Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32.Spybot.S Worm [CLOSED]


  • This topic is locked This topic is locked

#1
gdk322

gdk322

    New Member

  • Member
  • Pip
  • 3 posts
Hello,

I am far from a computer specialist, I know how they work and can use the necessary software but programming and stuff is not my thing. I have a brand new (2 months old) 4 Gigabyte Ram Dell Precision M4300 laptop which suddenly became very (and I mean VERY) slow in startup and in use. I did a system check, ran Symantec, Spybot and Lavasoft ad-aware but nothing worked. I noticed that my computer was working when no programs were started. I checked the startup-list in MSconfig and found "NvCpl" which I can not remove. According to the internet, this process belongs to a W32.Spybot.S Worm.

I ran Malwarebytes, haved it clean my computer, installed all Windows updates and ran HijackThis. I inserted the logfile below, can anyone please help me to remove this thing???

Thanks a million!!
Gerd

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:32, on 6/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be...html?channel=be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be...html?channel=be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [EFI Job Monitor] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\efjm.dll,run
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FrisomatGroep.Lan
O17 - HKLM\Software\..\Telephony: DomainName = FrisomatGroep.Lan
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = FrisomatGroep.Lan
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5282 bytes
  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

NvCpl is from your Nvidia Graphics card.

Let's do some scans.

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a separate reply.

&



Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Once done, uninstall any older versions of Java through add or remove programs.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

  • 0

#3
gdk322

gdk322

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
okay, here we go. I did the scans as requested. One remark however, I had to limit the Kaspersky-scan to the 2 hard discs on my computer, when I choose "my computer" it scans the network drives as well...

Report 1: dss notepad "Main.txt"
Deckard's System Scanner v20071014.68
Run by 306 on 2008-08-06 12:01:31
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2008-08-06 10:01:35 UTC - RP209 - Deckard's System Scanner Restore Point
50: 2008-08-06 08:14:28 UTC - RP208 - System Checkpoint
49: 2008-08-04 15:47:52 UTC - RP207 - Software Distribution Service 3.0
48: 2008-08-04 10:11:30 UTC - RP206 - System Checkpoint
47: 2008-07-11 06:07:25 UTC - RP205 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-07-04 12:47:23 UTC - RP159 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as 306.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:18, on 6/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
D:\Downloaded software\Deckards system scanner\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\306.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be...html?channel=be
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be...html?channel=be
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [EFI Job Monitor] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\efjm.dll,run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FrisomatGroep.Lan
O17 - HKLM\Software\..\Telephony: DomainName = FrisomatGroep.Lan
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = FrisomatGroep.Lan
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 5462 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080707-095858-165 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.defaulthomepage.info
backup-20080707-095858-175 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
backup-20080707-095858-282 O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
backup-20080707-095858-307 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
backup-20080707-095858-353 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
backup-20080707-095858-442 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
backup-20080707-095858-488 O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
backup-20080707-095858-553 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20080707-095858-559 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=1071023
backup-20080707-095858-567 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
backup-20080707-095858-617 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
backup-20080707-095858-639 O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
backup-20080707-095858-645 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.be...html?channel=be
backup-20080707-095858-720 O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
backup-20080707-095858-799 O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
backup-20080707-095858-865 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.be...html?channel=be
backup-20080707-095858-935 O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
backup-20080707-095858-948 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=en&client=dell-row-rel&channel=be&ibd=1071023
backup-20080707-095858-953 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.be...html?channel=be
backup-20080707-095859-112 O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
backup-20080707-095859-144 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
backup-20080707-095859-157 O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
backup-20080707-095859-163 O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
backup-20080707-095859-230 O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
backup-20080707-095859-250 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
backup-20080707-095859-251 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
backup-20080707-095859-258 O4 - HKLM\..\RunOnce: [SpybotDeletingA3868] command /c del "C:\WINDOWS\system32\tuvsSIaA.dll_old"
backup-20080707-095859-335 O8 - Extra context menu item: Geselecteerde koppelingen converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
backup-20080707-095859-341 O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
backup-20080707-095859-465 O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
backup-20080707-095859-497 O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
backup-20080707-095859-534 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20080707-095859-570 O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
backup-20080707-095859-577 O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
backup-20080707-095859-630 O8 - Extra context menu item: Selectie converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080707-095859-658 O8 - Extra context menu item: Koppelingdoel converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080707-095859-660 O4 - HKLM\..\RunOnce: [SpybotDeletingC1432] cmd /c del "C:\WINDOWS\system32\tuvsSIaA.dll_old"
backup-20080707-095859-719 O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
backup-20080707-095859-720 O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
backup-20080707-095859-726 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
backup-20080707-095859-793 O8 - Extra context menu item: Converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080707-095859-799 O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
backup-20080707-095859-842 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
backup-20080707-095859-855 O8 - Extra context menu item: Koppelingdoel converteren naar Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
backup-20080707-095859-865 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080707-095859-879 O8 - Extra context menu item: Selectie converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080707-095859-929 O8 - Extra context menu item: Converteren naar bestaand PDF-bestand - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
backup-20080707-095859-931 O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Downloaded software\Spybot\Spybot - Search & Destroy\TeaTimer.exe
backup-20080707-095903-845 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
backup-20080707-095905-897 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
backup-20080707-095906-199 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\DOWNLO~1\Spybot\SPYBOT~1\SDHelper.dll
backup-20080707-095908-957 O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\DOWNLO~1\Spybot\SPYBOT~1\SDHelper.dll
backup-20080707-095909-571 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080707-095912-237 O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
backup-20080707-095913-269 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080707-095913-286 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
backup-20080707-095913-540 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
backup-20080707-095915-191 O17 - HKLM\Software\..\Telephony: DomainName = FrisomatGroep.Lan
backup-20080707-095915-290 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = FrisomatGroep.Lan
backup-20080707-095915-319 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20080707-095915-363 O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
backup-20080707-095915-385 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
backup-20080707-095915-450 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
backup-20080707-095915-458 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = FrisomatGroep.Lan
backup-20080707-095915-485 O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
backup-20080707-095915-487 O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
backup-20080707-095915-496 O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
backup-20080707-095915-657 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20080707-095915-758 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
backup-20080707-095915-842 O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
backup-20080707-095915-877 O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
backup-20080707-095916-279 O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
backup-20080707-095916-495 O23 - Service: NTRU TSS v1.2.1.12 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
backup-20080707-095916-773 O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe

-- File Associations -----------------------------------------------------------

.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 PBADRV - c:\windows\system32\drivers\pbadrv.sys <Not Verified; Dell Inc; Application Driver>
R1 APPDRV - c:\windows\system32\drivers\appdrv.sys <Not Verified; Dell Inc; Application Driver>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.6.0.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.6.0.0>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R3 DXEC01 - c:\windows\system32\drivers\dxec01.sys <Not Verified; Knowles Acoustics; DXEC.01 Speech Enhancement>

S4 vsdatant - a (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel® Corporation; SSO Service>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 NICCONFIGSVC - c:\program files\dell\quickset\nicconfigsvc.exe <Not Verified; Dell Inc.; NicConfigSvc>
S4 SecureStorageService - "c:\program files\wave systems corp\secure storage manager\securestorageservice.exe" <Not Verified; Wave Systems Corp.; Secure Storage Manager>
S4 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 stllssvr - "c:\program files\common files\surething shared\stllssvr.exe" <Not Verified; MicroVision Development, Inc.; SureThing CD Labeler>
S4 tcsd_win32.exe (NTRU TSS v1.2.1.12 TCS) - "c:\program files\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe"


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6234
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd


-- Files created between 2008-07-06 and 2008-08-06 -----------------------------

2008-08-06 09:30:57 0 d-------- C:\Documents and Settings\306\Application Data\Malwarebytes
2008-08-06 09:30:53 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-06 09:30:18 0 d-------- C:\Program Files\Common Files\Download Manager
2008-08-05 16:18:01 0 d-------- C:\Documents and Settings\306\Application Data\Lavasoft
2008-08-05 15:34:31 0 d-------- C:\Documents and Settings\306\Application Data\Apple Computer
2008-07-11 14:40:42 0 d-------- C:\Documents and Settings\306\Application Data\Real
2008-07-09 10:12:22 0 d-------- C:\Program Files\Palm
2008-07-09 09:12:21 0 d-------- C:\Documents and Settings\306\Application Data\WinRAR
2008-07-08 19:49:03 0 d-------- C:\Documents and Settings\306\Application Data\Leadertech
2008-07-08 19:36:46 0 d-------- C:\Documents and Settings\TEMP.FRISOMATGROEP\Application Data\Intel
2008-07-08 19:36:46 0 d-------- C:\Documents and Settings\TEMP.FRISOMATGROEP\Application Data\InstallShield
2008-07-08 19:36:46 0 d-------- C:\Documents and Settings\TEMP.FRISOMATGROEP\Application Data\Identities
2008-07-08 19:36:45 0 d--h----- C:\Documents and Settings\TEMP.FRISOMATGROEP\Templates
2008-07-08 19:36:45 0 dr------- C:\Documents and Settings\TEMP.FRISOMATGROEP\Start Menu
2008-07-08 19:36:45 0 dr-h----- C:\Documents and Settings\TEMP.FRISOMATGROEP\SendTo
2008-07-08 19:36:45 0 dr-h----- C:\Documents and Settings\TEMP.FRISOMATGROEP\Recent
2008-07-08 19:36:45 0 d--h----- C:\Documents and Settings\TEMP.FRISOMATGROEP\PrintHood
2008-07-08 19:36:45 786432 --ah----- C:\Documents and Settings\TEMP.FRISOMATGROEP\NTUSER.DAT
2008-07-08 19:36:45 0 d--h----- C:\Documents and Settings\TEMP.FRISOMATGROEP\NetHood
2008-07-08 19:36:45 0 dr------- C:\Documents and Settings\TEMP.FRISOMATGROEP\My Documents
2008-07-08 19:36:45 0 d--h----- C:\Documents and Settings\TEMP.FRISOMATGROEP\Local Settings
2008-07-08 19:36:45 0 dr------- C:\Documents and Settings\TEMP.FRISOMATGROEP\Favorites
2008-07-08 19:36:45 0 d-------- C:\Documents and Settings\TEMP.FRISOMATGROEP\Desktop
2008-07-08 19:36:45 0 d--hs---- C:\Documents and Settings\TEMP.FRISOMATGROEP\Cookies
2008-07-08 19:36:45 0 dr-h----- C:\Documents and Settings\TEMP.FRISOMATGROEP\Application Data
2008-07-08 19:36:45 0 d-------- C:\Documents and Settings\TEMP.FRISOMATGROEP\Application Data\Wave Systems Corp
2008-07-08 19:36:45 0 d---s---- C:\Documents and Settings\TEMP.FRISOMATGROEP\Application Data\Microsoft
2008-07-08 11:56:18 0 d-------- C:\Documents and Settings\306\Application Data\Mozilla
2008-07-08 11:47:56 0 d-------- C:\Documents and Settings\306\Application Data\VanDale
2008-07-08 09:16:45 0 d-------- C:\Documents and Settings\306\Application Data\Google
2008-07-07 15:24:05 0 d-------- C:\Documents and Settings\381\Application Data\Logitech
2008-07-07 15:23:11 0 d--h----- C:\Documents and Settings\381\NetHood
2008-07-07 15:23:11 0 dr------- C:\Documents and Settings\381\My Documents
2008-07-07 15:23:11 0 d--h----- C:\Documents and Settings\381\Local Settings
2008-07-07 15:23:11 0 dr------- C:\Documents and Settings\381\Favorites
2008-07-07 15:23:11 0 d-------- C:\Documents and Settings\381\Desktop
2008-07-07 15:23:11 0 d--hs---- C:\Documents and Settings\381\Cookies
2008-07-07 15:23:11 0 dr-h----- C:\Documents and Settings\381\Application Data
2008-07-07 15:23:11 0 d-------- C:\Documents and Settings\381\Application Data\Wave Systems Corp
2008-07-07 15:23:11 0 d---s---- C:\Documents and Settings\381\Application Data\Microsoft
2008-07-07 15:23:11 0 d-------- C:\Documents and Settings\381\Application Data\Intel
2008-07-07 15:23:11 0 d-------- C:\Documents and Settings\381\Application Data\InstallShield
2008-07-07 15:23:11 0 d-------- C:\Documents and Settings\381\Application Data\Identities
2008-07-07 15:23:10 0 d--h----- C:\Documents and Settings\381\Templates
2008-07-07 15:23:10 0 dr------- C:\Documents and Settings\381\Start Menu
2008-07-07 15:23:10 0 dr-h----- C:\Documents and Settings\381\SendTo
2008-07-07 15:23:10 0 dr-h----- C:\Documents and Settings\381\Recent
2008-07-07 15:23:10 0 d--h----- C:\Documents and Settings\381\PrintHood
2008-07-07 15:23:10 1048576 --ah----- C:\Documents and Settings\381\NTUSER.DAT
2008-07-07 13:38:08 0 d-------- C:\Documents and Settings\306\Application Data\Sun
2008-07-07 13:30:21 0 d-------- C:\Documents and Settings\306\Application Data\AdobeUM
2008-07-07 12:56:57 0 d-------- C:\Documents and Settings\306\Application Data\Logitech
2008-07-07 11:43:45 0 d-------- C:\Documents and Settings\306\Application Data\Macromedia
2008-07-07 11:43:45 0 d-------- C:\Documents and Settings\306\Application Data\Adobe
2008-07-07 11:19:49 0 d-------- C:\Program Files\Acro Software
2008-07-07 11:18:26 0 d-------- C:\Program Files\GPLGS
2008-07-07 11:07:20 0 dr------- C:\Documents and Settings\306\Favorites
2008-07-07 11:07:20 0 d-------- C:\Documents and Settings\306\Desktop
2008-07-07 11:07:20 0 d--hs---- C:\Documents and Settings\306\Cookies
2008-07-07 11:07:20 0 dr-h----- C:\Documents and Settings\306\Application Data
2008-07-07 11:07:20 0 d-------- C:\Documents and Settings\306\Application Data\Wave Systems Corp
2008-07-07 11:07:20 0 d-------- C:\Documents and Settings\306\Application Data\Intel
2008-07-07 11:07:20 0 d-------- C:\Documents and Settings\306\Application Data\InstallShield
2008-07-07 11:07:20 0 d-------- C:\Documents and Settings\306\Application Data\Identities
2008-07-07 11:07:19 0 d--h----- C:\Documents and Settings\306\Templates
2008-07-07 11:07:19 0 dr------- C:\Documents and Settings\306\Start Menu
2008-07-07 11:07:19 0 dr-h----- C:\Documents and Settings\306\SendTo
2008-07-07 11:07:19 0 dr-h----- C:\Documents and Settings\306\Recent
2008-07-07 11:07:19 0 d--h----- C:\Documents and Settings\306\PrintHood
2008-07-07 11:07:19 3670016 --ah----- C:\Documents and Settings\306\NTUSER.DAT
2008-07-07 11:07:19 0 d--h----- C:\Documents and Settings\306\NetHood
2008-07-07 11:07:19 0 dr------- C:\Documents and Settings\306\My Documents
2008-07-07 11:07:19 0 d--h----- C:\Documents and Settings\306\Local Settings
2008-07-07 10:47:07 110602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
2008-07-07 10:47:04 0 d-------- C:\Program Files\Driver Magician
2008-07-07 10:44:47 0 dr------- C:\Documents and Settings\Administrator.frisomatgroep\Favorites
2008-07-07 10:44:47 0 d-------- C:\Documents and Settings\Administrator.frisomatgroep\Desktop
2008-07-07 10:44:47 0 d--hs---- C:\Documents and Settings\Administrator.frisomatgroep\Cookies
2008-07-07 10:44:47 0 dr-h----- C:\Documents and Settings\Administrator.frisomatgroep\Application Data
2008-07-07 10:44:47 0 d-------- C:\Documents and Settings\Administrator.frisomatgroep\Application Data\Wave Systems Corp
2008-07-07 10:44:47 0 d---s---- C:\Documents and Settings\Administrator.frisomatgroep\Application Data\Microsoft
2008-07-07 10:44:47 0 d-------- C:\Documents and Settings\Administrator.frisomatgroep\Application Data\Intel
2008-07-07 10:44:47 0 d-------- C:\Documents and Settings\Administrator.frisomatgroep\Application Data\InstallShield
2008-07-07 10:44:47 0 d-------- C:\Documents and Settings\Administrator.frisomatgroep\Application Data\Identities
2008-07-07 10:44:46 0 d--h----- C:\Documents and Settings\Administrator.frisomatgroep\Templates
2008-07-07 10:44:46 0 dr------- C:\Documents and Settings\Administrator.frisomatgroep\Start Menu
2008-07-07 10:44:46 0 dr-h----- C:\Documents and Settings\Administrator.frisomatgroep\SendTo
2008-07-07 10:44:46 0 dr-h----- C:\Documents and Settings\Administrator.frisomatgroep\Recent
2008-07-07 10:44:46 0 d--h----- C:\Documents and Settings\Administrator.frisomatgroep\PrintHood
2008-07-07 10:44:46 1048576 --ah----- C:\Documents and Settings\Administrator.frisomatgroep\NTUSER.DAT
2008-07-07 10:44:46 0 d--h----- C:\Documents and Settings\Administrator.frisomatgroep\NetHood
2008-07-07 10:44:46 0 dr------- C:\Documents and Settings\Administrator.frisomatgroep\My Documents
2008-07-07 10:44:46 0 d--h----- C:\Documents and Settings\Administrator.frisomatgroep\Local Settings
2008-07-07 10:14:49 0 d-------- C:\Documents and Settings\306old\.housecall6.6
2008-07-07 09:52:29 0 d-------- C:\Documents and Settings\306old\DoctorWeb
2008-07-07 09:52:15 0 d-------- C:\Program Files\Trend Micro
2008-07-07 08:23:29 345 --ahs---- C:\WINDOWS\system32\ehNoVELm.ini2


-- Find3M Report ---------------------------------------------------------------

2008-08-06 09:30:18 0 d-------- C:\Program Files\Common Files
2008-08-05 14:57:38 0 d-------- C:\Program Files\Kinoma
2008-08-05 08:20:47 140973 --a------ C:\WINDOWS\system32\nvModes.dat
2008-07-09 09:12:58 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-08 11:43:18 0 d-------- C:\Program Files\Google
2008-07-07 10:48:23 0 d-------- C:\Program Files\Symantec
2008-07-07 10:48:12 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-07 10:27:36 0 d-------- C:\Program Files\MSECACHE
2008-07-07 10:26:30 0 d-------- C:\Program Files\Dell
2008-07-04 16:04:42 16879 --ahs---- C:\WINDOWS\system32\AaISsvut.ini2
2008-07-01 14:00:34 0 d-------- C:\Program Files\IrfanView
2008-06-24 09:18:54 0 d-------- C:\Program Files\Nokia
2008-06-24 09:18:54 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-30 12:44:31 0 --a------ C:\WINDOWS\system32\Infob.dat
2008-05-30 12:44:31 0 --a------ C:\WINDOWS\system32\Infoa.dat
2008-05-30 12:41:14 305 --a------ C:\WINDOWS\system32\treeinfo.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [31/10/2007 10:36]
"NvMediaCenter"="NvMCTray.dll" [31/05/2007 16:50 C:\WINDOWS\system32\nvmctray.dll]
"nwiz"="nwiz.exe" [31/05/2007 16:50 C:\WINDOWS\system32\nwiz.exe]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [04/08/2004 06:00]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [31/05/2007 16:50]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EFI Job Monitor"=" C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\efjm.dll,run" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13/10/2004 18:24]

C:\Documents and Settings\306\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [25/09/2003 10:47:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll 15/11/2007 11:10 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth C:\WINDOWS\system32\mLEVoNhe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3693744080-3800500109-2892053873-1123\Scripts\Logon\0\0]
"Script"=\\friso2008\netlogon\logonscript.vbs

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Snelle start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Snelle start.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Snelle start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelZeroConfig]
"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP4 Player]
"C:\Program Files\MP4 Player\mp4Player.exe" hmw

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LBTServ"=3 (0x3)
"Fax"=2 (0x2)
"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12




-- End of Deckard's System Scanner: finished at 2008-08-06 12:03:53 ------------

report 2: dss notepad "extra.txt" + kaspersky-log in seperate reply...
  • 0

#4
gdk322

gdk322

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
here we go...

dss report "extra.txt"
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
CPU 1: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 17%
Physical Memory (total/avail): 3582.04 MiB / 2970.57 MiB
Pagefile Memory (total/avail): 7510.15 MiB / 6977.67 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1909.03 MiB

C: is Fixed (NTFS) - 60 GiB total, 17.27 GiB free.
D: is Fixed (NTFS) - 51.68 GiB total, 15.99 GiB free.
E: is CDROM (No Media)
I: is Network (NTFS)
K: is Network (NTFS)
M: is Network (NTFS)
P: is Network (NTFS)
W: is Network (NTFS)

\\.\PHYSICALDRIVE0 - FUJITSU MHW2120BJ G2 - 111.79 GiB - 3 partitions
\PARTITION0 - Unknown - 101.94 MiB
\PARTITION1 (bootable) - Installable File System - 60 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 51.68 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.

FW: Symantec Endpoint Protection v10.0 (Symantec Corporation.)
AV: Symantec Endpoint Protection v11.0.777.1008 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program Files\\Palm\\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe:*:Enabled:SMC Service"
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"="C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE:*:Enabled:SNAC Service"
"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe:*:Enabled:Symantec Email"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program Files\\Palm\\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\306\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MARKETING01
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\306
LOGONSERVER=\\FRISO2008
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\PROGRA~1\COMMON~1\EFI;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Dell Preboot Manager\Access Client\v5\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 10, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0a
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
RoxioCentral=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\306\LOCALS~1\Temp
TMP=C:\DOCUME~1\306\LOCALS~1\Temp
USERDNSDOMAIN=FRISOMATGROEP.LAN
USERDOMAIN=FRISOMATGROEP
USERNAME=306
USERPROFILE=C:\Documents and Settings\306
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

IT (admin)
Administrator (admin)
306 (admin)
326 (new local, admin, net ready)
services (new local, admin, net ready)
352 (admin)
381 (new local, admin, net ready)
Administrator.frisomatgroep (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0413-0000-0000000FF1CE} /uninstall {4059772C-68BA-4FE4-9B6E-3EC37C0C4624}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0413-0000-0000000FF1CE} /uninstall {1120A001-69F4-43D2-83CE-716B2DC4366F}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office system --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
32 Bit HP BiDi Channel Components Installer --> MsiExec.exe /I{9DE3F260-B88E-42CE-90E7-73C78C37D95E}
Ad-Aware SE Personal --> MsiExec.exe /X{78CC3BAB-DE2A-4FB4-8FBB-E4DADDC26747}
Adobe Acrobat 7.1.0 Standard - Dansk, Nederlands --> msiexec /I {AC76BA86-1030-D700-BA7E-000000000002}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings --> C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings --> MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe InDesign CS3 --> C:\Program Files\Common Files\Adobe\Installers\05ba3a63f36684fe0c5dde2ebe6f8f5\Setup.exe
Adobe InDesign CS3 --> MsiExec.exe /I{CB3F8375-B600-4B9F-83C9-238ED1E583FD}
Adobe InDesign CS3 Icon Handler --> MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0.1 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Setup --> MsiExec.exe /I{56B8B892-317E-4FDE-9E4D-44B189848A27}
Adobe Setup --> MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe SING CS3 --> MsiExec.exe /I{3F9B2FD2-1C83-4401-9967-C3636638E958}
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
biolsp patch --> MsiExec.exe /I{E6095BEA-8C97-4342-B771-13BB72AC1D88}
Broadcom ASF Management Applications --> MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}
Broadcom Management Programs --> MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Broadcom TPM Driver Installer --> MsiExec.exe /X{35748B06-FCFC-4700-8285-DAD41689E4FE}
ColorWise Pro Tools 3.2.36b --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{902261FB-61C7-11D5-A02B-00E081105A80}\setup.exe"
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
CutePDF Writer 2.7 --> C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
dBpowerAMP Mp4 Codec --> "C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Mp4 Codec.dat
Dell Embassy Trust Suite by Wave Systems --> C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Touchpad --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Digimax Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B55E0A8-07F5-4966-9B7B-D32C8ADC0FF4}\Setup.exe" -l0x13 -removeonly
Digimax Master --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
Digital Line Detect --> C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Document Manager Lite --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2} /l1033
Driver Magician 3.28 --> "C:\Program Files\Driver Magician\unins000.exe"
DVD Decrypter (Remove Only) --> "D:\Downloaded software\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "D:\Downloaded software\DVD Shrink\unins000.exe"
EMBASSY Security Center --> C:\Program Files\InstallShield Installation Information\{EEAFE1E5-076B-430A-96D9-B567792AFA88}\setup.exe -runfromtemp -l0x0409
EMBASSY Security Setup --> C:\Program Files\InstallShield Installation Information\{53333479-6A52-4816-8497-5C52B67ED339}\setup.exe -runfromtemp -l0x0409
EMBASSY Trust Suite by Wave Systems --> C:\Program Files\InstallShield Installation Information\{F1802FA6-54E9-4B24-BD2A-B50866819795}\setup.exe -runfromtemp -l0x0009 -removeonly
ESC Home Page Plugin --> C:\Program Files\InstallShield Installation Information\{E738A392-F690-4A9D-808E-7BAF80E0B398}\setup.exe -runfromtemp -l0x0409
ETS Upgrade --> C:\Program Files\InstallShield Installation Information\{72FECEA1-E87F-4192-89FA-D0FBF92885BB}\setup.exe -runfromtemp -l0x0409
Evaluatieversie van Microsoft Office Professional 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Fiery Remote Scan 5.1.2.3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35C30793-32F4-11D6-A043-00E081105A80}\setup.exe"
Free Mp3 Wma Converter V 1.2.9 --> "C:\Program Files\Free Audio Pack\unins000.exe"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp LaserJet 4250/4350/4240 --> C:\Program Files\Hewlett-Packard\hp LaserJet 4250 4350 4240\Installer\hpsetup.exe /x
hp LaserJet 4250/4350/4240 --> msiexec /x{E063B3E2-6641-4375-9F09-ADA9E589EB90}
HP Printer Access Tool --> MsiExec.exe /X{D8DBCF67-C44C-4768-8112-9CADBAC390E6}
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
IntelliSonic Speech Enhancement --> MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
IrfanView (remove only) --> C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment, SE v1.4.1_02 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFCE5837-FC21-11D6-9D24-00010240CE95}\setup.exe" Anytext
Java Web Start --> "C:\Program Files\Java\jre1.5.0_06\bin\uninst-javaws.exe"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
K-Lite Codec Pack 3.2.5 Standard --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalInstallWrapper --> MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Kinoma Producer for Palm, Inc. --> C:\WINDOWS\unvise32.exe C:\Program Files\Kinoma\uninstal.log
LiveUpdate 3.3 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware --> "D:\Downloaded software\Malwarebytes anti malware\Malwarebytes' Anti-Malware\unins000.exe"
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell --> MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components --> MsiExec.exe /I{90A40413-6000-11D3-8CFE-0150048383C9}
Microsoft Office 2007 Primary Interop Assemblies --> MsiExec.exe /X{50120000-1105-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0015-0413-0000-0000000FF1CE}
Microsoft Office Excel MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0016-0413-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001A-0413-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0018-0413-0000-0000000FF1CE}
Microsoft Office Professional 2007 --> MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Professional Hybrid 2007 --> MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007 --> MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proofing (Dutch) 2007 --> MsiExec.exe /X{90120000-002C-0413-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-0019-0413-0000-0000000FF1CE}
Microsoft Office Shared MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-006E-0413-0000-0000000FF1CE}
Microsoft Office Small Business-verbindingsonderdelen --> MsiExec.exe /X{A939D341-5A04-4E0A-BB55-3E65B386432D}
Microsoft Office Word MUI (Dutch) 2007 --> MsiExec.exe /X{90120000-001B-0413-0000-0000000FF1CE}
Microsoft SQL Server Native Client --> MsiExec.exe /I{44F6F631-BAB3-41E5-B16C-DA2F9375D83C}
Microsoft SQL Server Setup-ondersteuningsbestanden (Engels) --> MsiExec.exe /X{D836006A-10F3-4069-B4FF-1A78D2B70234}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{A3A262AC-6BD0-4057-8188-F369B9716D98}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Mozilla Firefox (2.0.0.15) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP4 Player --> C:\Program Files\MP4 Player\uninst.exe
MP4 Video Player --> C:\Program Files\MP4 Video Player\uninstall.exe
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
NetWaiting --> C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Flashing Cable Driver --> MsiExec.exe /X{A4E0CA0F-1903-440A-9B98-FEA6CB049999}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{29466F9C-7C6A-419C-B301-F440FAF78760}\Nokia_PC_Suite_rel_6_85_14_1_dut_web[1].exe
Nokia PC Suite --> MsiExec.exe /I{29466F9C-7C6A-419C-B301-F440FAF78760}
NTRU TCG Software Stack --> MsiExec.exe /I{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
O2Micro USB Smart Card Reader --> MsiExec.exe /I{9556CFD4-3F7E-4D1C-958B-759703E9CC21}
Palm Desktop --> MsiExec.exe /X{4D8314D2-11FE-4397-A7CC-7015CFF50BCE}
Palm Outlook Conduits Updater --> MsiExec.exe /I{616A66CD-D36D-4E24-8B67-33AFDFF48061}
Palm VersaMail™ --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B0ADD54-01D9-45E7-964A-B4A334F12034} /l1033
PC Connectivity Solution --> MsiExec.exe /I{BA084E7C-8ABA-4670-BDE8-B85E689A5C1B}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
POSTERIZA 1.1.1 --> C:\Program Files\POSTERIZA\uninst.exe
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
Preboot Manager --> MsiExec.exe /I{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
Private Information Manager --> C:\Program Files\InstallShield Installation Information\{0B0A2153-58A6-4244-B458-25EDF5FCD809}\setup.exe -runfromtemp -l0x0409
QuickSet --> C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio --> MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin --> MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy --> MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data --> MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE --> MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools --> MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Drag-to-Disc --> MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Samsung USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{713E5AB1-2389-43A6-8313-CB4D3C44C4FA}\Setup.exe" anything
Secure Update --> C:\Program Files\InstallShield Installation Information\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}\setup.exe -runfromtemp -l0x0409
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Excel 2007 (KB946974) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Office 2007 (KB947801) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Step By Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Wizards --> C:\Program Files\InstallShield Installation Information\{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}\setup.exe -runfromtemp -l0x0409
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SmartFTP --> MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Sonic Activation Module --> MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Spybot - Search & Destroy --> "D:\Downloaded software\Spybot\Spybot - Search & Destroy\unins000.exe"
Symantec Endpoint Protection --> MsiExec.exe /I{FB8A4E30-9915-4814-ADF9-42E00D9FDC3D}
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
upekmsi --> MsiExec.exe /I{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}
Van Dale Grote woordenboeken Engels --> C:\WINDOWS\ISUN0413.EXE -f"C:\VanDale\Grote woordenboeken\Engels\Uninst.isu" -c"C:\SOFTWARE\VANDAL~1\CLIENT\INSTALL\vduninst.dll"
Wave Infrastructure Installer --> MsiExec.exe /I{D31F958E-7353-4DEB-83E8-35B02F2EE20A}
Wave Support Software --> C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\pbadrv_40CD90DE1AD5BDAF5E2676750520DB94FDE3886E\pbadrv.inf
Windows Driver Package - Nokia Modem (08/03/2007 6.84.0.2) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_1EB5F2E6F54A6BEDE9F436D1BA5D830FC71739BE\nokbtmdm.inf
Windows Driver Package - Nokia Modem (10/12/2007 3.6) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_0A5D98F754C6588B2E3DDE89DDEF097075ADFFB7\nokia_bluetooth.inf
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7) --> rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\oz776_ECA62BF451D0A6F7B3E38E62F6FA5166CAF54FCE\oz776.inf
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type10565 / Warning
Event Submitted/Written: 08/06/2008 08:51:22 AM
Event ID/Source: 3036 / Windows Search Service
Event Description:
The content source <mapi://{s-1-5-21-3693744080-3800500109-2892053873-1123}/> cannot be accessed.

Context: Windows Application, SystemIndex Catalog

Details:
The URL was already processed during this update. If you received this message while processing alerts, then the alerts are redundant, or else Modify should be used instead of Add. (0x80040d0d)

Event Record #/Type10561 / Warning
Event Submitted/Written: 08/06/2008 08:29:59 AM
Event ID/Source: 4356 / EventSystem
Event Description:
The COM+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT 8000401A.

Event Record #/Type10559 / Error
Event Submitted/Written: 08/06/2008 08:28:30 AM
Event ID/Source: 3102 / Windows Search Service
Event Description:
The per-user filter pool for session 0 could not be added <1245,0>.

Details:
The operation being requested was not performed because the user has not logged on to the network. The specified service does not exist. (0x800704dd)

Event Record #/Type10544 / Error
Event Submitted/Written: 08/05/2008 04:33:21 PM
Event ID/Source: 51 / Symantec AntiVirus
Event Description:
Security Risk Found!Downloader.MisleadApp in File: C:\Documents and Settings\306old\Local Settings\Temporary Internet Files\Content.IE5\IIUIX2EM\setup[1].cab by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.

Event Record #/Type10543 / Error
Event Submitted/Written: 08/05/2008 04:32:25 PM
Event ID/Source: 46 / Symantec AntiVirus
Event Description:
Security Risk Found!Downloader.MisleadApp in File: C:\Documents and Settings\306old\Local Settings\Temporary Internet Files\Content.IE5\IIUIX2EM\setup[1].cab by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description: The file was deleted successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type70061 / Error
Event Submitted/Written: 08/05/2008 09:47:42 AM
Event ID/Source: 8032 / BROWSER
Event Description:
The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{979B97FF-F910-4176-A236-26FFF8B2C4FE}.
The backup browser is stopping.

Event Record #/Type70052 / Warning
Event Submitted/Written: 08/05/2008 09:45:42 AM
Event ID/Source: 8021 / BROWSER
Event Description:
The browser was unable to retrieve a list of servers from the browser master \\FRISO2003 on the network \Device\NetBT_Tcpip_{979B97FF-F910-4176-A236-26FFF8B2C4FE}.
The data is the error code.

Event Record #/Type69800 / Error
Event Submitted/Written: 08/05/2008 08:21:38 AM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ASPI32

Event Record #/Type69775 / Error
Event Submitted/Written: 08/04/2008 06:58:48 PM
Event ID/Source: 7026 / Service Control Manager
Event Description:
The following boot-start or system-start driver(s) failed to load:
ASPI32

Event Record #/Type69774 / Error
Event Submitted/Written: 08/04/2008 06:57:36 PM
Event ID/Source: 5719 / NETLOGON
Event Description:
No Domain Controller is available for domain FRISOMATGROEP due to the following:
%%1311.

Make sure that the computer is connected to the network and try
again. If the problem persists, please contact your domain administrator.



-- End of Deckard's System Scanner: finished at 2008-08-06 12:03:53 ------------

Kaspersky hard drive 1:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 6, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 06, 2008 12:03:13
Records in database: 1060579
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
C:\

Scan statistics:
Files scanned: 98895
Threat name: 3
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 01:16:41


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A2C0000\4ABC647B.VBN Infected: not-a-virus:Downloader.Win32.VistaAntivirus.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D3C0000.VBN Infected: Trojan-Downloader.Win32.Homles.br 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D3C0001.VBN Infected: Trojan-Downloader.Win32.Homles.br 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0D3C0003.VBN Infected: Trojan-Downloader.Win32.VB.fen 1

The selected area was scanned.

Kaspersky hard drive 2:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, August 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 06, 2008 12:03:13
Records in database: 1060579
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Folder:
D:\

Scan statistics:
Files scanned: 10363
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 00:13:03


File name / Threat name / Threats count
D:\Downloaded software\Malwarebytes anti malware\mbam-setup.exe Infected: not-a-virus:FraudTool.Win32.SpyNoMore.g 1
D:\Downloaded software\vdownloader\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a 1

The selected area was scanned.


Am I infected or is it all just a fake alarm?

Thanks a lot!!
  • 0

#5
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

This looks like a work PC, do you have an IT department that should be handling this?
  • 0

#6
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP