DLL
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\regobj.dll
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\gslcblas.DLL
2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\gsl.DLL
2008-10-08 16:12:04 ----D---- C:\Program Files\RotorGene 6
2008-09-17 13:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2008-09-17 13:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-09-17 13:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-09-17 13:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2008-09-17 13:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-09-17 13:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-09-17 13:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-09-17 13:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2008-09-17 13:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-09-17 13:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-09-17 13:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB936357-v2$
2008-09-17 13:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB935843$
2008-09-17 13:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2008-09-16 16:00:03 ----A---- C:\WINDOWS\client.INI
2008-09-11 11:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-11 11:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-09-10 14:28:23 ----A---- C:\WINDOWS\Psapi.Dll
2008-08-25 11:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-08-25 11:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-08-25 11:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-08-25 11:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-25 11:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-08-25 11:08:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-08-25 11:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-08-25 11:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-08-25 11:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-25 11:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-08-25 11:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-08-25 11:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-08-25 11:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-08-25 11:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

======List of files/folders modified in the last 3 months======

2008-11-06 15:17:49 ----RD---- C:\Program Files
2008-11-06 15:17:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-06 15:17:45 ----D---- C:\WINDOWS\system32
2008-11-06 15:17:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-06 14:44:18 ----D---- C:\WINDOWS\Temp
2008-11-06 13:00:35 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-06 13:00:34 ----D---- C:\WINDOWS\Prefetch
2008-11-06 10:41:13 ----D---- C:\WINDOWS\security
2008-11-06 02:10:32 ----SHD---- C:\WINDOWS\Installer
2008-11-04 11:54:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-03 12:28:36 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-03 12:28:27 ----D---- C:\Program Files\Common Files
2008-11-03 12:28:18 ----D---- C:\WINDOWS
2008-11-03 11:18:59 ----D---- C:\Program Files\Java
2008-10-31 10:22:17 ----HD---- C:\WINDOWS\inf
2008-10-30 13:01:16 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 10:10:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-28 12:01:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-28 12:01:13 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-24 11:00:28 ----A---- C:\WINDOWS\imsins.BAK
2008-10-22 12:30:01 ----D---- C:\Documents and Settings
2008-10-21 13:32:08 ----SHD---- C:\RECYCLER
2008-10-19 11:00:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-17 13:35:04 ----D---- C:\Documents and Settings\Local1\Application Data\Adobe
2008-10-16 01:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 11:03:00 ----D---- C:\Program Files\Internet Explorer
2008-10-15 11:02:28 ----A---- C:\WINDOWS\win.ini
2008-10-09 09:40:34 ----SD---- C:\Documents and Settings\Local1\Application Data\Microsoft
2008-10-07 13:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-04 02:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-17 15:53:28 ----D---- C:\WINDOWS\system32\config
2008-09-16 23:59:32 ----D---- C:\Program Files\Dell
2008-09-16 23:59:25 ----D---- C:\Program Files\Altiris
2008-09-16 15:59:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-11 11:00:54 ----D---- C:\WINDOWS\WinSxS
2008-08-28 17:00:38 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-08-28 17:00:38 ----A---- C:\WINDOWS\system32\msw3prt.dll
2008-08-28 08:10:18 ----D---- C:\WINDOWS\Help
2008-08-27 17:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 16:24:29 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 16:24:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 16:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 17:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-25 17:37:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-25 11:10:13 ----D---- C:\Program Files\Messenger
2008-08-25 11:10:01 ----A---- C:\WINDOWS\vbaddin.ini
2008-08-23 14:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-08-14 18:58:27 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 18:22:14 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 CCDevice;CCDevice; C:\WINDOWS\system32\drivers\CCDevice.sys [2005-03-23 9216]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2006-10-27 19968]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AlKernel;Altiris Kernel Driver; C:\WINDOWS\System32\Drivers\AlKernel.sys [2008-11-06 2401]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-07-14 156160]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-02-02 139604]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081105.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081105.004\navex15.sys []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-01-24 12992]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-01-24 110784]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-01-24 31936]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081104.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-01-24 28352]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-05 241152]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-03-08 121344]
S3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-23 56576]
S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-03 209152]
S3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2004-09-17 732928]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Altiris\AClient\AClient.exe [2008-05-22 5169228]
R2 AeXNSClient;Altiris Agent; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2008-05-12 1523712]
R2 CarbonCopy32;Altiris Carbon Copy; C:\WINDOWS\system32\ccsrvc.exe [2005-03-23 65536]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-03-24 202400]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-06-16 1433616]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2007-01-19 239864]
R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-06-07 87728]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-03 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-06-07 173744]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 CarbonCopyScheduler;Carbon Copy Scheduler; C:\WINDOWS\system32\schdsrvc.exe [2005-03-23 274432]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------








info.txt logfile of random's system information tool 1.04 2008-11-03 10:07:57

======Uninstall list======

-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{0B073228-62C7-41A6-84EC-9D6DD9A28E4D}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
Altiris Application Metering Agent-->MsiExec.exe /I{AFCCB0E5-9D0D-409D-ABE5-C5DE75FBBC82}
Altiris Carbon Copy Solution Agent -->MsiExec.exe /X{BC13AD87-65E7-4963-A2DA-1ED419D3DC34}
Altiris Carbon Copy Solution Agent 6.1-->MsiExec.exe /x {BC13AD87-65E7-4963-A2DA-1ED419D3DC34} /qf
Altiris Software Delivery Solution Agent-->MsiExec.exe /X{A0A1EB01-A6FD-423A-8480-364055A7C961}
Altiris Task Synchronization Agent-->MsiExec.exe /X{2851123E-5786-41BE-A3F1-A9B21E499EEB}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Cisco Systems VPN Client 4.0.4 (D)-->MsiExec.exe /X{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
Corbett Robotics CAS Robotics v4.09.01-->"C:\Program Files\Robotics4\unins000.exe"
Dell Client Manager Agent-->MsiExec.exe /X{00293E7E-A756-42B3-A555-202D352A3021}
Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
DivX-->C:\Program Files\Multimedia\DivX\DivXCodecUninstall.exe /CODEC
EndNote 9.0.1 Volume License Edition-->MsiExec.exe /I{53C020C2-8C1A-11D9-8BDE-F66BAD1E3F3A}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935843)-->"C:\WINDOWS\$NtUninstallKB935843$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB936357-v2)-->"C:\WINDOWS\$NtUninstallKB936357-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
JMP 7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70BA8212-E087-4992-8E65-9BE31944586F}\setup.exe" -l0x9 -removeonly
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MetaFrame Presentation Server Client-->MsiExec.exe /I{DF1D5FEC-D67C-43C8-9230-41F5DF350196}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.17)-->C:\Program Files\Internet\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
Oracle JInitiator 1.3.1.23-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0123-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Real Alternative 1.49-->"C:\Program Files\Multimedia\Real Alternative\unins000.exe"
Rotor-Gene 6.1.93-->"C:\Program Files\RotorGene 6\unins000.exe"
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)-->C:\Program Files\SAS\Shared Files\JRE\1.4.2_09\_uninst\Uninst.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
Symantec Client Security-->MsiExec.exe /I{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
Unified Messaging for Microsoft Exchange-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Unified Messaging Client\Uninst.isu"
UnitSmartTag-->MsiExec.exe /I{77A9540F-342A-4230-A024-345C1D84B988}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
V10CC-->MsiExec.exe /I{0FC497E5-4EC1-4FE7-98C0-9AF57021F818}
V10CNT-->MsiExec.exe /I{0CDE246F-1197-4374-91BE-1C8927755298}
V10COM-->MsiExec.exe /I{EA19EDB3-DF71-448F-AFBF-1EEB3ACB9B31}
V10DT-->MsiExec.exe /I{81BF6FB0-34E7-4897-A544-61AA6C3B1284}
V10NQ-->MsiExec.exe /I{B017026E-FC02-4CD4-A848-52447D60676B}
V10PFAM-->MsiExec.exe /I{9611D325-5333-4415-8338-CA957D8564D0}
Vector NTI 10-->MsiExec.exe /I{9876E8C6-F8D7-4F43-84D3-B97D177F9466}
ViceVersa Pro 2 (Build 2014)-->"C:\Program Files\ViceVersa Pro 2\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Multimedia\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
XviD Video Codec 30082002-1 (Koepi's build with EPSZ ME)-->"C:\Program Files\Multimedia\XviD\UninstXviD.exe"

======Security center information======

AV: Symantec AntiVirus Corporate Edition
FW: Symantec Client Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Multimedia\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Multimedia\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\Multimedia\QuickTime\QTSystem\QTJava.zip
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------



looking good imho... :angel:

Blade81
2008-11-06, 12:59
Hi again Chris,

Couple of things there that needs fixing.


Download ERUNT (http://www.softpedia.com/get/Tweak/Registry-Tweak/Erunt-g.shtml)
Save it to your desktop. Run and install this program.

In the box that opens ONLY choose
System registry.

Then click OK.

Click save and then go to File > Exit.
This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.



We need to execute an OTMoveIt3 script
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop.
Double click theOTMoveIt3 icon on your desktop.
Paste the following code under the Paste Fix Here area. Do not include the word
Code
.

:Files
C:\autorun.inf

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{210b59be-53d1-11dd-8ed8-0011430037b0}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c562e8-5d13-11dd-8eda-0011430037b0}]

Push the large MoveIt button.
OTMI3 may ask to reboot the machine. Please do so if asked.
Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log.
If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post with a fresh RSIT report (no need for info.txt file contents anymore :)).

compsrdumb
2008-11-06, 14:15
ok, will do that tomorrow, when I´m back in hte office...
but could you please explain to me why I´m doing that? :red:

Blade81
2008-11-06, 19:53
Hi

Cos flash infection dropped that autorun.inf file to the c: drive and those two registry entries are related to the same infection. May not be active any more but better move traces away. :)

Blade81
2008-11-13, 12:18
Due to inactivity, this thread will now be closed.

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.