Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: trojan win32.agent.xxx and possibly others

  1. #1
    Junior Member
    Join Date
    Oct 2008
    Location
    Western Australia (formerly: Palz!)
    Posts
    15

    Default trojan win32.agent.xxx and possibly others

    Hi there
    we're having problems with our office computers being infected by one (ore more) s copying themsleve(s) to our usb thumbdrives. They create executables named like folders originally on the drives (and settingg the original ones to "inivisible") AND/OR creating a "notepad.exe", both of which having a "folder" symbol, not the "executable" symbol.

    kaspersky online scanner defined them as

    win32.agent.something
    and
    win32.VB.something

    SpybotS&D does not recognize them, Symantec anti Virus recognizes them but can't get rid of them. I tried to delete them by hand, then, I ran malwarebytes anti-malware , it sez:


    Malwarebytes' Anti-Malware 1.30
    Database version: 1341
    Windows 5.1.2600 Service Pack 2

    10/31/2008 11:58:52 AM
    mbam-log-2008-10-31 (11-58-52).txt

    Scan type: Quick Scan
    Objects scanned: 57560
    Time elapsed: 6 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\serauth1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\serauth2.dll (Trojan.Agent) -> Quarantined and deleted successfully.



    this is the latest HJT logfile:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:50:54 PM, on 10/31/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\AClient\AClient.exe
    C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    C:\Program Files\Intel\AMT\atchksrv.exe
    C:\WINDOWS\system32\ccsrvc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Altiris\Carbon Copy\shellker.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\Program Files\Intel\AMT\UNS.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    C:\PROGRA~1\Altiris\CARBON~1\client.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Altiris\AClient\AClntUsr.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.murdoch.edu.au/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.murdoch.edu.au/autocache
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
    O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: Bginfo.lnk = C:\bginfo\Bginfo.exe (User 'Default user')
    O4 - Startup: Bginfo.lnk = C:\bginfo\Bginfo.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: maps.google.com.au
    O15 - Trusted Zone: dms3.murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
    O17 - HKLM\Software\..\Telephony: DomainName = ad.murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C046DC1-C235-4D31-9BF8-3B635293FE17}: Domain = ad.murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9C046DC1-C235-4D31-9BF8-3B635293FE17}: NameServer = 134.115.253.11,134.115.253.10
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
    O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll
    O20 - AppInit_DLLs: AMINIT.dll
    O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
    O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
    O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
    O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

    --
    End of file - 11092 bytes


    now what's next?

    thanks so far
    Chris

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hello again Chris


    Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

    Double-click ATF Cleaner.exe to open it

    Under Main choose:
    Windows Temp
    Current User Temp
    All Users Temp
    Cookies
    Temporary Internet Files
    Prefetch
    Java Cache

    *The other boxes are optional*
    Then click the Empty Selected button.

    If you use Firefox:
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    If you use Opera:
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

    Click Exit on the Main menu to close the program.


    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


    Post back its report and continue with RSIT below.


    • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Oct 2008
    Location
    Western Australia (formerly: Palz!)
    Posts
    15

    Lightbulb working...

    Alright, I used ATF and ran RSIT :


    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Local1 at 2008-11-03 10:14:07
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 29 GB (75%) free of 38 GB
    Total RAM: 1014 MB (43% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:14:09 AM, on 3/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\AClient\AClient.exe
    C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    C:\WINDOWS\system32\ccsrvc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Altiris\Carbon Copy\shellker.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Altiris\CARBON~1\client.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Altiris\AClient\AClntUsr.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Local1\Desktop\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Local1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.murdoch.edu.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.murdoch.edu.au/autocache
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193385769515
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193385536218
    O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} (JInitiator 1.3.1.23) -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
    O17 - HKLM\Software\..\Telephony: DomainName = ad.murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{64D7A313-76D7-4A8E-B83D-EFCAB1F28F4B}: Domain = murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{64D7A313-76D7-4A8E-B83D-EFCAB1F28F4B}: NameServer = 134.115.253.11,134.115.253.12
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C3BCC4-67E1-42CE-A2FC-B716EA1B12C5}: Domain = ad.murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C3BCC4-67E1-42CE-A2FC-B716EA1B12C5}: NameServer = 134.115.253.10,134.115.253.11
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
    O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll
    O20 - AppInit_DLLs: AMINIT.dll
    O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
    O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
    O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

    --
    End of file - 9401 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-06-15 124656]
    "AeXAgentLogon"=C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [2008-05-12 143360]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
    "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
    "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "AClntUsr"=C:\Program Files\Altiris\AClient\AClntUsr.EXE [2008-10-31 184320]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=" AMINIT.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "disablecad"=0
    "DisableStatusMessages"=0
    "RunLogonScriptSync"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=36
    "NoDriveAutoRun"=FFFFFFFF

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoWelcomeScreen"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{210b59be-53d1-11dd-8ed8-0011430037b0}]
    shell\AutoRun\command - MntDrCore.exe
    shell\Open\command - MntDrCore.exe
    shell\Open With...\command - MntDrCore.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c562e8-5d13-11dd-8eda-0011430037b0}]
    shell\AutoRun\command - MntDrCore.exe
    shell\Open\command - MntDrCore.exe
    shell\Open With...\command - MntDrCore.exe


    ======File associations======

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

    ======List of files/folders created in the last 3 months======

    2008-11-03 10:07:45 ----D---- C:\rsit
    2008-10-31 16:57:15 ----RASHD---- C:\autorun.inf
    2008-10-30 15:31:27 ----D---- C:\Program Files\Trend Micro
    2008-10-28 12:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
    2008-10-24 11:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-17 18:49:43 ----D---- C:\Documents and Settings\Local1\Application Data\Malwarebytes
    2008-10-17 18:49:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-17 18:49:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-17 18:49:27 ----D---- C:\3f1d943467a9625862e5f958608c140c
    2008-10-17 17:16:53 ----HD---- C:\WINDOWS\PIF
    2008-10-17 14:24:29 ----D---- C:\Program Files\Robotics4
    2008-10-17 13:01:10 ----D---- C:\Program Files\Microsoft Office
    2008-10-17 13:01:01 ----D---- C:\Program Files\MSECache
    2008-10-15 19:07:15 ----D---- C:\WINDOWS\Sun
    2008-10-15 19:07:14 ----D---- C:\Documents and Settings\Local1\Application Data\Sun
    2008-10-15 11:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-15 11:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-15 11:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-15 11:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-15 11:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-09 09:40:55 ----D---- C:\WINDOWS\system32\NtmsData
    2008-10-08 16:24:06 ----A---- C:\WINDOWS\Vnti40.ini
    2008-10-08 16:21:27 ----D---- C:\Documents and Settings\All Users\Application Data\Informax
    2008-10-08 16:17:29 ----D---- C:\Program Files\Invitrogen
    2008-10-08 16:17:08 ----D---- C:\VNTI Database
    2008-10-08 16:16:43 ----D---- C:\Program Files\Common Files\Informax
    2008-10-08 16:16:28 ----A---- C:\WINDOWS\system32\roboex32.dll
    2008-10-08 16:13:40 ----D---- C:\Program Files\Informax Installations
    2008-10-08 16:13:06 ----D---- C:\Program Files\Vector NTI 10 Distributive
    2008-10-08 16:12:09 ----A---- C:\WINDOWS\system32\Lpng.dll
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\ZIP32.DLL
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\tlbinf32.DLL
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\regobj.dll
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\gslcblas.DLL
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\gsl.DLL
    2008-10-08 16:12:04 ----D---- C:\Program Files\RotorGene 6
    2008-09-17 13:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2008-09-17 13:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
    2008-09-17 13:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
    2008-09-17 13:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
    2008-09-17 13:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
    2008-09-17 13:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
    2008-09-17 13:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
    2008-09-17 13:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
    2008-09-17 13:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
    2008-09-17 13:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
    2008-09-17 13:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB936357-v2$
    2008-09-17 13:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB935843$
    2008-09-17 13:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
    2008-09-16 16:00:03 ----A---- C:\WINDOWS\client.INI
    2008-09-11 11:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-11 11:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-09-10 14:28:23 ----A---- C:\WINDOWS\Psapi.Dll
    2008-08-25 11:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-08-25 11:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-25 11:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-25 11:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-25 11:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-25 11:08:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-08-25 11:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2008-08-25 11:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-08-25 11:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-25 11:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-25 11:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-25 11:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-08-25 11:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
    2008-08-25 11:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

    ======List of files/folders modified in the last 3 months======

    2008-11-03 10:07:57 ----D---- C:\WINDOWS\Temp
    2008-11-03 10:06:22 ----D---- C:\WINDOWS\Prefetch
    2008-11-02 20:40:20 ----D---- C:\WINDOWS\security
    2008-11-01 13:00:40 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-10-31 11:20:28 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-10-31 10:22:17 ----HD---- C:\WINDOWS\inf
    2008-10-31 10:22:16 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-10-30 15:31:27 ----RD---- C:\Program Files
    2008-10-30 13:01:16 ----D---- C:\WINDOWS\system32\drivers
    2008-10-29 10:10:20 ----D---- C:\WINDOWS\system32
    2008-10-29 10:10:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-29 10:09:01 ----D---- C:\WINDOWS
    2008-10-28 12:01:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-10-28 12:01:13 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-24 11:00:28 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-22 12:30:01 ----D---- C:\Documents and Settings
    2008-10-21 13:32:08 ----SHD---- C:\RECYCLER
    2008-10-19 11:00:24 ----SHD---- C:\WINDOWS\Installer
    2008-10-19 11:00:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-10-17 13:35:04 ----D---- C:\Documents and Settings\Local1\Application Data\Adobe
    2008-10-16 01:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
    2008-10-15 11:03:00 ----D---- C:\Program Files\Internet Explorer
    2008-10-15 11:02:28 ----A---- C:\WINDOWS\win.ini
    2008-10-09 09:40:34 ----SD---- C:\Documents and Settings\Local1\Application Data\Microsoft
    2008-10-08 16:16:43 ----D---- C:\Program Files\Common Files
    2008-10-07 13:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-04 02:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-09-17 15:53:28 ----D---- C:\WINDOWS\system32\config
    2008-09-16 23:59:32 ----D---- C:\Program Files\Dell
    2008-09-16 23:59:25 ----D---- C:\Program Files\Altiris
    2008-09-16 15:59:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-11 11:00:54 ----D---- C:\WINDOWS\WinSxS
    2008-08-28 17:00:38 ----A---- C:\WINDOWS\system32\win32spl.dll
    2008-08-28 17:00:38 ----A---- C:\WINDOWS\system32\msw3prt.dll
    2008-08-28 08:10:18 ----D---- C:\WINDOWS\Help
    2008-08-27 17:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
    2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\occache.dll
    2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
    2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\url.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
    2008-08-26 16:24:29 ----N---- C:\WINDOWS\system32\iernonce.dll
    2008-08-26 16:24:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
    2008-08-26 16:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
    2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
    2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-08-25 17:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-08-25 17:37:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe
    2008-08-25 11:10:13 ----D---- C:\Program Files\Messenger
    2008-08-25 11:10:01 ----A---- C:\WINDOWS\vbaddin.ini
    2008-08-23 14:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll
    2008-08-14 18:58:27 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 18:22:14 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 CCDevice;CCDevice; C:\WINDOWS\system32\drivers\CCDevice.sys [2005-03-23 9216]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2006-10-27 19968]
    R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
    R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 AlKernel;Altiris Kernel Driver; C:\WINDOWS\System32\Drivers\AlKernel.sys [2008-11-03 2401]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-07-14 156160]
    R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-02-02 139604]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081102.004\naveng.sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081102.004\navex15.sys []
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-01-24 12992]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-01-24 110784]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-01-24 31936]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081030.001\symidsco.sys []
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-01-24 28352]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
    S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
    S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-05 241152]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
    S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
    S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
    S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-03-08 121344]
    S3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-23 56576]
    S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
    S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-03 209152]
    S3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys []
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
    S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2004-09-17 732928]
    S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
    S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
    S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AClient;Altiris Client Service; C:\Program Files\Altiris\AClient\AClient.exe [2008-05-22 5169228]
    R2 AeXNSClient;Altiris Agent; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2008-05-12 1523712]
    R2 CarbonCopy32;Altiris Carbon Copy; C:\WINDOWS\system32\ccsrvc.exe [2005-03-23 65536]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
    R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-03-24 202400]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
    R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-06-16 1433616]
    R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
    R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2007-01-19 239864]
    R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-06-07 87728]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
    R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
    R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
    R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
    R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
    R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-06-07 173744]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
    S3 CarbonCopyScheduler;Carbon Copy Scheduler; C:\WINDOWS\system32\schdsrvc.exe [2005-03-23 274432]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------









    and the info.txt:
    info.txt logfile of random's system information tool 1.04 2008-11-03 10:07:57

    ======Uninstall list======

    -->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
    -->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->MsiExec.exe /I{0B073228-62C7-41A6-84EC-9D6DD9A28E4D}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
    Altiris Application Metering Agent-->MsiExec.exe /I{AFCCB0E5-9D0D-409D-ABE5-C5DE75FBBC82}
    Altiris Carbon Copy Solution Agent -->MsiExec.exe /X{BC13AD87-65E7-4963-A2DA-1ED419D3DC34}
    Altiris Carbon Copy Solution Agent 6.1-->MsiExec.exe /x {BC13AD87-65E7-4963-A2DA-1ED419D3DC34} /qf
    Altiris Software Delivery Solution Agent-->MsiExec.exe /X{A0A1EB01-A6FD-423A-8480-364055A7C961}
    Altiris Task Synchronization Agent-->MsiExec.exe /X{2851123E-5786-41BE-A3F1-A9B21E499EEB}
    Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
    Cisco Systems VPN Client 4.0.4 (D)-->MsiExec.exe /X{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}
    Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
    Corbett Robotics CAS Robotics v4.09.01-->"C:\Program Files\Robotics4\unins000.exe"
    Dell Client Manager Agent-->MsiExec.exe /X{00293E7E-A756-42B3-A555-202D352A3021}
    Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
    DivX-->C:\Program Files\Multimedia\DivX\DivXCodecUninstall.exe /CODEC
    EndNote 9.0.1 Volume License Edition-->MsiExec.exe /I{53C020C2-8C1A-11D9-8BDE-F66BAD1E3F3A}
    High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB935843)-->"C:\WINDOWS\$NtUninstallKB935843$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB936357-v2)-->"C:\WINDOWS\$NtUninstallKB936357-v2$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
    Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
    Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
    ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    JMP 7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70BA8212-E087-4992-8E65-9BE31944586F}\setup.exe" -l0x9 -removeonly
    LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    MetaFrame Presentation Server Client-->MsiExec.exe /I{DF1D5FEC-D67C-43C8-9230-41F5DF350196}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.17)-->C:\Program Files\Internet\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
    Oracle JInitiator 1.3.1.23-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0123-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
    OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
    PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
    QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
    Real Alternative 1.49-->"C:\Program Files\Multimedia\Real Alternative\unins000.exe"
    Rotor-Gene 6.1.93-->"C:\Program Files\RotorGene 6\unins000.exe"
    Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)-->C:\Program Files\SAS\Shared Files\JRE\1.4.2_09\_uninst\Uninst.exe
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
    Symantec Client Security-->MsiExec.exe /I{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}
    Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
    Unified Messaging for Microsoft Exchange-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Unified Messaging Client\Uninst.isu"
    UnitSmartTag-->MsiExec.exe /I{77A9540F-342A-4230-A024-345C1D84B988}
    Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
    Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
    Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
    Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
    Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
    Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    V10CC-->MsiExec.exe /I{0FC497E5-4EC1-4FE7-98C0-9AF57021F818}
    V10CNT-->MsiExec.exe /I{0CDE246F-1197-4374-91BE-1C8927755298}
    V10COM-->MsiExec.exe /I{EA19EDB3-DF71-448F-AFBF-1EEB3ACB9B31}
    V10DT-->MsiExec.exe /I{81BF6FB0-34E7-4897-A544-61AA6C3B1284}
    V10NQ-->MsiExec.exe /I{B017026E-FC02-4CD4-A848-52447D60676B}
    V10PFAM-->MsiExec.exe /I{9611D325-5333-4415-8338-CA957D8564D0}
    Vector NTI 10-->MsiExec.exe /I{9876E8C6-F8D7-4F43-84D3-B97D177F9466}
    ViceVersa Pro 2 (Build 2014)-->"C:\Program Files\ViceVersa Pro 2\unins000.exe"
    Winamp (remove only)-->"C:\Program Files\Multimedia\Winamp\UninstWA.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    XviD Video Codec 30082002-1 (Koepi's build with EPSZ ME)-->"C:\Program Files\Multimedia\XviD\UninstXviD.exe"

    ======Security center information======

    AV: Symantec AntiVirus Corporate Edition
    FW: Symantec Client Firewall

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Multimedia\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
    "PROCESSOR_REVISION"=0304
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Multimedia\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\Multimedia\QuickTime\QTSystem\QTJava.zip
    "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

    -----------------EOF-----------------




    interestingly, kaspersky would not load as it said java appled was not loaded. this is strange, becaus it was running on that particular machine bevor.
    Anyway, I downloaded the latest java (which I learned in this forum is a good thing to do anyway ) and will post the Kaspersky report later!

    Chris

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Ok. Shall wait for your input
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Oct 2008
    Location
    Western Australia (formerly: Palz!)
    Posts
    15

    Default and working

    Hi,
    can't get kaspersky online scanner to run. java console says:

    => MainApplet.init MainApplet.start <=
    java.lang.NoClassDefFoundError: com/kaspersky/kosp/common/Trace
    at com.kaspersky.kosp.MainApplet.start(MainApplet.java:78)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    java.lang.NoClassDefFoundError: Could not initialize class com.kaspersky.kosp.ReportApplet
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at java.lang.Class.newInstance0(Unknown Source)
    at java.lang.Class.newInstance(Unknown Source)
    at sun.applet.AppletPanel.createApplet(Unknown Source)
    at sun.plugin.AppletViewer.createApplet(Unknown Source)
    at sun.applet.AppletPanel.runLoader(Unknown Source)
    at sun.applet.AppletPanel.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

    But finally the IT guys stopped sending us their interns and send somebody over that seemed to know what he was doing and cleared the PC. At this moment there's no sign of the virus... (but for how long ?)

    Thanks again for your help, Blade :-)

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi Chris,

    If you want you could check what ESET scanner tells

    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic, along with a new RSIT report.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Oct 2008
    Location
    Western Australia (formerly: Palz!)
    Posts
    15

    Default going going going gone

    here we go:


    the ESET online scanner found:


    # version=4
    # OnlineScanner.ocx=1.0.0.56
    # OnlineScannerDLLA.dll=1, 0, 0, 51
    # OnlineScannerDLLW.dll=1, 0, 0, 51
    # OnlineScannerUninstaller.exe=1, 0, 0, 49
    # vers_standard_module=3589 (20081106)
    # vers_arch_module=1.064 (20080214)
    # vers_adv_heur_module=1.066 (20070917)
    # EOSSerial=85d6622f2a23104080dd91621bbcbdeb
    # end=finished
    # remove_checked=true
    # unwanted_checked=true
    # utc_time=2008-11-06 06:53:33
    # local_time=2008-11-06 03:53:33 (+0800, W. Australia Daylight Time)
    # country="Australia"
    # osver=5.1.2600 NT Service Pack 2
    # scanned=271857
    # found=0
    # scan_time=2034





    and RSIT says:


    Logfile of random's system information tool 1.04 (written by random/random)
    Run by Local1 at 2008-11-06 18:11:07
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 29 GB (75%) free of 38 GB
    Total RAM: 1014 MB (25% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:11:13 PM, on 6/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Altiris\AClient\AClient.exe
    C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    C:\WINDOWS\system32\ccsrvc.exe
    C:\Program Files\Altiris\Carbon Copy\shellker.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    C:\PROGRA~1\Altiris\CARBON~1\client.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Altiris\AClient\AClntUsr.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet\Mozilla Firefox\firefox.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
    C:\Documents and Settings\Local1\Desktop\protection stuff\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Local1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.murdoch.edu.au/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://wwwcache.murdoch.edu.au/autocache
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
    O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Altiris\AClient\AClntUsr.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1193385769515
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1193385536218
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-03.sun.com/s/ESD5/JSC...ws-i586-jc.cab
    O16 - DPF: {CAFECAFE-0013-0001-0023-ABCDEFABCDEF} (JInitiator 1.3.1.23) -
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
    O17 - HKLM\Software\..\Telephony: DomainName = ad.murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{64D7A313-76D7-4A8E-B83D-EFCAB1F28F4B}: Domain = murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{64D7A313-76D7-4A8E-B83D-EFCAB1F28F4B}: NameServer = 134.115.253.11,134.115.253.12
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C3BCC4-67E1-42CE-A2FC-B716EA1B12C5}: Domain = ad.murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B9C3BCC4-67E1-42CE-A2FC-B716EA1B12C5}: NameServer = 134.115.253.10,134.115.253.11
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ad.murdoch.edu.au
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = murdoch.edu.au,ad.murdoch.edu.au
    O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Program Files\Invitrogen\Vector NTI Advance 10\Ncbi.dll
    O20 - AppInit_DLLs: AMINIT.dll
    O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
    O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
    O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
    O23 - Service: Carbon Copy Scheduler (CarbonCopyScheduler) - Altiris - C:\WINDOWS\system32\schdsrvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

    --
    End of file - 10313 bytes

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
    DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-03 320920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-03 34816]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-03 73728]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "vptray"=C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe [2006-06-15 124656]
    "AeXAgentLogon"=C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe [2008-05-12 143360]
    "DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
    "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
    "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
    "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
    "IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2004-08-20 155648]
    "HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2004-08-20 118784]
    "Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-03-30 138008]
    "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-03-24 282624]
    "SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928]
    "AClntUsr"=C:\Program Files\Altiris\AClient\AClntUsr.EXE [2008-11-04 184320]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-03 136600]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    VPN Client.lnk - C:\WINDOWS\Installer\{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}\Icon3E5562ED7.ico

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=" AMINIT.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    C:\WINDOWS\system32\NavLogon.dll [2006-06-15 43760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "disablecad"=0
    "DisableStatusMessages"=0
    "RunLogonScriptSync"=0

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=36
    "NoDriveAutoRun"=FFFFFFFF

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoWelcomeScreen"=
    "NoDriveTypeAutoRun"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\Altiris\AClient\AClntUsr.EXE"="C:\Program Files\Altiris\AClient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{210b59be-53d1-11dd-8ed8-0011430037b0}]
    shell\AutoRun\command - MntDrCore.exe
    shell\Open\command - MntDrCore.exe
    shell\Open With...\command - MntDrCore.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c562e8-5d13-11dd-8eda-0011430037b0}]
    shell\AutoRun\command - MntDrCore.exe
    shell\Open\command - MntDrCore.exe
    shell\Open With...\command - MntDrCore.exe


    ======File associations======

    .bat - edit - %SystemRoot%\System32\NOTEPAD.EXE %1"
    .ini - open - %SystemRoot%\System32\NOTEPAD.EXE %1"

    ======List of files/folders created in the last 3 months======

    2008-11-06 15:17:49 ----D---- C:\Program Files\EsetOnlineScanner
    2008-11-03 12:28:27 ----D---- C:\Program Files\Common Files\Adobe
    2008-11-03 12:28:27 ----D---- C:\Program Files\Adobe
    2008-11-03 12:28:18 ----D---- C:\WINDOWS\SxsCaPendDel
    2008-11-03 12:27:50 ----SHD---- C:\Config.Msi
    2008-11-03 11:19:33 ----D---- C:\Program Files\Sun
    2008-11-03 11:19:19 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-11-03 11:19:19 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-11-03 11:19:19 ----A---- C:\WINDOWS\system32\java.exe
    2008-11-03 11:19:19 ----A---- C:\WINDOWS\system32\deploytk.dll
    2008-11-03 10:07:45 ----D---- C:\rsit
    2008-10-31 16:57:15 ----RASHD---- C:\autorun.inf
    2008-10-30 15:31:27 ----D---- C:\Program Files\Trend Micro
    2008-10-28 12:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
    2008-10-24 11:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
    2008-10-17 18:49:43 ----D---- C:\Documents and Settings\Local1\Application Data\Malwarebytes
    2008-10-17 18:49:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2008-10-17 18:49:36 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-10-17 18:49:27 ----D---- C:\3f1d943467a9625862e5f958608c140c
    2008-10-17 17:16:53 ----HD---- C:\WINDOWS\PIF
    2008-10-17 14:24:29 ----D---- C:\Program Files\Robotics4
    2008-10-17 13:01:10 ----D---- C:\Program Files\Microsoft Office
    2008-10-17 13:01:01 ----D---- C:\Program Files\MSECache
    2008-10-15 19:07:15 ----D---- C:\WINDOWS\Sun
    2008-10-15 19:07:14 ----D---- C:\Documents and Settings\Local1\Application Data\Sun
    2008-10-15 11:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
    2008-10-15 11:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
    2008-10-15 11:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
    2008-10-15 11:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
    2008-10-15 11:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
    2008-10-09 09:40:55 ----D---- C:\WINDOWS\system32\NtmsData
    2008-10-08 16:24:06 ----A---- C:\WINDOWS\Vnti40.ini
    2008-10-08 16:21:27 ----D---- C:\Documents and Settings\All Users\Application Data\Informax
    2008-10-08 16:17:29 ----D---- C:\Program Files\Invitrogen
    2008-10-08 16:17:08 ----D---- C:\VNTI Database
    2008-10-08 16:16:43 ----D---- C:\Program Files\Common Files\Informax
    2008-10-08 16:16:28 ----A---- C:\WINDOWS\system32\roboex32.dll
    2008-10-08 16:13:40 ----D---- C:\Program Files\Informax Installations
    2008-10-08 16:13:06 ----D---- C:\Program Files\Vector NTI 10 Distributive
    2008-10-08 16:12:09 ----A---- C:\WINDOWS\system32\Lpng.dll
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\ZIP32.DLL
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\tlbinf32.DLL
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\regobj.dll
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\gslcblas.DLL
    2008-10-08 16:12:08 ----A---- C:\WINDOWS\system32\gsl.DLL
    2008-10-08 16:12:04 ----D---- C:\Program Files\RotorGene 6
    2008-09-17 13:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
    2008-09-17 13:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
    2008-09-17 13:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
    2008-09-17 13:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
    2008-09-17 13:02:28 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
    2008-09-17 13:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
    2008-09-17 13:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
    2008-09-17 13:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
    2008-09-17 13:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
    2008-09-17 13:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
    2008-09-17 13:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB936357-v2$
    2008-09-17 13:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB935843$
    2008-09-17 13:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
    2008-09-16 16:00:03 ----A---- C:\WINDOWS\client.INI
    2008-09-11 11:00:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
    2008-09-11 11:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
    2008-09-10 14:28:23 ----A---- C:\WINDOWS\Psapi.Dll
    2008-08-25 11:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
    2008-08-25 11:10:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
    2008-08-25 11:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
    2008-08-25 11:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
    2008-08-25 11:09:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
    2008-08-25 11:08:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
    2008-08-25 11:06:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
    2008-08-25 11:05:07 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
    2008-08-25 11:05:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
    2008-08-25 11:04:53 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
    2008-08-25 11:04:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
    2008-08-25 11:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
    2008-08-25 11:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
    2008-08-25 11:01:01 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$

    ======List of files/folders modified in the last 3 months======

    2008-11-06 15:17:49 ----RD---- C:\Program Files
    2008-11-06 15:17:45 ----SD---- C:\WINDOWS\Downloaded Program Files
    2008-11-06 15:17:45 ----D---- C:\WINDOWS\system32
    2008-11-06 15:17:42 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-11-06 14:44:18 ----D---- C:\WINDOWS\Temp
    2008-11-06 13:00:35 ----D---- C:\Program Files\Common Files\Symantec Shared
    2008-11-06 13:00:34 ----D---- C:\WINDOWS\Prefetch
    2008-11-06 10:41:13 ----D---- C:\WINDOWS\security
    2008-11-06 02:10:32 ----SHD---- C:\WINDOWS\Installer
    2008-11-04 11:54:21 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-11-03 12:28:36 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-11-03 12:28:27 ----D---- C:\Program Files\Common Files
    2008-11-03 12:28:18 ----D---- C:\WINDOWS
    2008-11-03 11:18:59 ----D---- C:\Program Files\Java
    2008-10-31 10:22:17 ----HD---- C:\WINDOWS\inf
    2008-10-30 13:01:16 ----D---- C:\WINDOWS\system32\drivers
    2008-10-29 10:10:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2008-10-28 12:01:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2008-10-28 12:01:13 ----HD---- C:\WINDOWS\$hf_mig$
    2008-10-24 11:00:28 ----A---- C:\WINDOWS\imsins.BAK
    2008-10-22 12:30:01 ----D---- C:\Documents and Settings
    2008-10-21 13:32:08 ----SHD---- C:\RECYCLER
    2008-10-19 11:00:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-10-17 13:35:04 ----D---- C:\Documents and Settings\Local1\Application Data\Adobe
    2008-10-16 01:57:55 ----A---- C:\WINDOWS\system32\netapi32.dll
    2008-10-15 11:03:00 ----D---- C:\Program Files\Internet Explorer
    2008-10-15 11:02:28 ----A---- C:\WINDOWS\win.ini
    2008-10-09 09:40:34 ----SD---- C:\Documents and Settings\Local1\Application Data\Microsoft
    2008-10-07 13:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
    2008-10-04 02:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
    2008-09-17 15:53:28 ----D---- C:\WINDOWS\system32\config
    2008-09-16 23:59:32 ----D---- C:\Program Files\Dell
    2008-09-16 23:59:25 ----D---- C:\Program Files\Altiris
    2008-09-16 15:59:15 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2008-09-11 11:00:54 ----D---- C:\WINDOWS\WinSxS
    2008-08-28 17:00:38 ----A---- C:\WINDOWS\system32\win32spl.dll
    2008-08-28 17:00:38 ----A---- C:\WINDOWS\system32\msw3prt.dll
    2008-08-28 08:10:18 ----D---- C:\WINDOWS\Help
    2008-08-27 17:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
    2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\wininet.dll
    2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\webcheck.dll
    2008-08-26 16:24:31 ----A---- C:\WINDOWS\system32\urlmon.dll
    2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\occache.dll
    2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
    2008-08-26 16:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\url.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
    2008-08-26 16:24:30 ----A---- C:\WINDOWS\system32\jsproxy.dll
    2008-08-26 16:24:29 ----N---- C:\WINDOWS\system32\iernonce.dll
    2008-08-26 16:24:29 ----N---- C:\WINDOWS\system32\iedkcs32.dll
    2008-08-26 16:24:29 ----A---- C:\WINDOWS\system32\iertutil.dll
    2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
    2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
    2008-08-26 16:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\dxtrans.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
    2008-08-26 16:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
    2008-08-25 17:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
    2008-08-25 17:37:59 ----N---- C:\WINDOWS\system32\ie4uinit.exe
    2008-08-25 11:10:13 ----D---- C:\Program Files\Messenger
    2008-08-25 11:10:01 ----A---- C:\WINDOWS\vbaddin.ini
    2008-08-23 14:54:51 ----N---- C:\WINDOWS\system32\ieakui.dll
    2008-08-14 18:58:27 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 18:22:14 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 CCDevice;CCDevice; C:\WINDOWS\system32\drivers\CCDevice.sys [2005-03-23 9216]
    R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
    R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
    R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2006-10-27 19968]
    R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys []
    R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys []
    R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
    R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776]
    R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
    R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
    R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
    R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
    R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
    R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
    R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
    R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
    R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
    R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
    R3 AlKernel;Altiris Kernel Driver; C:\WINDOWS\System32\Drivers\AlKernel.sys [2008-11-06 2401]
    R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-07-14 156160]
    R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2004-02-02 139604]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
    R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
    R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081105.004\naveng.sys []
    R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081105.004\navex15.sys []
    R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-04-09 612352]
    R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2006-01-24 12992]
    R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
    R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2006-01-24 110784]
    R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2006-01-24 31936]
    R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20081104.001\symidsco.sys []
    R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2006-01-24 28352]
    R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
    S1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
    S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
    S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2006-07-05 241152]
    S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-17 44544]
    S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
    S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2003-05-01 5220]
    S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\system32\DRIVERS\e1000325.sys [2003-03-08 121344]
    S3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-23 56576]
    S3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
    S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-03 209152]
    S3 NETw4x32;Intel(R) Wireless WiFi Link Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys []
    S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
    S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928]
    S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2004-09-17 732928]
    S3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-03-24 1156648]
    S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
    S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
    S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AClient;Altiris Client Service; C:\Program Files\Altiris\AClient\AClient.exe [2008-05-22 5169228]
    R2 AeXNSClient;Altiris Agent; C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe [2008-05-12 1523712]
    R2 CarbonCopy32;Altiris Carbon Copy; C:\WINDOWS\system32\ccsrvc.exe [2005-03-23 65536]
    R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160]
    R2 ccProxy;Symantec Network Proxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-03-24 202400]
    R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632]
    R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2004-06-16 1433616]
    R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [2006-06-15 31472]
    R2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2007-01-19 239864]
    R2 ISSVC;IS Service; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [2006-06-07 87728]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-03 152984]
    R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
    R2 SavRoam;SAVRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2006-06-15 115952]
    R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2006-01-24 214720]
    R2 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2006-04-11 1160848]
    R2 spkrmon;spkrmon; C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe [2003-08-28 61440]
    R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [2006-06-15 1805552]
    R2 SymSecurePort;Symantec SecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [2006-06-07 173744]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
    S3 CarbonCopyScheduler;Carbon Copy Scheduler; C:\WINDOWS\system32\schdsrvc.exe [2005-03-23 274432]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
    S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

    -----------------EOF-----------------








    info.txt logfile of random's system information tool 1.04 2008-11-03 10:07:57

    ======Uninstall list======

    -->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
    -->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->MsiExec.exe /I{0B073228-62C7-41A6-84EC-9D6DD9A28E4D}
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}
    Altiris Application Metering Agent-->MsiExec.exe /I{AFCCB0E5-9D0D-409D-ABE5-C5DE75FBBC82}
    Altiris Carbon Copy Solution Agent -->MsiExec.exe /X{BC13AD87-65E7-4963-A2DA-1ED419D3DC34}
    Altiris Carbon Copy Solution Agent 6.1-->MsiExec.exe /x {BC13AD87-65E7-4963-A2DA-1ED419D3DC34} /qf
    Altiris Software Delivery Solution Agent-->MsiExec.exe /X{A0A1EB01-A6FD-423A-8480-364055A7C961}
    Altiris Task Synchronization Agent-->MsiExec.exe /X{2851123E-5786-41BE-A3F1-A9B21E499EEB}
    Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
    Cisco Systems VPN Client 4.0.4 (D)-->MsiExec.exe /X{3E5562ED-69AB-4CEC-91E2-64E18EC5ACC6}
    Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
    Corbett Robotics CAS Robotics v4.09.01-->"C:\Program Files\Robotics4\unins000.exe"
    Dell Client Manager Agent-->MsiExec.exe /X{00293E7E-A756-42B3-A555-202D352A3021}
    Dell Resource CD-->MsiExec.exe /X{42929F0F-CE14-47AF-9FC7-FF297A603021}
    DivX-->C:\Program Files\Multimedia\DivX\DivXCodecUninstall.exe /CODEC
    EndNote 9.0.1 Volume License Edition-->MsiExec.exe /I{53C020C2-8C1A-11D9-8BDE-F66BAD1E3F3A}
    High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB935843)-->"C:\WINDOWS\$NtUninstallKB935843$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB936357-v2)-->"C:\WINDOWS\$NtUninstallKB936357-v2$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
    Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
    Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
    ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    JMP 7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70BA8212-E087-4992-8E65-9BE31944586F}\setup.exe" -l0x9 -removeonly
    LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
    Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    MetaFrame Presentation Server Client-->MsiExec.exe /I{DF1D5FEC-D67C-43C8-9230-41F5DF350196}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
    Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
    Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
    Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Visio Professional 2003-->MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Mozilla Firefox (2.0.0.17)-->C:\Program Files\Internet\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
    OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
    Oracle JInitiator 1.3.1.23-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0123-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
    OZ776 SCR CardBus Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{2D91C34E-12CC-4B1B-90D5-31DAD47B6F48} /l1033
    PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
    QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
    Real Alternative 1.49-->"C:\Program Files\Multimedia\Real Alternative\unins000.exe"
    Rotor-Gene 6.1.93-->"C:\Program Files\RotorGene 6\unins000.exe"
    Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
    Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
    SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)-->C:\Program Files\SAS\Shared Files\JRE\1.4.2_09\_uninst\Uninst.exe
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\SETUP.exe" -l0x9 -removeonly
    Symantec Client Security-->MsiExec.exe /I{C20729A4-C8C2-4DE3-94BE-5E3A2E9EFB63}
    Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
    Unified Messaging for Microsoft Exchange-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Unified Messaging Client\Uninst.isu"
    UnitSmartTag-->MsiExec.exe /I{77A9540F-342A-4230-A024-345C1D84B988}
    Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
    Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
    Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
    Update for Windows XP (KB920342)-->"C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
    Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
    Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
    Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
    Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
    Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
    Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
    Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
    Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
    Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
    Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    V10CC-->MsiExec.exe /I{0FC497E5-4EC1-4FE7-98C0-9AF57021F818}
    V10CNT-->MsiExec.exe /I{0CDE246F-1197-4374-91BE-1C8927755298}
    V10COM-->MsiExec.exe /I{EA19EDB3-DF71-448F-AFBF-1EEB3ACB9B31}
    V10DT-->MsiExec.exe /I{81BF6FB0-34E7-4897-A544-61AA6C3B1284}
    V10NQ-->MsiExec.exe /I{B017026E-FC02-4CD4-A848-52447D60676B}
    V10PFAM-->MsiExec.exe /I{9611D325-5333-4415-8338-CA957D8564D0}
    Vector NTI 10-->MsiExec.exe /I{9876E8C6-F8D7-4F43-84D3-B97D177F9466}
    ViceVersa Pro 2 (Build 2014)-->"C:\Program Files\ViceVersa Pro 2\unins000.exe"
    Winamp (remove only)-->"C:\Program Files\Multimedia\Winamp\UninstWA.exe"
    Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
    Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
    Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    XviD Video Codec 30082002-1 (Koepi's build with EPSZ ME)-->"C:\Program Files\Multimedia\XviD\UninstXviD.exe"

    ======Security center information======

    AV: Symantec AntiVirus Corporate Edition
    FW: Symantec Client Firewall

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Multimedia\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
    "PROCESSOR_REVISION"=0304
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Multimedia\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\Multimedia\QuickTime\QTSystem\QTJava.zip
    "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\

    -----------------EOF-----------------



    looking good imho...

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi again Chris,

    Couple of things there that needs fixing.


    Download ERUNT
    Save it to your desktop. Run and install this program.

    In the box that opens ONLY choose
    System registry.

    Then click OK.

    Click save and then go to File > Exit.
    This is so the registry can be restored to this point if we need it. It may take a minute. Just let it go until it's done.



    We need to execute an OTMoveIt3 script
    1. Please download OTMoveIt3 by OldTimer and save it to your desktop.
    2. Double click theOTMoveIt3 icon on your desktop.
    3. Paste the following code under the Paste Fix Here area. Do not include the word
      Code
      .
      Code:
      :Files
      C:\autorun.inf
      
      :reg
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{210b59be-53d1-11dd-8ed8-0011430037b0}]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63c562e8-5d13-11dd-8eda-0011430037b0}]
    4. Push the large MoveIt button.
    5. OTMI3 may ask to reboot the machine. Please do so if asked.
    6. Copy/Paste the contents under the Results line here in your next reply with a fresh hjt log.
    7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post with a fresh RSIT report (no need for info.txt file contents anymore ).
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Oct 2008
    Location
    Western Australia (formerly: Palz!)
    Posts
    15

    Default question...

    ok, will do that tomorrow, when I´m back in hte office...
    but could you please explain to me why I´m doing that?

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi

    Cos flash infection dropped that autorun.inf file to the c: drive and those two registry entries are related to the same infection. May not be active any more but better move traces away.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •