|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-05-2009, 03:56 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 7
OS: XP
|
HELP! Constant popups and extremely slow computer
Hi there!
For the past week I have been seeing a barrage of popups advertising RegistryDefender, Antivirus2009, etc.  These are opening in IE even though I use Firefox. Also, the computer is running very very slowly and the CPU usage continuously spikes even when nothing is running. I have run updated virus scans, but everything comes up clean even when it clearly isn't. I attempted to run DDS, but even that won't run, it just hangs. I found another post suggesting RSIT instead, and that worked. The log and info files are copied below. thanks! --------------- log.txt ------------------------------------ Logfile of random's system information tool 1.05 (written by random/random) Run by t850260 at 2009-01-05 18:40:33 Microsoft Windows XP Professional Service Pack 2 System drive C: has 89 GB (78%) free of 114 GB Total RAM: 3582 MB (85% free) HijackThis download failed ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-05 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87c675d4-abe2-4f90-bb49-295f8f49c5dd}] C:\WINDOWS\system32\bikusono.dll [65535-65535-31889 69970] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2008-11-18 408952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-05 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-05 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2008-04-04 136512] "ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2007-10-16 111952] "PMX Daemon"=ICO.EXE [] "PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-12 39792] "Apoint"=C:\Program Files\Apoint\Apoint.exe [2007-01-25 159744] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2007-02-19 303104] "Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152] ""= [] "DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2004-11-01 176216] "CCDoctorLogonTesting"=C:\Program Files\Rational\ClearCase\bin\ccdoctor.exe [2007-05-16 126976] "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-22 13508608] "nwiz"=nwiz.exe /installquiet [] "NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2008-02-22 86016] "NvMediaCenter"=C:\WINDOWS\system32\NvMCTray.dll [2008-02-22 86016] "todatizevo"=C:\WINDOWS\system32\magiduko.dll [65535-65535-31889 69970] "e4786381"=C:\WINDOWS\system32\puvibimo.dll [2009-01-05 89173] "CPMe74b501d"=c:\windows\system32\madujeri.dll [2009-01-05 104159] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-05 136600] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\WINDOWS\system32\jilubeju.dll c:\windows\system32\guwituyu.dll c:\windows\system32\lebobofu.dll c:\windows\system32\madujeri.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-07-07 46080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ccnotify] C:\WINDOWS\system32\ccnotify.dll [2007-03-30 15412] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ckpNotify] C:\WINDOWS\system32\ckpNotify.dll [2006-09-08 24686] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\madujeri.dll [2009-01-05 104159] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\madujeri.dll [2009-01-05 104159] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-27 304128] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\WINDOWS\system32\jilubeju.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"=TELUS "legalnoticetext"=This TELUS computer is for authorized use only and may be monitored for compliance to business guidelines. . . . Cet ordinateur de TELUS est réservé à un usage autorisé et peut faire l'objet de surveillance pour assurer le respect des pratiques d'affaires. "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "RunLogonScriptSync"=0 "DisableNT4Policy"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoSMConfigurePrograms"=1 "NoSharedDocuments"=1 "NoSMMyPictures"=1 "NoStartMenuMyMusic"=1 "NoRecentDocsNetHood"=1 "NoDesktopCleanupWizard"=1 "NoWelcomeScreen"=1 "ForceStartMenuLogOff"=1 "NoWindowsUpdate"=1 "NoNetworkConnections"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoSMConfigurePrograms"= "NoWelcomeScreen"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:enabled:NetMeeting" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:enabled:Microsoft Management Console" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:enabled:Internet Explorer" "C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe"="C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe:*:enabled:SAP Logon" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App" "C:\Program Files\alphanetworks\DSL-300G Firmware Upgrade Utility\dslupg.exe"="C:\Program Files\alphanetworks\DSL-300G Firmware Upgrade Utility\dslupg.exe:*:enabled:300G ADSL Firmware Upgrade Utility" "C:\Program Files\BMC Software\CONTROL-M EM\bin\emgui.exe"="C:\Program Files\BMC Software\CONTROL-M EM\bin\emgui.exe:*:Enabled:BMC Software EMgui" "C:\Program Files\Cisco Systems\Cisco IP Communicator\Communicator.exe"="C:\Program Files\Cisco Systems\Cisco IP Communicator\Communicator.exe:*:enabled:Cisco IP Communicator" "C:\Program Files\Executive Software\Diskeeper\dkservice.exe"="C:\Program Files\Executive Software\Diskeeper\dkservice.exe:*:enabled:Diskeeper Service" "C:\Program Files\Marimba\tuner\lib\jre\bin\java.exe"="C:\Program Files\Marimba\tuner\lib\jre\bin\java.exe:*:enabled:Marimba Java" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\Microsoft Office Communicator\lcclient.exe"="C:\Program Files\Microsoft Office Communicator\lcclient.exe:*:enabled:Microsoft Office Communicator" "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\Program Files\SAP\FrontEnd\SAPgui\SAPgui.exe"="C:\Program Files\SAP\FrontEnd\SAPgui\SAPgui.exe:*:Enabled:SAPGUI for Win32" "C:\Program Files\SkillSoft\jre\bin\javaw.exe"="C:\Program Files\SkillSoft\jre\bin\javaw.exe:*:enabled:SkillSoft Java" "C:\WINDOWS\system32\dmremote.exe"="C:\WINDOWS\system32\dmremote.exe:*:Enabled:Remote Disk Management" "C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:enabled:Remote Assistance - Windows Messenger and Voice" "C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe:*:enabled:Offer Remote Assistance" "C:\WINDOWS\system32\mnmsrvc.exe"="C:\WINDOWS\system32\mnmsrvc.exe:*:enabled:NetMeeting Remote Desktop Sharing" "C:\WINDOWS\system32\rsh.exe"="C:\WINDOWS\system32\rsh.exe:*:Enabled:TCP/IP Remote Shell Command" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remote Assistance" "C:\WINDOWS\System32\wbem\unsecapp.exe"="C:\WINDOWS\System32\wbem\unsecapp.exe:*:enabled:WMI [Windows Management Instrumentation]" "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007" "C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service" "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient application" "C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line" "C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent" "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\alphanetworks\DSL-300G Firmware Upgrade Utility\dslupg.exe"="C:\Program Files\alphanetworks\DSL-300G Firmware Upgrade Utility\dslupg.exe:*:enabled:300G ADSL Firmware Upgrade Utility" "C:\Program Files\BMC Software\CONTROL-M EM\bin\emgui.exe"="C:\Program Files\BMC Software\CONTROL-M EM\bin\emgui.exe:*:Enabled:BMC Software EMgui" "C:\Program Files\Cisco Systems\Cisco IP Communicator\Communicator.exe"="C:\Program Files\Cisco Systems\Cisco IP Communicator\Communicator.exe:*:enabled:Cisco IP Communicator" "C:\Program Files\DSL Modem Only tester\dslmodem.exe"="C:\Program Files\DSL Modem Only tester\dslmodem.exe:*:enabled:DSL Modem Tester" "C:\Program Files\EPop\EPop.exe"="C:\Program Files\EPop\EPop.exe:*:enabled:e/Pop" "C:\Program Files\Executive Software\Diskeeper\dkservice.exe"="C:\Program Files\Executive Software\Diskeeper\dkservice.exe:*:enabled:Diskeeper Service" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:enabled:Internet Explorer" "C:\Program Files\Marimba\tuner\lib\jre\bin\java.exe"="C:\Program Files\Marimba\tuner\lib\jre\bin\java.exe:*:enabled:Marimba Java" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\Microsoft Office Communicator\lcclient.exe"="C:\Program Files\Microsoft Office Communicator\lcclient.exe:*:enabled:Microsoft Office Communicator" "C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:enabled:NetMeeting" "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "C:\Program Files\SAP\FrontEnd\SAPgui\SAPgui.exe"="C:\Program Files\SAP\FrontEnd\SAPgui\SAPgui.exe:*:Enabled:SAPGUI for Win32" "C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe"="C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe:*:enabled:SAP Logon" "C:\Program Files\SkillSoft\jre\bin\javaw.exe"="C:\Program Files\SkillSoft\jre\bin\javaw.exe:*:enabled:SkillSoft Java" "C:\WINDOWS\system32\dmremote.exe"="C:\WINDOWS\system32\dmremote.exe:*:Enabled:Remote Disk Management" "C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program" "C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:enabled:Remote Assistance - Windows Messenger and Voice" "C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe:*:enabled:Offer Remote Assistance" "C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:enabled:Microsoft Management Console" "C:\WINDOWS\system32\mnmsrvc.exe"="C:\WINDOWS\system32\mnmsrvc.exe:*:enabled:NetMeeting Remote Desktop Sharing" "C:\WINDOWS\system32\rsh.exe"="C:\WINDOWS\system32\rsh.exe:*:Enabled:TCP/IP Remote Shell Command" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remote Assistance" "C:\WINDOWS\System32\wbem\unsecapp.exe"="C:\WINDOWS\System32\wbem\unsecapp.exe:*:enabled:WMI [Windows Management Instrumentation]" "C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007" "C:\Program Files\Microsoft Office Communicator\communicator.exe"="C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007" "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe:*:Enabled:VPN-1 SecuRemote/SecureClient service" "C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.EXE:*:Enabled:VPN-1 SecuRemote/SecureClient application" "C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\scc.exe:*:Enabled:VPN-1 SecuRemote/SecureClient command line" "C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_SDS.exe:*:Enabled:VPN-1 SecuRemote/SecureClient SDS agent" "C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe"="C:\Program Files\CheckPoint\SecuRemote\bin\SR_Diagnostics.exe:*:Enabled:VPN-1 SecuRemote/SecureClient diagnostics" "C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "C:\Program Files\Rational\ClearCase\bin\clearexplorer.exe"="C:\Program Files\Rational\ClearCase\bin\clearexplorer.exe:*:Disabled:Rational ClearCase Explorer" "C:\Program Files\Rational\ClearCase\bin\clearviewtool.exe"="C:\Program Files\Rational\ClearCase\bin\clearviewtool.exe:*:Disabled:VIEWWIZARD" "C:\bea\jrockit90_150_04\bin\java.exe"="C:\bea\jrockit90_150_04\bin\java.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary" "C:\bea\jdk150_04\bin\java.exe"="C:\bea\jdk150_04\bin\java.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:Windows Explorer" "C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5544d78b-3018-11dd-8cca-806d6172696f}] shell\AutoRun\command - NOTEPAD.EXE ReadMe.txt [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c49edc36-c898-11dd-acd0-444553544200}] shell\AutoRun\command - E:\LaunchU3.exe -a ======File associations====== .bat - edit - "C:\Program Files\TextPad 5\TextPad.exe" -s .js - open - "C:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1" .txt - open - "C:\Program Files\TextPad 5\TextPad.exe" -s ======List of files/folders created in the last 1 months====== 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\savogiju.dll.tmp 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\ruvavizo.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\rovoyato.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\rohesulu.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\puvibimo.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\pewejima.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\magiduko.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\madujeri.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\lebobofu.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\jilubeju.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\guwituyu.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\gazeyuha.dll.tmp 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\gavapufa.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\bupuyafo.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\bikusono.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\bezuyiza.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\beziseno.dll 65535-65535-31889 1707:31889:1771 ----ASH---- C:\WINDOWS\system32\bekehutu.dll.tmp 65535-65535-31889 1707:31889:1771 ----A---- C:\WINDOWS\system32\zekikima.dll 65535-65535-31889 1707:31889:1771 ----A---- C:\WINDOWS\system32\pefoginu.dll 65535-65535-31889 1707:31889:1771 ----A---- C:\WINDOWS\system32\gajiname.dll 2009-01-05 18:40:33 ----D---- C:\rsit 2009-01-05 18:23:24 ----D---- C:\Program Files\trend micro 2009-01-05 13:34:56 ----A---- C:\WINDOWS\system32\javaws.exe 2009-01-05 13:34:56 ----A---- C:\WINDOWS\system32\javaw.exe 2009-01-05 13:34:56 ----A---- C:\WINDOWS\system32\java.exe 2009-01-05 13:34:56 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-01-05 06:56:17 ----ASH---- C:\WINDOWS\system32\omibivup.ini 2009-01-04 08:25:06 ----ASH---- C:\WINDOWS\system32\afupavag.ini 2009-01-03 20:04:53 ----ASH---- C:\WINDOWS\system32\ozivavur.ini 2009-01-03 09:51:38 ----A---- C:\VundoFix.txt 2009-01-03 08:03:49 ----ASH---- C:\WINDOWS\system32\unigofep.ini 2009-01-02 20:04:01 ----ASH---- C:\WINDOWS\system32\amikikez.ini 2009-01-02 08  52 ----ASH---- C:\WINDOWS\system32\emanijag.ini2009-01-01 12:02:53 ----D---- C:\Quarantine 2009-01-01 12:00:40 ----ASH---- C:\WINDOWS\system32\ofayupub.ini 2008-12-22 08:21:57 ----D---- C:\katstuff 2008-12-17 19:05:44 ----D---- C:\Documents and Settings\All Users\Application Data\HP 2008-12-17 19:01:56 ----A---- C:\WINDOWS\system32\HPZisn12.dll 2008-12-17 19:01:56 ----A---- C:\WINDOWS\system32\HPZipt12.dll 2008-12-17 19:01:56 ----A---- C:\WINDOWS\system32\HPZipr12.dll 2008-12-17 19:01:56 ----A---- C:\WINDOWS\system32\HPZipm12.exe 2008-12-17 19:01:56 ----A---- C:\WINDOWS\system32\HPZinw12.exe 2008-12-17 19:01:56 ----A---- C:\WINDOWS\system32\HPZidr12.dll 2008-12-17 19:01:53 ----A---- C:\WINDOWS\IsUninst.exe 2008-12-17 19:01:15 ----HD---- C:\Config.Msi 2008-12-17 19:00:57 ----D---- C:\Program Files\HP 2008-12-17 18:58:49 ----A---- C:\WINDOWS\system32\hpz3l43a.dll 2008-12-17 18:58:46 ----RA---- C:\WINDOWS\system32\hpzids01.dll 2008-12-15 14:23:00 ----D---- C:\Program Files\Microsoft 2008-12-15 14:22:42 ----D---- C:\Program Files\Windows Live SkyDrive 2008-12-15 14:22:17 ----D---- C:\Program Files\Windows Live 2008-12-15 13:45:17 ----D---- C:\Documents and Settings\t850260\Application Data\WinRAR 2008-12-15 13:05:42 ----D---- C:\apache-ant-1.7.0 2008-12-15 12:39:10 ----D---- C:\Mockups 2008-12-15 10:36:05 ----D---- C:\oracle 2008-12-15 09:53:15 ----D---- C:\Program Files\Oracle 2008-12-15 08 06 ----D---- C:\PointBase2008-12-15 07:50:28 ----D---- C:\bea 2008-12-15 07:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2008-12-15 07:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2008-12-14 15:16:05 ----D---- C:\Program Files\Common Files\Windows Live 2008-12-14 11:22:38 ----D---- C:\Documents and Settings\t850260\Application Data\Helios 2008-12-14 11:21:32 ----D---- C:\Program Files\TextPad 5 2008-12-14 11:14:08 ----A---- C:\WINDOWS\ModemLog_Conexant HDA D330 MDC V.92 Modem.txt 2008-12-14 11:05:44 ----D---- C:\MDT 2008-12-14 08:53:16 ----D---- C:\Documents and Settings\t850260\Application Data\Help 2008-12-14 08:45:58 ----D---- C:\Documents and Settings\t850260\Application Data\Windows Search 2008-12-13 08:33:59 ----D---- C:\Program Files\WinReg 2008-12-12 20:19:55 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-12-12 19:56:44 ----D---- C:\Documents and Settings\t850260\Application Data\Quest Software 2008-12-12 19:28:34 ----D---- C:\Documents and Settings\t850260\Application Data\ICQ 2008-12-12 19:17:53 ----D---- C:\Documents and Settings\t850260\Application Data\CoreFTP 2008-12-12 17:04:00 ----D---- C:\Documents and Settings\t850260\Application Data\Mozilla 2008-12-12 17:03:52 ----D---- C:\Program Files\Mozilla Firefox 2008-12-12 13:43:39 ----D---- C:\Program Files\Common Files\Macromedia 2008-12-12 13:43:22 ----D---- C:\Program Files\Macromedia 2008-12-12 13:15:02 ----D---- C:\C-backup 2008-12-12 13:11:31 ----D---- C:\Program Files\ICQ6.5 2008-12-12 13:08:42 ----D---- C:\Program Files\CoreFTP 2008-12-12 13:01:19 ----D---- C:\Source 2008-12-12 13:01:03 ----D---- C:\PayerPortal 2008-12-12 12:52:34 ----D---- C:\D-backup 2008-12-12 12:44:54 ----D---- C:\Documents and Settings\t850260\Application Data\Windows Desktop Search 2008-12-12 12:43:15 ----ASH---- C:\Documents and Settings\t850260\Application Data\desktop.ini 2008-12-12 12:43:09 ----D---- C:\Documents and Settings\t850260\Application Data\Macromedia 2008-12-12 12:43:09 ----D---- C:\Documents and Settings\t850260\Application Data\Leadertech 2008-12-12 12:43:09 ----D---- C:\Documents and Settings\t850260\Application Data\Identities 2008-12-12 12:43:09 ----D---- C:\Documents and Settings\t850260\Application Data\CyberLink 2008-12-12 12:43:09 ----D---- C:\Documents and Settings\t850260\Application Data\AdobeUM 2008-12-12 12:43:09 ----D---- C:\Documents and Settings\t850260\Application Data\Adobe 2008-12-12 12:43:08 ----SD---- C:\Documents and Settings\t850260\Application Data\Microsoft 2008-12-12 12:43:07 ----D---- C:\Documents and Settings\t850260\Application Data\Sun 2008-12-12 08:26:48 ----D---- C:\mvfslogs 2008-12-11 12:20:29 ----A---- C:\WINDOWS\system32\nvudisp.exe 2008-12-11 12:19:26 ----A---- C:\WINDOWS\system32\NVUNINST.EXE 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nwiz.exe 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwssr.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwss.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrszht.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrszhc.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrsru.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrsptb.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrspl.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrsko.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrsja.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrsit.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrsfr.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrsesm.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrses.dll 2008-12-11 12:16:43 ----A---- C:\WINDOWS\system32\nvwrsde.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvwimg.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvwdmcpl.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvwddi.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvvitvsr.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvvitvs.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvsvc32.exe 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvshell.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrszht.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrszhc.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrsru.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrsptb.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrspl.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrsko.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrsja.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrsit.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrsfr.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrsesm.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrses.dll 2008-12-11 12:16:42 ----A---- C:\WINDOWS\system32\nvrsde.dll 2008-12-11 12:16:41 ----A---- C:\WINDOWS\system32\nvoglnt.dll 2008-12-11 12:16:41 ----A---- C:\WINDOWS\system32\nvmoblsr.dll 2008-12-11 12:16:41 ----A---- C:\WINDOWS\system32\nvmobls.dll 2008-12-11 12:16:41 ----A---- C:\WINDOWS\system32\nvmctray.dll 2008-12-11 12:16:41 ----A---- C:\WINDOWS\system32\nvmccssr.dll 2008-12-11 12:16:41 ----A---- C:\WINDOWS\system32\nvmccss.dll 2008-12-11 12:16:41 ----A---- C:\WINDOWS\system32\nvmccsrs.dll 2008-12-11 12:16:41 ----A---- C:\WINDOWS\system32\nvmccs.dll 2008-12-11 12:16:40 ----A---- C:\WINDOWS\system32\nview.dll 2008-12-11 12:16:40 ----A---- C:\WINDOWS\system32\nvgamesr.dll 2008-12-11 12:16:40 ----A---- C:\WINDOWS\system32\nvgames.dll 2008-12-11 12:16:40 ----A---- C:\WINDOWS\system32\nvexpbar.dll 2008-12-11 12:16:40 ----A---- C:\WINDOWS\system32\nvdspsch.exe 2008-12-11 12:16:40 ----A---- C:\WINDOWS\system32\nvdispsr.dll 2008-12-11 12:16:39 ----A---- C:\WINDOWS\system32\nvdisps.dll 2008-12-11 12:16:39 ----A---- C:\WINDOWS\system32\nvcuda.dll 2008-12-11 12:16:39 ----A---- C:\WINDOWS\system32\nvcpluir.dll 2008-12-11 12:16:39 ----A---- C:\WINDOWS\system32\nvcplui.exe 2008-12-11 12:16:39 ----A---- C:\WINDOWS\system32\nvcpl.dll 2008-12-11 12:16:38 ----D---- C:\dell 2008-12-11 12:16:38 ----A---- C:\WINDOWS\system32\nvcolor.exe 2008-12-11 12:16:38 ----A---- C:\WINDOWS\system32\nvcodins.dll 2008-12-11 12:16:38 ----A---- C:\WINDOWS\system32\nvcod.dll 2008-12-11 12:16:38 ----A---- C:\WINDOWS\system32\nvappbar.exe 2008-12-11 12:16:38 ----A---- C:\WINDOWS\system32\nvapi.dll 2008-12-11 12:16:38 ----A---- C:\WINDOWS\system32\keystone.exe 2008-12-11 11:36:42 ----D---- C:\Program Files\Common Files\Adobe Systems Shared 2008-12-11 11:08:40 ----A---- C:\WINDOWS\system32\nplogon.exe 2008-12-11 11:08:40 ----A---- C:\WINDOWS\system32\ccnotify.dll 2008-12-11 11:08:40 ----A---- C:\WINDOWS\system32\cccredmgr.exe 2008-12-11 11:08:40 ----A---- C:\WINDOWS\system32\ccasenp.dll 2008-12-11 10:57:30 ----D---- C:\Program Files\Rational 2008-12-11 10:52:15 ----D---- C:\Program Files\WinSCP 2008-12-11 10:48:21 ----D---- C:\Program Files\SecureCRT 2008-12-11 10:46:20 ----D---- C:\Program Files\WinZip 2008-12-11 10:43:53 ----D---- C:\Program Files\WinRAR 2008-12-11 10:42:38 ----D---- C:\Program Files\Microsoft Visual SourceSafe 2008-12-11 10:38:12 ----A---- C:\WINDOWS\uninst.exe 2008-12-11 10:32:29 ----D---- C:\Program Files\MSXML 4.0 2008-12-11 10:32:00 ----D---- C:\Program Files\Common Files\Quest Shared 2008-12-11 10:28:46 ----D---- C:\Documents and Settings\All Users\Application Data\Quest Software 2008-12-11 10:28:34 ----D---- C:\Program Files\Raize 2008-12-11 10:28:34 ----D---- C:\Documents and Settings\All Users\Application Data\Raize 2008-12-11 10:28:31 ----D---- C:\Program Files\Quest Software 2008-12-11 10:27:26 ----D---- C:\Program Files\PuTTY58 2008-12-11 10:20:24 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-12-11 10:20:20 ----D---- C:\Program Files\Common Files\Macrovision Shared 2008-12-11 05:13:16 ----D---- C:\Self Help 2008-12-11 04:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-12-11 04:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-12-11 04:05:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-12-11 04:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-12-11 04:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-12-11 04:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$ 2008-12-11 03:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-12-11 03:56:53 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$ 2008-12-11 03:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-12-11 03:54:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-12-11 03:53:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-12-11 03:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$ 2008-12-11 03:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-12-11 03:49:12 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-12-11 03:48:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-12-11 03:44:27 ----A---- C:\WINDOWS\sendsched.vbs 2008-12-11 02:44:38 ----D---- C:\WINDOWS\system32\VPCache 2008-12-10 16:36:59 ----D---- C:\WINDOWS\system32\CCM 2008-12-10 16:36:59 ----D---- C:\WINDOWS\ms 2008-12-10 16:36:28 ----D---- C:\WINDOWS\system32\ccmsetup 2008-12-10 16:23:22 ----A---- C:\WINDOWS\system32\BCGPOleAcc.dll 2008-12-10 16:23:22 ----A---- C:\WINDOWS\system32\BCGCBPRO730.dll 2008-12-10 16:23:09 ----D---- C:\Program Files\Common Files\Wintertree 2008-12-10 16:23:02 ----D---- C:\Program Files\HEAT 2008-12-10 16:21:26 ----D---- C:\Program Files\CheckPoint 2008-12-10 16:20:39 ----D---- C:\Program Files\marimba 2008-12-10 16:18:03 ----D---- C:\Program Files\Dell 2008-12-10 16:18:00 ----D---- C:\Intel 2008-12-10 16:17:27 ----RSHD---- C:\cmdcons 2008-12-10 16:17:11 ----D---- C:\WINDOWS\setupupd 2008-12-10 16:05:35 ----A---- C:\WINDOWS\pnplog.txt 2008-12-10 16:03:36 ----A---- C:\WINDOWS\system32\stlang.dll 2008-12-10 16:03:36 ----A---- C:\WINDOWS\system32\stacsv.exe 2008-12-10 16:03:36 ----A---- C:\WINDOWS\stsystra.exe 2008-12-10 16:03:23 ----D---- C:\Program Files\Apoint 2008-12-10 16:00:53 ----A---- C:\WINDOWS\setuplog.txt 2008-12-10 14:09:47 ----A---- C:\Uninstal.EXE ======List of files/folders modified in the last 1 months====== 2009-01-05 18:40:20 ----D---- C:\WINDOWS\Prefetch 2009-01-05 18:40:18 ----D---- C:\TEMP 2009-01-05 18:39:09 ----D---- C:\WINDOWS\system32\drivers 2009-01-05 18:36:26 ----D---- C:\WINDOWS\security 2009-01-05 18:35:57 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-01-05 18:32:42 ----RD---- C:\Program Files 2009-01-05 18:32:41 ----HD---- C:\WINDOWS\inf 2009-01-05 18:28:27 ----SHD---- C:\WINDOWS\Installer 2009-01-05 13:38:30 ----SD---- C:\WINDOWS\Tasks 2009-01-05 13:34:57 ----D---- C:\WINDOWS\system32 2009-01-05 13:34:19 ----D---- C:\Program Files\Java 2009-01-05 13:32:48 ----D---- C:\Program Files\Common Files 2009-01-05 06:57:38 ----D---- C:\WINDOWS 2009-01-05 06:56:37 ----D---- C:\WINDOWS\system32\CatRoot2 2009-01-05 06:53:32 ----A---- C:\WINDOWS\smscfg.ini 2009-01-01 18:47:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-12-17 18:58:53 ----D---- C:\WINDOWS\Temp 2008-12-17 18:58:46 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-12-16 14:34:35 ----RSD---- C:\WINDOWS\Fonts 2008-12-15 14:23:12 ----D---- C:\WINDOWS\WinSxS 2008-12-15 14:22:47 ----D---- C:\Program Files\Common Files\Microsoft Shared 2008-12-15 12:47:09 ----A---- C:\WINDOWS\win.ini 2008-12-15 09:11:15 ----D---- C:\Documents and Settings 2008-12-15 07:32:19 ----D---- C:\WINDOWS\Packagelogs 2008-12-15 07:17:09 ----HD---- C:\WINDOWS\$hf_mig$ 2008-12-15 07:13:47 ----A---- C:\WINDOWS\imsins.BAK 2008-12-15 07:10:20 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-12-15 07:03:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-12-14 11:20:32 ----D---- C:\WINDOWS\system32\CatRoot 2008-12-12 19:58:04 ----A---- C:\WINDOWS\saplogon.ini 2008-12-12 19:57:31 ----D---- C:\SapWorkDir 2008-12-12 13:54:11 ----SHD---- C:\RECYCLER 2008-12-12 13:44:38 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-12 12:44:15 ----A---- C:\WINDOWS\OEWABLog.txt 2008-12-12 12:43:50 ----D---- C:\WINDOWS\system32\appmgmt 2008-12-12 08:25:41 ----D---- C:\WINDOWS\nview 2008-12-11 12:20:33 ----D---- C:\WINDOWS\Help 2008-12-11 12:01:08 ----D---- C:\Program Files\Common Files\Adobe 2008-12-11 11:50:34 ----D---- C:\WINDOWS\Microsoft.NET 2008-12-11 11:45:47 ----D---- C:\Program Files\Adobe 2008-12-11 11:33:05 ----RSD---- C:\WINDOWS\assembly 2008-12-11 11:24:41 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-12-11 02:44:41 ----D---- C:\WINDOWS\SoftwareDistribution 2008-12-10 16:23:21 ----A---- C:\WINDOWS\ODBC.INI 2008-12-10 16:21:25 ----D---- C:\Support 2008-12-10 16:19:52 ----D---- C:\WINDOWS\system32\config 2008-12-10 16:19:40 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-12-10 16:17:36 ----RASH---- C:\boot.ini 2008-12-10 16:17:27 ----A---- C:\WINDOWS\UPGRADE.TXT 2008-12-10 16:17:08 ----RASH---- C:\BOOT.BAK 2008-12-10 16:12:10 ----A---- C:\WINDOWS\system.ini 2008-12-10 16:01:59 ----D---- C:\WINDOWS\Registration 2008-12-10 14:09:26 ----SHD---- C:\System Volume Information ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] R1 FW1;SecuRemote Miniport; C:\WINDOWS\system32\DRIVERS\fw.sys [2006-09-08 2234320] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096] R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [] R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2007-10-16 51944] R1 pmxmouse;PMXMOUSE; C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 18432] R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832] R2 CP_OMDRV;Check Point Office Mode Module; C:\WINDOWS\System32\drivers\omdrv.sys [2006-09-08 36464] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 VNASC;Check Point Virtual Network Adapter - SecureClient; C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-09-08 109232] R2 VPN-1;VPN-1 Module; C:\WINDOWS\System32\drivers\vpn.sys [2006-09-08 671472] R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-02-17 132608] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800] R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-03-13 160256] R3 BCM43XX;Pilote de la carte réseau local sans fil Wireless de Dell; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2007-10-09 1123328] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080] R3 Eacfilt;Eacfilt Miniport; C:\WINDOWS\system32\DRIVERS\eacfilt.sys [2006-05-09 24521] R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-02-23 56576] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600] R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2006-11-02 989696] R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2006-11-02 209152] R3 IPSECSHM;Nortel IPSECSHM Adapter; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 155216] R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2007-10-16 64168] R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-10-16 72680] R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-10-16 33960] R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-10-16 171272] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160] R3 Mvfs;Atria Multi-Version FS; C:\WINDOWS\system32\DRIVERS\mvfs50.sys [2007-05-24 330544] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-22 6658592] R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-02-19 1228296] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264] R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-02-20 58240] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2006-11-02 730112] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848] S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-05-11 306176] S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-07-07 1132544] S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-13 254872] S3 GKUPRO2D;GKUPRO2D; C:\WINDOWS\System32\Drivers\GKUPRO2D.sys [2005-02-18 71168] S3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2005-05-31 87936] S3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-06-12 45056] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568] S3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384] S3 HSXHWAZL;HSXHWAZL; C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys [] S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972] S3 IPSECEXT;Nortel Extranet Access Protocol; C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2006-05-09 155216] S3 pmxps2m;PMXPS2M; C:\WINDOWS\system32\DRIVERS\pmxps2m.sys [2006-05-30 16384] S3 pmxusblf;PMXUSBLF; C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 14336] S3 prepdrvr;SMS Process Event Driver; \??\C:\WINDOWS\system32\CCM\prepdrv.sys [] S3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928] S3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2004-09-17 732928] S3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-01-27 260352] S3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616] S3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2005-05-13 28672] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 cccredmgr;Rational Cred Manager; C:\WINDOWS\system32\cccredmgr.exe [2007-03-30 28220] R2 CcmExec;SMS Agent Host; C:\WINDOWS\system32\CCM\CcmExec.exe [2007-04-13 590712] R2 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2004-11-01 577644] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-05 152984] R2 LockMgr;IBM Rational Lock Manager; C:\Program Files\Rational\ClearCase\bin\lockmgr.exe [2007-04-27 28740] R2 MarimbaTunerwin;MarimbaTuner_win; C:\program files\marimba\tuner\Tuner.exe [2008-12-12 36953] R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2008-04-04 103744] R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2007-10-16 144704] R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2007-10-16 54608] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-02-22 155716] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632] R2 SR_Service;Check Point VPN-1 Securemote service; C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe [2006-09-08 106607] R2 SR_Watchdog;Check Point VPN-1 Securemote watchdog; C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe [2006-09-08 36976] R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\StacSV.exe [2007-02-19 90112] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-27 439808] R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-11 654848] S2 Albd;Atria Location Broker; C:\Program Files\Rational\ClearCase\bin\albd_server.exe [2007-03-30 176186] S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-07-07 364544] S2 OracleMTSRecoveryService;OracleMTSRecoveryService; G:\oracle\ora92\bin\omtsreco.exe OracleMTSRecoveryService [] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-12-11 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864] S3 HP Port Resolver;HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [2005-05-20 81920] S3 HP Status Server;HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [2004-10-16 73728] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 OracleOracleHome92ClientCache;OracleOracleHome92ClientCache; C:\oracle\ora92\BIN\ONRSD.EXE [2002-04-26 242328] S3 OracleOraHome92ClientCache;OracleOraHome92ClientCache; G:\oracle\ora92\BIN\ONRSD.EXE [] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880] -----------------EOF----------------- ----------------- info.txt --------------------------------------- info.txt logfile of random's system information tool 1.05 2009-01-05 18:40:51 ======Uninstall list====== -->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {201F2C1A-B80B-4D0E-8B2C-97F282A80567} -->msiexec /package {90120000-00A1-0000-0000-0000000FF1CE} /uninstall {D70DFC4F-17F5-4759-ACC7-A68542CD5199} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} Adobe Acrobat 8 Professional - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000003} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE} Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003} Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean BEA Products-->"C:\bea\weblogic92\uninstall\uninstall.cmd" BlackBerry Desktop Software 4.5-->MsiExec.exe /i{778669B2-E04B-4999-B3FD-EE7786708878} BlackBerry Desktop Software 4.5-->MsiExec.exe /I{778669B2-E04B-4999-B3FD-EE7786708878} Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA1-->MsiExec.exe /X{2614733A-84B6-4056-8114-C9BF35AEDA03} Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C} CodeSite 3.0.1 Client Tools-->C:\PROGRA~1\Raize\CS3\UNWISE.EXE C:\PROGRA~1\Raize\CS3\CS3ClientTools_Install.log Collaboration Data Objects 1.2.1-->MsiExec.exe /X{86EF9EB6-DE10-4ABB-B221-D61972BB3C09} Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf Core FTP LE 2.1-->C:\PROGRA~1\CoreFTP\UNWISE.EXE C:\PROGRA~1\CoreFTP\INSTALL.LOG Dell Touchpad-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE Diskeeper Professional Edition-->MsiExec.exe /I{2A1A690D-7030-4B92-A93B-B80378F1F580} Eclipse 3.3.2-->MsiExec.exe /I{03B1DDA6-FACF-475B-8FC5-4E896F5339E7} eRoom 7-->MsiExec.exe /I{6A92A88B-E6B2-4EE1-9821-0DC373610394} HEAT-->MsiExec.exe /I{4D99A65F-274D-47A0-8162-D08DC567C3FB} High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840} Hotfix for Windows XP (KB910678)-->"C:\WINDOWS\$NtUninstallKB910678$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe" Hotfix for Windows XP (KB928388)-->"C:\WINDOWS\$NtUninstallKB928388$\spuninst\spuninst.exe" Hotfix for Windows XP (KB936357-v2)-->"C:\WINDOWS\$NtUninstallKB936357-v2$\spuninst\spuninst.exe" HP Deskjet 6900 series-->C:\Program Files\HP\Digital Imaging\{7ADE9F27-A175-447F-A4B4-B05FA82735E1}\setup\hpzscr01.exe -datfile hpfscr09.dat HPV Solo 2007-->MsiExec.exe /I{1124FB78-E5D1-4D61-993C-4F77EE5B7EDA} IBM Rational ClearCase-->MsiExec.exe /I{681411BD-5AD8-4DA5-BBEE-EF20E3628D33} ICQ6.5-->"C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly Intel(R) PRO Network Connections Drivers-->Prounstl.exe Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Knowledge Xpert-->c:\program files\quest software\Quest Installer\qi.exe Knowledge Xpert-->MsiExec.exe /I{140d8f4d-e72b-47a6-b1fa-4884c4129dae} Knowledge Xpert-->MsiExec.exe /I{5e3d3710-5e97-4069-b9ec-c8790a8edd83} Knowledge Xpert-->MsiExec.exe /I{f7a1e55e-c01d-4935-a085-1ec5a734abee} Knowledge Xpert-->MsiExec.exe /I{fcee19ee-1fca-4aae-9ac7-32138c9db630} Macromedia Dreamweaver 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall MarimbaTuner_win-->MsiExec.exe /X{86979D16-10B7-591E-B300-6085031FC711} Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783} Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" Microsoft Conferencing Add-in for Microsoft Office Outlook-->MsiExec.exe /I{813B302C-2014-4166-B5D2-8C211AE4F22E} Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Communicator 2007, MUI-->MsiExec.exe /X{E444F7DA-C812-4E71-B8C1-FFC5E6D1528F} Microsoft Office Communicator 2007-->MsiExec.exe /X{E5BA0430-919F-46DD-B656-0796F8A5ADFF} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Live Meeting 2007-->MsiExec.exe /I{E3CD4EA8-68BB-46E8-9E79-20A417A82C53} Microsoft Office OneNote 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ONENOTE /dll OSETUP.DLL Microsoft Office OneNote 2007-->MsiExec.exe /X{90120000-00A1-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Visio Viewer 2003 (Français)-->MsiExec.exe /I{9052040C-6000-11D3-8CFE-0150048383C9} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Organization Chart 2.0-->MsiExec.exe /I{90AE0409-6000-11D3-8CFE-0150048383C9} Microsoft Outlook Personal Folders Backup-->MsiExec.exe /X{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5} Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs-->MsiExec.exe /X{90120000-00B2-0409-0000-0000000FF1CE} Microsoft Visual SourceSafe 2005 - ENU-->"C:\Program Files\Microsoft Visual SourceSafe\Microsoft Visual SourceSafe 2005 - ENU\setup.exe" Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Nortel Networks Contivity VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF964A78-078C-11D1-B7A7-0000C0134CE6}\setup.exe" Uninstall NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall Post2008C6EM-->"\UNINSTAL.EXE" "" "Post2008C6EM Uninstall" PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\setup.exe" -l0x9 -cluninstall PuTTY .58-->MsiExec.exe /I{54C1352C-8BB4-40AB-826E-72801BF2191C} Quest Application Integration Tool-->MsiExec.exe /I{639DED6D-3C08-4E63-A560-11E317BFD3B6} Quest Installer-->C:\Program Files\Quest Software\Quest Installer\Uninstall.EXE Quest SQL Optimizer 7.3 for Oracle-->MsiExec.exe /I{FFE5B5D3-DEA8-4EF0-8FE5-56C206EAACEE} Quest SQL Tuning for Oracle-->C:\PROGRA~1\QUESTS~1\\TUNING~1\UNWISE.EXE C:\PROGRA~1\QUESTS~1\\TUNING~1\INSTALL.LOG Register for Windows-->"C:\Program Files\WinReg\Uninstall.exe" "C:\Program Files\WinReg\install.log" Remove Hidden Data Tool-->MsiExec.exe /X{90F80409-6000-11D3-8CFE-0150048383C9} SAP Front End-->"C:\WINDOWS\SapWksta\setup\sapsetup.exe" /uninstall /noRestart Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-00A1-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-00A1-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe" Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe" Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe" Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe" Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe" Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe" Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe" Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe" Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe" Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe" Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe" Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe" Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe" Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe" Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe" Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe" Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe" Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe" Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe" Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe" Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe" Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe" Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe" Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe" Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe" Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe" Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe" Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe" Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe" Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe" Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe" Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe" Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe" Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe" Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe" Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe" Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe" Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe" Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe" Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe" Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe" Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe" Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe" Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe" Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe" Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe" Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe" Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe" Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe" Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe" Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe" Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe" Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe" Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe" Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe" Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe" Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe" Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe" Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe" Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe" Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe" Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe" Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe" Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe" Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe" Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe" Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe" Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} TextPad 5-->MsiExec.exe /X{B6EC7388-E277-4A5B-8C8F-71067A41BA64} Toad for Oracle-->MsiExec.exe /I{B11DA33B-F355-463B-9B69-72DBA1D8CECE} Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe" Update for Windows XP (KB896256)-->"C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe" Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe" Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe" Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe" Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe" Update for Windows XP (KB925877)-->"C:\WINDOWS\$NtUninstallKB925877$\spuninst\spuninst.exe" Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe" Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe" Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe" Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe" Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe" Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe" Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe" Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe" User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55} VanDyke Software SecureCRT 4.1-->C:\PROGRA~1\SECURE~1\UNINSTAL.EXE C:\PROGRA~1\SECURE~1\INSTALL.LOG Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Live Call-->MsiExec.exe /I{020D8396-D6D9-4B53-A9A1-83C47E2E27AA} Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B} Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{D9D754A1-EAC5-406C-A28B-C49B1E846711} Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C} Windows Live Sign-in Assistant-->MsiExec.exe /I{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4} Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player Enterprise Deployment-->MsiExec.exe /I{C2CDE75C-CA51-4335-9C13-84C00E6093A5} Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall Windows Messenger 5.1-->MsiExec.exe /I{8419C98D-6818-443B-9362-156519FE4C6B} Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840} Windows Rights Management Client Backwards Compatibility SP2-->MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790} Windows Rights Management Client with Service Pack 2-->MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe Windows XP Hotfix - KB887816-->C:\WINDOWS\$NtUninstallKB887816$\spuninst\spuninst.exe Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe" Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe Windows XP Hotfix (SP1) [See Q282784 for more information]-->C:\WINDOWS\$NtUninstallQ282784$\spuninst\spuninst.exe WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WinSCP 4.1.7-->"C:\Program Files\WinSCP\unins000.exe" WinZip-->MsiExec.exe /I{07C032D9-906C-40C6-AF6C-85EB61622CB0} ======Hosts File====== 10.36.5.21 devctoracle 10.36.5.20 devweb-3 10.36.5.18 devweb-1 10.36.20.106 devvss 10.36.5.6 devtools 10.36.27.163 devoraa7 10.36.27.160 devoraa1 10.36.5.45 devapp-3 10.36.5.29 devapp-1 10.36.5.44 devapp-2 ======Security center information====== AV: McAfee VirusScan Enterprise System event log Computer Name: L013018 Event Code: 3004 Message: Record Number: 317729 Source Name: WinDefend Time Written: 20090105132034.000000-300 Event Type: warning User: Computer Name: L013018 Event Code: 3005 Message: Record Number: 317728 Source Name: WinDefend Time Written: 20090105132032.000000-300 Event Type: information User: Computer Name: L013018 Event Code: 3004 Message: Record Number: 317727 Source Name: WinDefend Time Written: 20090105132032.000000-300 Event Type: warning User: Computer Name: L013018 Event Code: 3005 Message: Record Number: 317726 Source Name: WinDefend Time Written: 20090105132032.000000-300 Event Type: information User: Computer Name: L013018 Event Code: 3005 Message: Record Number: 317725 Source Name: WinDefend Time Written: 20090105132032.000000-300 Event Type: information User: Application event log Computer Name: L013018 Event Code: 1024 Message: (pid: 2908, tid: 864) expand_symlinks_in_ob_pname(): Warning: Nt OpenDirectoryObject(*S) returned access denied Record Number: 1562 Source Name: ClearCase Time Written: 20081215073905.000000-300 Event Type: error User: Computer Name: L013018 Event Code: 1024 Message: (pid: 2908, tid: 864) expand_symlinks_in_ob_pname(): Warning: Nt OpenDirectoryObject(*S) returned access denied Record Number: 1561 Source Name: ClearCase Time Written: 20081215073905.000000-300 Event Type: error User: Computer Name: L013018 Event Code: 1024 Message: (pid: 2908, tid: 864) expand_symlinks_in_ob_pname(): Warning: Nt OpenDirectoryObject(*S) returned access denied Record Number: 1560 Source Name: ClearCase Time Written: 20081215073905.000000-300 Event Type: error User: Computer Name: L013018 Event Code: 1024 Message: (pid: 2908, tid: 864) expand_symlinks_in_ob_pname(): Warning: Nt OpenDirectoryObject(*S) returned access denied Record Number: 1559 Source Name: ClearCase Time Written: 20081215073815.000000-300 Event Type: error User: Computer Name: L013018 Event Code: 1024 Message: (pid: 2908, tid: 864) expand_symlinks_in_ob_pname(): Warning: Nt OpenDirectoryObject(*S) returned access denied Record Number: 1558 Source Name: ClearCase Time Written: 20081215073815.000000-300 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection "devmgr_show_nonpresent_devices"=1 "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=2 "OS"=Windows_NT "Path"=C:\oracle\ora92\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\Program Files\Oracle\jre\1.1.8\bin;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\SecureCRT\;C:\Program Files\Rational\common;C:\Program Files\Rational\ClearCase\bin;C:\Program Files\Common Files\Adobe\AGL "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel "PROCESSOR_LEVEL"=6 "PROCESSOR_REVISION"=1706 "TEMP"=%Systemdrive%\TEMP "TMP"=%Systemdrive%\TEMP "VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection "WF_RESOURCES"=G:\oracle\ora92\WF\RES\WFus.RES "windir"=%SystemRoot% -----------------EOF----------------- |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
01-09-2009, 11:26 AM
|
#2 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 39,485
OS: 2000 Pro; XP Pro; XP Home
|
Re: HELP! Constant popups and extremely slow computer
 Download GMER Rootkit Scanner from here or here.
**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you.  Microsoft MVP - Consumer Security 2009
|
|
|
|
|
01-09-2009, 01:06 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 7
OS: XP
|
Re: HELP! Constant popups and extremely slow computer
Thank you so much!
Here is the GMER result: GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-09 16:05:00 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB5C726D0] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB58497FB] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB584980F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB584983B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB58497E7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB5849825] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB5849851] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB5849867] ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- EOF - GMER 1.0.14 ---- |
|
|
|
|
01-09-2009, 02:04 PM
|
#4 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 39,485
OS: 2000 Pro; XP Pro; XP Home
|
Re: HELP! Constant popups and extremely slow computer
Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.
--------------------------------------------------------------------------------------------- Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
01-09-2009, 02:43 PM
|
#5 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 7
OS: XP
|
Re: HELP! Constant popups and extremely slow computer
Unfortunately I cannot disable Mcafee. When I right click the exit button is grayed out and when I open the console, and attempt to disable the On-Access Scan, "disable" option is also grayed out.
What will happen if I try to run ComboFix with McAfee still running? Bad stuff? 
|
|
|
|
|
01-09-2009, 05:03 PM
|
#6 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 39,485
OS: 2000 Pro; XP Pro; XP Home
|
Re: HELP! Constant popups and extremely slow computer
Run ComboFix in Safe mode. If ComboFix reboots your machine as part of the process, restart in safe mode until a log is produced, then, restart in normal mode, and post the log. It will be located at C:\ComboFix.txt
You can boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers. ---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
01-10-2009, 05:09 AM
|
#7 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 7
OS: XP
|
Re: HELP! Constant popups and extremely slow computer
I had to use Safe Mode with Networking and McAfee seemed to start up anyway. At least, Combofix thought it did.
Here is the log: ComboFix 09-01-09.01 - t850260 2009-01-10 7:54:44.1 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3290 [GMT -5:00] Running from: c:\documents and settings\t850260\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\windows\system32\afupavag.ini c:\windows\system32\amikikez.ini c:\windows\system32\azabajul.ini c:\windows\system32\efcAQIxW.dll c:\windows\system32\emanijag.ini c:\windows\system32\ofayupub.ini c:\windows\system32\omibivup.ini c:\windows\system32\ozivavur.ini c:\windows\system32\pewejima.dll c:\windows\system32\uleyuzad.ini c:\windows\system32\unigofep.ini c:\windows\system32\x64 ----- BITS: Possible infected sites ----- hxxp://ONSMSPS2:80 hxxp://ONSMSPS2.corp.ads:80 hxxp://ONSMSDP2:80 . ((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 ))))))))))))))))))))))))))))))) . 2009-01-10 08:01 . 2009-01-10 08:01 16,384 --a----t- c:\temp\Perflib_Perfdata_4e8.dat 2009-01-10 08:01 . 2009-01-10 08:01 16,384 --a----t- c:\temp\Perflib_Perfdata_238.dat 2009-01-09 16:30 . 2009-01-09 17:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-09 16:17 . 2009-01-09 16:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-01-09 15:57 . 2009-01-09 15:57 250 --a------ c:\windows\gmer.ini 2009-01-09 09:34 . 2009-01-09 09:35 <DIR> d-------- c:\documents and settings\t850260\workspace 2009-01-09 09:29 . 2009-01-09 10:06 <DIR> d-------- C:\eclipse 2009-01-07 11:29 . 2007-08-10 19:53 76,288 --a------ c:\windows\system32\DWRCSET.DLL 2009-01-07 11:29 . 2007-08-01 22:05 73,728 --a------ c:\windows\system32\DWRCST.EXE 2009-01-07 11:29 . 2007-08-01 22:05 65,536 --a------ c:\windows\system32\DWRCShell.dll 2009-01-07 11:28 . 2007-08-10 19:47 223,232 --a------ c:\windows\system32\DWRCS.EXE 2009-01-07 11:28 . 2007-08-01 22:05 53,248 --a------ c:\windows\system32\DWRCK.DLL 2009-01-07 09:34 . 2009-01-07 09:34 <DIR> d-------- c:\documents and settings\t850260\.unlimitedftp 2009-01-07 08:43 . 2009-01-07 08:43 <DIR> d-------- c:\program files\Common Files\Mercury Interactive 2009-01-07 08:43 . 2009-01-07 11:38 221 --a------ c:\windows\mercury.ini 2009-01-06 07:52 . 2009-01-06 07:52 <DIR> d-------- c:\program files\trend micro 2009-01-05 13:34 . 2009-01-05 13:34 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-05 13:34 . 2009-01-05 13:34 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-01 12:02 . 2009-01-09 18:33 <DIR> d-------- C:\Quarantine 2008-12-17 19:05 . 2008-12-17 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP 2008-12-17 19:01 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2008-12-17 19:01 . 2005-03-14 12:03 278,584 --a------ c:\windows\system32\HPZidr12.dll 2008-12-17 19:01 . 2005-03-14 12:05 204,800 --a------ c:\windows\system32\HPZipr12.dll 2008-12-17 19:01 . 2005-03-08 11:55 94,208 --a------ c:\windows\system32\HPZipt12.dll 2008-12-17 19:01 . 2005-03-14 12:05 69,632 --a------ c:\windows\system32\HPZipm12.exe 2008-12-17 19:01 . 2005-03-14 13:39 65,536 --a------ c:\windows\system32\HPZinw12.exe 2008-12-17 19:01 . 2005-03-08 11:55 57,344 --a------ c:\windows\system32\HPZisn12.dll 2008-12-17 19:00 . 2008-12-17 19:09 <DIR> d-------- c:\program files\HP 2008-12-17 18:59 . 2008-12-17 19:07 105,070 --a------ c:\windows\HPFins09.dat 2008-12-17 18:59 . 2005-11-01 04:29 3,732 --a------ c:\windows\hpfmdl09.dat 2008-12-17 18:58 . 2005-10-27 04:51 77,824 -ra------ c:\windows\system32\hpzids01.dll 2008-12-17 18:58 . 2005-10-14 22:42 37,376 --a------ c:\windows\system32\hpz3l43a.dll 2008-12-15 14:23 . 2008-12-15 14:23 <DIR> d-------- c:\program files\Microsoft 2008-12-15 14:22 . 2008-12-15 14:22 <DIR> d-------- c:\program files\Windows Live SkyDrive 2008-12-15 14:22 . 2008-12-15 14:22 <DIR> d-------- c:\program files\Windows Live 2008-12-15 13:05 . 2008-12-15 13:05 <DIR> d-------- C:\apache-ant-1.7.0 2008-12-15 10:36 . 2008-12-15 10:36 <DIR> d-------- C:\oracle 2008-12-15 09:53 . 2008-12-15 10:36 <DIR> d-------- c:\program files\Oracle 2008-12-15 09:11 . 2008-01-26 06:25 <DIR> d---s---- c:\documents and settings\x112578\UserData 2008-12-15 09:11 . 2006-10-31 14:02 <DIR> d-------- c:\documents and settings\x112578\Application Data\Leadertech 2008-12-15 09:11 . 2008-01-26 01:55 <DIR> d-------- c:\documents and settings\x112578\Application Data\CyberLink 2008-12-15 09:11 . 2006-10-04 17:49 <DIR> d-------- c:\documents and settings\x112578\Application Data\AdobeUM 2008-12-15 09:11 . 2008-12-15 09:11 <DIR> d-------- c:\documents and settings\x112578 2008-12-15 08:06 . 2008-12-15 08:06 <DIR> d-------- C:\PointBase 2008-12-15 07:50 . 2008-12-15 07:59 <DIR> d-------- C:\bea 2008-12-14 15:16 . 2008-12-14 15:16 <DIR> d-------- c:\program files\Common Files\Windows Live 2008-12-14 11:22 . 2008-12-14 11:22 <DIR> d-------- c:\documents and settings\t850260\Application Data\Helios 2008-12-14 11:21 . 2008-12-14 11:21 <DIR> d-------- c:\program files\TextPad 5 2008-12-14 11:05 . 2009-01-10 08:02 <DIR> d-------- C:\MDT 2008-12-14 10:57 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2008-12-14 10:57 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\dllcache\usbprint.sys 2008-12-14 08:45 . 2008-12-14 08:45 <DIR> d-------- c:\documents and settings\t850260\Application Data\Windows Search 2008-12-13 08:33 . 2008-12-13 18:51 <DIR> d-------- c:\program files\WinReg 2008-12-12 20:19 . 2008-12-12 20:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2008-12-12 19:56 . 2008-12-12 19:56 <DIR> d-------- c:\documents and settings\t850260\Application Data\Quest Software 2008-12-12 19:17 . 2009-01-06 07:51 <DIR> d-------- c:\documents and settings\t850260\Application Data\CoreFTP 2008-12-12 17:04 . 2008-12-12 17:04 0 --a------ c:\windows\nsreg.dat 2008-12-12 16:50 . 2009-01-05 07:43 <DIR> d---s---- c:\temp\Temporary Internet Files 2008-12-12 16:50 . 2008-12-12 16:50 <DIR> d---s---- c:\temp\History 2008-12-12 16:50 . 2009-01-10 08:03 <DIR> d---s---- c:\temp\Cookies 2008-12-12 13:43 . 2008-12-12 13:44 <DIR> d-------- c:\program files\Macromedia 2008-12-12 13:43 . 2008-12-12 13:44 <DIR> d-------- c:\program files\Common Files\Macromedia 2008-12-12 13:28 . 2008-12-22 07:45 <DIR> d-------- c:\documents and settings\t850260\Tracing 2008-12-12 13:15 . 2008-12-17 18:57 <DIR> d-------- C:\C-backup 2008-12-12 13:11 . 2008-12-12 13:12 <DIR> d-------- c:\documents and settings\t654987\Application Data\ICQ 2008-12-12 13:08 . 2008-12-12 13:08 <DIR> d-------- c:\program files\CoreFTP 2008-12-12 12:52 . 2008-12-26 07:59 <DIR> d-------- C:\D-backup 2008-12-12 12:44 . 2008-12-12 12:44 <DIR> d-------- c:\documents and settings\t850260\Application Data\Windows Desktop Search 2008-12-12 12:43 . 2009-01-08 08:25 <DIR> d---s---- c:\documents and settings\t850260\UserData 2008-12-12 12:43 . 2006-10-31 14:02 <DIR> d-------- c:\documents and settings\t850260\Application Data\Leadertech 2008-12-12 12:43 . 2008-01-26 01:55 <DIR> d-------- c:\documents and settings\t850260\Application Data\CyberLink 2008-12-12 12:43 . 2006-10-04 17:49 <DIR> d-------- c:\documents and settings\t850260\Application Data\AdobeUM 2008-12-12 12:43 . 2009-01-09 09:34 <DIR> d-------- c:\documents and settings\t850260 2008-12-12 08:26 . 2009-01-10 07:22 <DIR> d-------- C:\mvfslogs 2008-12-11 12:20 . 2008-02-22 05:46 360,448 --a------ c:\windows\system32\nvudisp.exe 2008-12-11 12:20 . 2009-01-10 08:02 169,875 --a------ c:\windows\system32\nvapps.xml 2008-12-11 12:20 . 2008-02-22 05:46 17,848 --a------ c:\windows\system32\nvdisp.nvu 2008-12-11 12:19 . 2008-02-22 07:06 360,448 --a------ c:\windows\system32\NVUNINST.EXE 2008-12-11 11:36 . 2008-12-11 11:36 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2008-12-11 11:08 . 2007-05-24 17:15 330,544 --a------ c:\windows\system32\drivers\mvfs50.sys 2008-12-11 11:08 . 2007-03-30 16:09 54,835 --a------ c:\windows\system32\ccasenp.dll 2008-12-11 11:08 . 2007-03-30 16:11 28,220 --a------ c:\windows\system32\cccredmgr.exe 2008-12-11 11:08 . 2007-04-12 10:19 20,019 --a------ c:\windows\system32\nplogon.exe 2008-12-11 11:08 . 2007-03-30 16:09 15,412 --a------ c:\windows\system32\ccnotify.dll 2008-12-11 10:57 . 2008-12-11 11:00 <DIR> d-------- c:\program files\Rational 2008-12-11 10:52 . 2008-12-11 10:52 <DIR> d-------- c:\program files\WinSCP 2008-12-11 10:48 . 2008-12-11 10:48 <DIR> d-------- c:\program files\SecureCRT 2008-12-11 10:48 . 2008-12-11 10:48 <DIR> d-------- c:\documents and settings\t654987\Application Data\VanDyke 2008-12-11 10:42 . 2008-12-11 10:42 <DIR> d-------- c:\program files\Microsoft Visual SourceSafe 2008-12-11 10:38 . 1996-07-18 13:06 297,472 --a------ c:\windows\uninst.exe 2008-12-11 10:37 . 2008-12-11 10:37 <DIR> d-------- c:\documents and settings\t654987\WINDOWS 2008-12-11 10:32 . 2008-12-11 10:32 <DIR> d-------- c:\program files\MSXML 4.0 2008-12-11 10:32 . 2008-12-11 10:32 <DIR> d-------- c:\program files\Common Files\Quest Shared 2008-12-11 10:32 . 2008-12-11 10:32 <DIR> d-------- c:\documents and settings\t654987\Application Data\Software 2008-12-11 10:32 . 2008-12-11 11:05 <DIR> d-------- c:\documents and settings\t654987\Application Data\Quest Software 2008-12-11 10:28 . 2008-12-11 10:28 <DIR> d-------- c:\program files\Raize 2008-12-11 10:28 . 2008-12-11 10:33 <DIR> d-------- c:\program files\Quest Software 2008-12-11 10:28 . 2008-12-11 10:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raize 2008-12-11 10:28 . 2008-12-11 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\Quest Software 2008-12-11 10:28 . 2002-08-09 08:00 1,381,376 --a------ c:\windows\system32\vcl70.bpl 2008-12-11 10:28 . 2002-08-09 08:00 778,240 --a------ c:\windows\system32\rtl70.bpl 2008-12-11 10:28 . 2002-08-09 08:00 227,328 --a------ c:\windows\system32\vclie70.bpl 2008-12-11 10:28 . 2005-01-08 03:00 24,064 --a------ c:\windows\system32\CS30Inspectors70.bpl 2008-12-11 10:27 . 2008-12-11 10:27 <DIR> d-------- c:\program files\PuTTY58 2008-12-11 10:20 . 2008-12-11 10:20 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2008-12-11 10:20 . 2008-12-11 10:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2008-12-11 10:17 . 2008-12-11 10:17 <DIR> d-------- c:\documents and settings\t654987\Tracing 2008-12-11 10:10 . 2008-12-11 12:03 <DIR> d-------- c:\documents and settings\t654987\Application Data\U3 2008-12-11 05:13 . 2008-12-11 05:13 <DIR> d-------- C:\Self Help 2008-12-11 05:13 . 2005-04-06 15:04 4,286 --a------ c:\windows\HelpWinXP.ico 2008-12-11 04:03 . 2008-06-13 08:10 272,128 --a------ c:\windows\system32\drivers\bthport.sys 2008-12-11 03:44 . 2003-11-25 14:23 3,141 --a------ c:\windows\sendsched.vbs 2008-12-11 02:44 . 2008-12-24 06:44 <DIR> d-------- c:\windows\system32\VPCache 2008-12-10 16:36 . 2008-12-10 16:37 <DIR> d-------- c:\windows\system32\ccmsetup 2008-12-10 16:36 . 2008-12-10 16:37 <DIR> d-------- c:\windows\system32\CCM 2008-12-10 16:36 . 2008-12-10 16:36 <DIR> d-------- c:\windows\ms 2008-12-10 16:23 . 2008-12-10 16:23 <DIR> d-------- c:\program files\HEAT 2008-12-10 16:23 . 2008-12-10 16:23 <DIR> d-------- c:\program files\Common Files\Wintertree 2008-12-10 16:23 . 2005-06-30 12:04 2,121,728 --a------ c:\windows\system32\BCGCBPRO730.dll 2008-12-10 16:23 . 2005-06-30 12:03 28,672 --a------ c:\windows\system32\BCGPOleAcc.dll 2008-12-10 16:22 . 2006-09-08 13:29 2,516 --a------ c:\windows\system32\drivers\default.bin 2008-12-10 16:22 . 2006-09-08 13:29 2,516 --a------ c:\windows\system32\default.bin 2008-12-10 16:21 . 2008-12-10 16:21 <DIR> d-------- c:\program files\CheckPoint 2008-12-10 16:20 . 2009-01-10 08:01 <DIR> d-------- c:\temp\hsperfdata_SYSTEM 2008-12-10 16:20 . 2008-12-10 16:20 <DIR> d-------- c:\program files\marimba . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-06 12:52 --------- d-----w c:\program files\Java 2008-12-15 12:10 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-12-12 18:44 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-11 17:01 --------- d-----w c:\program files\Common Files\Adobe 2008-12-10 21:01 4,128 ----a-w c:\windows\system32\drivers\INFCACHE.1 1601-01-01 00:12 18,432 --sha-w c:\windows\system32\wojukoro.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2008-04-04 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 111952] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152] "DiskeeperSystray"="c:\program files\Executive Software\Diskeeper\DkIcon.exe" [2004-11-01 176216] "CCDoctorLogonTesting"="c:\program files\Rational\ClearCase\bin\ccdoctor.exe" [2007-05-16 126976] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608] "SigmatelSysTrayApp"="stsystra.exe" [2007-02-19 c:\windows\stsystra.exe] "nwiz"="nwiz.exe" [2008-02-22 c:\windows\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2008-02-22 c:\windows\system32\nvhotkey.dll] "NvMediaCenter"="NvMCTray.dll" [2008-02-22 c:\windows\system32\nvmctray.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\t654987\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2008-12-11 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-27 123904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableNT4Policy"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoStartMenuMyMusic"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) "NoWelcomeScreen"= 1 (0x1) "ForceStartMenuLogOff"= 1 (0x1) "NoNetworkConnections"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ccnotify] 2007-03-30 16:09 15412 c:\windows\system32\ccnotify.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2006-09-08 13:29 24686 c:\windows\system32\ckpNotify.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ \0 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\0\0] "Script"=\\corp.ads\netlogon\Secure Scripts\LocalAdmin.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\1\0] "Script"=SMS2003.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\2\0] "Script"=CopySelfHelp.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\3\0] "Script"=MarimbaCheck.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\4\0] "Script"=SetDefaults.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\4\1] "Script"=WirelessDNS.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1119643175-775699462-1943422765-542995\Scripts\Logon\0\0] "Script"=UserInit.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1119643175-775699462-1943422765-542995\Scripts\Logon\1\0] "Script"=User_IM_RunOnce.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1119643175-775699462-1943422765-542995\Scripts\Logon\2\0] "Script"=ResetUserDS.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1119643175-775699462-1943422765-542995\Scripts\Logon\3\0] "Script"=LogonScript.bat [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1119643175-775699462-1943422765-542995\Scripts\Logon\3\1] "Script"=TELUS_Logos.cmd [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1119643175-775699462-1943422765-542995\Scripts\Logon\4\0] "Script"=EmergisCommunicator.bat [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Executive Software\\Diskeeper\\dkservice.exe"= "c:\\Program Files\\Marimba\\tuner\\lib\\jre\\bin\\java.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\SAPgui.exe"= "c:\\WINDOWS\\system32\\dmremote.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"= "c:\\WINDOWS\\system32\\mnmsrvc.exe"= "c:\\WINDOWS\\system32\\rsh.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\System32\\wbem\\unsecapp.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"= "c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "445:TCP"= 445:TCP:File/Print Sharing "137:UDP"= 137:UDP:File/Print Sharing "138:UDP"= 138:UDP:File/Print Sharing "135:tcp"= 135:tcp:Remote Assistance "139:udp"= 139:udp:File/Print Sharing "21:tcp"= 21:tcp:FTP "2701:tcp"= 2701:tcp:SMS Remote contact, reboot, and ping "2702:tcp"= 2702:tcp:SMS Remote Control "2703:tcp"= 2703:tcp:SMS Chat "2704:tcp"= 2704:tcp:SMS File Transfer "3389:*"= 3389:Remote Desktop "6129:tcp"= 6129:tcp:DameWare Remote Control [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [2007-02-15 26624] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [2006-09-08 2234320] R1 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.SYS [2006-11-16 18432] R3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [2007-02-07 2944] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2008-09-19 24521] R3 Mvfs;Atria Multi-Version FS;c:\windows\system32\drivers\mvfs50.sys [2008-12-11 330544] R4 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [2006-09-08 36464] R4 MarimbaTunerwin;MarimbaTuner_win;c:\program files\marimba\tuner\Tuner.exe [2007-08-01 36953] R4 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [2006-09-08 109232] R4 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [2006-09-08 671472] S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\drivers\GKUPRO2D.sys [2008-02-19 71168] S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-11-20 87936] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2008-09-19 155216] S3 OracleOracleHome92ClientCache;OracleOracleHome92ClientCache;c:\oracle\ora92\bin\ONRSD.EXE [2002-04-26 242328] S3 pmxps2m;PMXPS2M;c:\windows\system32\drivers\pmxps2m.sys [2006-11-16 16384] S3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2006-12-04 14336] S4 Albd;Atria Location Broker;c:\program files\Rational\ClearCase\bin\albd_server.exe [2007-03-30 176186] --- Other Services/Drivers In Memory --- *Deregistered* - uphcleanhlp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5544d78b-3018-11dd-8cca-806d6172696f}] \Shell\AutoRun\command - NOTEPAD.EXE ReadMe.txt [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c49edc36-c898-11dd-acd0-444553544200}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\CurrentUserProfilePrep] c:\support\CUPrep.cmd . - - - - ORPHANS REMOVED - - - - BHO-{87c675d4-abe2-4f90-bb49-295f8f49c5dd} - (no file) HKLM-Run-PMX Daemon - ICO.EXE . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.ca/ uInternet Connection Wizard,ShellNext = hxxp://emergisweb/ IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: intranet.telusquebec.com Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll c:\windows\system32\capicom.dll - c:\windows\Downloaded Program Files\Spider91.ocx O16 -: {B2FC031D-8C74-46AE-8042-BCF4FC03C1EF} hxxps://www.emergistestdirector.com/qcbin/Spider91.cab c:\windows\Downloaded Program Files\Spider91.inf FF - ProfilePath - c:\documents and settings\t850260\Application Data\Mozilla\Firefox\Profiles\ysuot3ao.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-10 08:03:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1816) c:\windows\system32\Ati2evxx.dll c:\windows\system32\ccnotify.dll c:\windows\system32\ccasenp.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\CheckPoint\SecuRemote\bin\SR_Service.exe c:\program files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe c:\windows\system32\scardsvr.exe c:\program files\Executive Software\Diskeeper\DkService.exe c:\windows\system32\DWRCS.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Rational\ClearCase\bin\lockmgr.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\mcshield.exe c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\HPZipm12.exe c:\windows\system32\locator.exe c:\windows\system32\stacsv.exe c:\windows\system32\DWRCST.EXE c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.exe c:\windows\system32\wdfmgr.exe c:\program files\UPHClean\uphclean.exe c:\windows\system32\searchindexer.exe c:\windows\system32\cccredmgr.exe c:\windows\system32\CCM\CcmExec.exe c:\windows\system32\msiexec.exe c:\program files\McAfee\Common Framework\Mctray.exe c:\program files\Apoint\ApMsgFwd.exe c:\program files\Apoint\hidfind.exe c:\program files\Apoint\ApntEx.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\marimba\tuner\.marimba\MarimbaTuner_win\ch.3\data\sum.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\marimba\tuner\lib\minituner.exe . ************************************************************************** . Completion time: 2009-01-10 8 30 - machine was rebootedComboFix-quarantined-files.txt 2009-01-10 13 26Pre-Run: 92,718,993,408 bytes free Post-Run: 92,958,793,728 bytes free 398 |
|
|
|
|
01-10-2009, 07:43 AM
|
#8 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 39,485
OS: 2000 Pro; XP Pro; XP Home
|
Re: HELP! Constant popups and extremely slow computer
This looks to be a company machine, is that the case?
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
01-10-2009, 08:12 AM
|
#10 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 39,485
OS: 2000 Pro; XP Pro; XP Home
|
Re: HELP! Constant popups and extremely slow computer
Ok, that likely explains why you can't disable McAfee, and why I see so many restrictive policies in place. Those, I shall ignore. We generally don't like to work on company machines, but since we've begun, I'll continue.
Open NOTEPAD.exe and copy/paste the text in the codebox below into it: Code:
@echo off if exist "%temp%\log.txt" del "%temp%\log.txt" for %%g in ( c:\windows\system32\wojukoro.dll ) do ( del /a/f %%g >nul 2>&1 if exist %%g echo.%%g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.Deleted Successfully !! pause del %0 It should look like this:  Double click on fix.bat & allow it to run Post back to tell me what it says --------------------------------------------------------------------------------------------- Please perform this online scan to help look for remnants Establish an internet connection & perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner **Note** To optimize scanning time and produce a more sensible report for review:
Click Accept, when prompted to download and install the program files and database of malware definitions.
---------------------------------------------------------------------------------------------
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
01-10-2009, 11:43 AM
|
#11 (permalink) |
|
Registered User
Join Date: Jan 2009
Posts: 7
OS: XP
|
Re: HELP! Constant popups and extremely slow computer
fix.bat printed out: Deleted successfully !!
Kaspersky log is: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Saturday, January 10, 2009 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Saturday, January 10, 2009 15:26:28 Records in database: 1598607 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ M:\ Scan statistics: Files scanned: 117533 Threat name: 0 Infected objects: 0 Suspicious objects: 0 Duration of the scan: 02:21:52 No malware has been detected. The scan area is clean. The selected area was scanned. |
|
|
|
|
01-10-2009, 12:59 PM
|
#12 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 39,485
OS: 2000 Pro; XP Pro; XP Home
|
Re: HELP! Constant popups and extremely slow computer
Good, that's what we wanted from fix.bat
Congratulations....clean logs! You should be good to go. We still have a few items to address. Go to  -> Run -> copy/paste in the following single line command & click OKcombofix /u  This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points. Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:
In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it. Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
|
01-10-2009, 01:47 PM
|
#14 (permalink) |
|
Manager, Security Center, TSF Academy; Analyst, Security Team
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 39,485
OS: 2000 Pro; XP Pro; XP Home
|
Re: HELP! Constant popups and extremely slow computer
You're welcome
 Surf Safely, and Think Prevention! Since this issue is resolved, this topic will be archived.
__________________
Practice Safe Surfing Because what you don't know, CAN hurt you. Microsoft MVP - Consumer Security 2009
|
|
|
|
| Thread Tools | |
|
|
