Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Unknown Malware


  • This topic is locked This topic is locked
6 replies to this topic

#1 mirage_xx

mirage_xx

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 04 July 2008 - 04:04 AM

I cannot believe I got this virus ....... It started from a Windows Media Player Codec download and I hoped it was ok. Of course it wasn't. The infection started through several exe starting to call each other. Vista worned me but I allowed them and I got stuck! Now I have deleted most of the installer that I run (lowpower.exe MediaTubeCodec.exe and another one) and I have also removed two Application Folders places in the Program Files (PCHealthCentre and VAV) and I have also emptied the contents of the Temp folder in Users\MyName\AppData\Local\Temp\ including the files opnonmmM.dll, khfGwWPG.dll and esunpgdw.dll. When I now restart the PC I get 3 errors telling me that it cannot find the above 3 dll files plus I keep getting a Windows Explorer popup that originally had a Virus warning but now is empty and lastly it keeps adding 2 shortcuts on the desktop to porn websites!

Can somebody please help me remove this rubbish? An original scan with Norton Internet Security returned an infection of Downloader.MisleadApp but since I have clean up things it return no infections. But I still have the pop ups and the icons on the desktop. Here are the logs

Deckard's System Scanner v20071014.68
Run by Adri Cisternino on 2008-07-04 17:02:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
12: 2008-07-04 05:53:33 UTC - RP400 - Restore Operation
11: 2008-07-03 00:43:30 UTC - RP399 - Installed Nero 8 Demo. Available with Windows Installer version 1.2 and later.
10: 2008-07-03 00:22:22 UTC - RP398 - Removed Nero 7 Ultra Edition. Available with Windows Installer version 1.2 and later.
9: 2008-07-02 14:51:34 UTC - RP397 - Scheduled Checkpoint
8: 2008-07-02 00:39:35 UTC - RP396 - Scheduled Checkpoint


-- First Restore Point --
1: 2008-06-24 01:46:20 UTC - RP389 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Adriano Cisternino.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:15:29 PM, on 4/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
K:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
K:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
K:\Program Files\Nero 8\InCD\NBHGui.exe
K:\Program Files\Nero 8\InCD\InCD.exe
C:\Windows\SysAEF3.exe
C:\Windows\SysAF41.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
K:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
K:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
K:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
K:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
K:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\PROGRA~1\symbian\shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\symbian\shared\SYMBIA~1\SCBal.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nuance\NaturallySpeaking9\dgnuiasvr.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\CPU Temperature\Core Temp.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Users\Adriano Cisternino\Desktop\dss.exe
C:\Program Files\RealVNC\VNC4\vncviewer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Adriano Cisternino.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - K:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - K:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - K:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] K:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] K:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "K:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking9\Ereg.ini
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [UVS11 Preload] K:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] K:\Program Files\Nero 8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] K:\Program Files\Nero 8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "K:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SysAEF3.exe] C:\Windows\SysAEF3.exe
O4 - HKLM\..\Run: [SysAF41.exe] C:\Windows\SysAF41.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Picasa Media Detector] K:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\ADRIAN~1\AppData\Local\Temp\opnonmmM.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\ADRIAN~1\AppData\Local\Temp\khfGwWPG.dll,c
O4 - HKCU\..\Run: [465d6504] rundll32.exe "C:\Users\ADRIAN~1\AppData\Local\Temp\esnnpgdw.dll",b
O4 - HKCU\..\Run: [Sys493F.exe] C:\Windows\Sys493F.exe
O4 - HKCU\..\Run: [Sys498D.exe] C:\Windows\Sys498D.exe
O4 - HKCU\..\Run: [Sys6028.exe] C:\Windows\Sys6028.exe
O4 - HKCU\..\Run: [Sys7695.exe] C:\Windows\Sys7695.exe
O4 - HKCU\..\Run: [Sys9FF6.exe] C:\Windows\Sys9FF6.exe
O4 - HKCU\..\Run: [SysA025.exe] C:\Windows\SysA025.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Anapod Manager.lnk = K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: AuctionTimeWatch.lnk = K:\Program Files\AuctionTimeWatch\AuctionTimeWatch.exe
O4 - Startup: Core Temp.exe.lnk = C:\Program Files\CPU Temperature\Core Temp.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = K:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe
O4 - Global Startup: Motorola Desktop Suite mRouter Config.lnk = C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
O4 - Global Startup: Motorola Desktop Suite.lnk = C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
O4 - Global Startup: SnagIt 8.lnk = K:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: &Download by Orbit - res://K:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://K:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add all items to the auction list - res://K:\Program Files\RKD\AuctionNavigator\BidCtxtClick.dll/202
O8 - Extra context menu item: Add this item to the auction list - res://K:\Program Files\RKD\AuctionNavigator\BidCtxtClick.dll/201
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Do&wnload selected by Orbit - res://K:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://K:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Add to Auction Time Watch - {7472752B-8121-46D8-9075-A09E4BB1DC68} - K:\Program Files\AuctionTimeWatch\TLIntergIE.html (HKCU)
O9 - Extra 'Tools' menuitem: Add to Auction Time Watch - {7472752B-8121-46D8-9075-A09E4BB1DC68} - K:\Program Files\AuctionTimeWatch\TLIntergIE.html (HKCU)
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE374547-AA40-438A-869F-FF421BC3574C}: NameServer = 191.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - K:\Program Files\Nero 8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - K:\Program Files\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 17637 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 MDFSYSNT (MacDrive file system driver) - c:\windows\system32\drivers\mdfsysnt.sys <Not Verified; Mediafour Corporation; Mediafour MacDrive>
R0 MDPMGRNT - c:\windows\system32\drivers\mdpmgrnt.sys <Not Verified; Mediafour Corporation; Mediafour MacDrive>
R0 timounter (Acronis True Image Backup Archive Explorer) - c:\windows\system32\drivers\timntr.sys <Not Verified; Acronis; Acronis True Image>
R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R1 NetworkX - c:\windows\system32\ckldrv.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 38711 - \??\c:\windows\system32\38711.sys
R2 tifsfilter (Acronis True Image FS Filter) - c:\windows\system32\drivers\tifsfilt.sys <Not Verified; Acronis; Acronis True Image>
R3 ASAPIW2K - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; VOB Computersysteme GmbH; asapi>
R3 NVR0Dev - \??\c:\windows\nvoclock.sys
R3 Pcouffin (Low level access layer for CD devices) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 ENTECH - \??\c:\windows\system32\drivers\entech.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Capture Device Service - "c:\program files\common files\intervideo\deviceservice\devsvc.exe" <Not Verified; InterVideo Inc.; Capture Device Service>
R2 Crypkey License - crypserv.exe <Not Verified; CrypKey (Canada) Ltd.; CrypKey Software Licensing System>
R2 MacDriveService - "c:\program files\mediafour\macdrive 7\macdriveservice.exe" <Not Verified; Mediafour Corporation; Mediafour MacDrive>
R2 Nero BackItUp Scheduler 3 - k:\program files\nero 8\nero backitup\nbservice.exe
R2 nTuneService (nTune Service) - c:\program files\nvidia corporation\ntune\ntuneservice.exe /startservice <Not Verified; NVIDIA; NVIDIA nTune>
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

S2 PCLEPCI - c:\windows\system32\drivers\pclepci.sys <Not Verified; Pinnacle Systems GmbH; PCLEPCI>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&23F9C1E3&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0
Service: i8042prt


-- Scheduled Tasks -------------------------------------------------------------

2008-06-30 20:37:07 572 --a------ C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Adriano Cisternino.job
2008-03-18 08:31:18 280 --a------ C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-06-04 and 2008-07-04 -----------------------------

2008-07-04 17:14:58 0 d-------- C:\Program Files\Trend Micro
2008-07-04 15:57:15 0 dr------- C:\Users\Adri\Searches
2008-07-04 15:57:02 0 dr------- C:\Users\Adri\Contacts
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Videos
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Templates
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Start Menu
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\SendTo
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Saved Games
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Recent
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\PrintHood
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Pictures
2008-07-04 15:56:48 1310720 --ahs---- C:\Users\Adri\NTUSER.DAT
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\NetHood
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\My Documents
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Music
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Local Settings
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Links
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Favorites
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Downloads
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Documents
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Desktop
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Cookies
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Application Data
2008-07-04 15:56:48 0 d--h----- C:\Users\Adri\AppData
2008-07-04 14:58:51 0 d-------- C:\Windows\pss
2008-07-04 14:44:03 30720 --a------ C:\Windows\SysAF41.exe
2008-07-04 14:44:03 30208 --a------ C:\Windows\SysAEF3.exe
2008-07-03 10:15:33 0 d-------- C:\Users\All Users\Nero
2008-07-03 10:15:33 0 d-------- C:\Program Files\Common Files\Nero
2008-07-02 21:23:43 0 d-------- C:\TempDVD
2008-06-09 20:39:51 0 d-------- C:\Users\All Users\WindowsSearch


-- Find3M Report ---------------------------------------------------------------

2008-07-04 17:05:29 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Skype
2008-07-04 16:06:12 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\skypePM
2008-07-04 16:00:47 0 d-------- C:\Program Files\Google
2008-07-04 15:24:28 1660 --a------ C:\Windows\bthservsdp.dat
2008-07-04 15:00:59 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Orbit
2008-07-03 10:18:16 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Nero
2008-07-03 10:15:33 0 d-------- C:\Program Files\Common Files
2008-07-03 08:35:13 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\dvdcss
2008-06-23 23:34:29 0 d-------- C:\Program Files\Safari
2008-06-20 13:56:49 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Mozilla
2008-06-11 18:41:10 0 d-------- C:\Program Files\Windows Mail
2008-06-04 08:54:34 0 d-------- C:\Program Files\Network Print Monitor
2008-06-03 08:23:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-31 07:56:02 0 d-------- C:\Program Files\Symantec
2008-05-20 22:04:51 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-14 01:16:50 174 --ahs---- C:\Program Files\desktop.ini
2008-05-14 01:08:12 0 d-------- C:\Program Files\Windows Sidebar
2008-05-14 01:08:12 0 d-------- C:\Program Files\Windows Calendar
2008-05-14 01:08:12 0 d-------- C:\Program Files\Movie Maker
2008-05-14 01:08:10 0 d-------- C:\Program Files\Windows Collaboration
2008-05-14 01:08:09 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-14 01:08:09 0 d-------- C:\Program Files\Windows Journal
2008-05-14 01:08:06 0 d-------- C:\Program Files\Windows Defender
2008-05-08 20:38:38 0 d-------- C:\Program Files\SmartSound Software
2008-05-08 20:37:38 0 d-------- C:\Program Files\DivX
2008-05-05 09:22:49 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Nokia
2008-05-05 09:20:42 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\PC Suite
2008-05-05 09:08:51 0 d-------- C:\Program Files\Common Files\Nokia
2008-05-05 09:08:50 0 d-------- C:\Program Files\Common Files\PCSuite
2008-05-05 09:08:48 0 d-------- C:\Program Files\Nokia
2008-05-05 09:07:19 0 d-------- C:\Program Files\DIFX
2008-05-05 09:06:42 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-09 08:40:31 24575 --a------ C:\Windows\system32\Mpwinapppiobas69.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 05:08 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 01:00 PM]
"RtHDVCpl"="RtHDVCpl.exe" [23/04/2007 05:21 PM C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [13/04/2007 05:06 PM C:\Windows\SkyTel.exe]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [07/05/2007 02:18 PM]
"GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 06:00 AM]
"TrueImageMonitor.exe"="K:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [09/02/2007 08:33 PM]
"AcronisTimounterMonitor"="K:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [09/02/2007 08:50 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [09/02/2007 08:39 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 03:25 AM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [25/10/2006 08:03 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 03:15 PM]
"DNS7reminder"="K:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [19/03/2007 08:20 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [10/01/2007 03:29 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [28/11/2007 06:51 PM]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 12:12 AM]
"UVS11 Preload"="K:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [23/07/2007 12:55 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 09:16 PM]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" [04/06/2007 04:20 PM]
"MDGetStarted.exe"="C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" [13/06/2007 12:23 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [28/03/2008 10:37 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [30/03/2008 09:36 AM]
"PinnacleDriverCheck"="C:\Windows\system32\\PSDrvCheck.exe" [11/03/2004 01:26 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/11/2007 07:00 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/11/2007 07:00 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/11/2007 07:00 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 03:57 PM]
"SecurDisc"="K:\Program Files\Nero 8\InCD\NBHGui.exe" [20/09/2007 10:36 AM]
"InCD"="K:\Program Files\Nero 8\InCD\InCD.exe" [20/09/2007 10:35 AM]
"NBKeyScan"="K:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51 AM]
"SysAEF3.exe"="C:\Windows\SysAEF3.exe" [03/07/2008 08:14 PM]
"SysAF41.exe"="C:\Windows\SysAF41.exe" [03/07/2008 08:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 05:03 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 10:34 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [30/08/2007 05:43 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [12/11/2007 02:48 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [16/02/2005 03:15 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 05:03 PM]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [26/03/2008 06:41 PM]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [16/04/2008 12:53 PM]
"Picasa Media Detector"="K:\Program Files\Picasa2\PicasaMediaDetector.exe" [26/02/2008 10:53 AM]
"MSServer"="C:\Users\ADRIAN~1\AppData\Local\Temp\opnonmmM.dll,#1" []
"cmds"="C:\Users\ADRIAN~1\AppData\Local\Temp\khfGwWPG.dll,c" []
"465d6504"="C:\Users\ADRIAN~1\AppData\Local\Temp\esnnpgdw.dll,b" []
"Sys493F.exe"="C:\Windows\Sys493F.exe" []
"Sys498D.exe"="C:\Windows\Sys498D.exe" []
"Sys6028.exe"="C:\Windows\Sys6028.exe" []
"Sys7695.exe"="C:\Windows\Sys7695.exe" []
"Sys9FF6.exe"="C:\Windows\Sys9FF6.exe" []
"SysA025.exe"="C:\Windows\SysA025.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

C:\Users\Adriano Cisternino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Anapod Manager.lnk - K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [8/24/2007 5:25:35 PM]
AuctionTimeWatch.lnk - K:\Program Files\AuctionTimeWatch\AuctionTimeWatch.exe [8/31/2007 8:26:53 AM]
Core Temp.exe.lnk - C:\Program Files\CPU Temperature\Core Temp.exe [8/27/2007 9:05:06 AM]
Dragon NaturallySpeaking.lnk - K:\Program Files\Nuance\NaturallySpeaking9\Program\natspeak.exe [5/14/2007 9:51:32 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Motorola Desktop Suite mRouter Config.lnk - C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe [8/21/2007 7:31:45 AM]
Motorola Desktop Suite.lnk - C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe [8/21/2007 7:31:07 AM]
SnagIt 8.lnk - K:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [5/1/2007 11:11:48 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
bthsvcs BthServ
GPSvcGroup GPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
AutoRun\command- O:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e7ec408-4c47-11dc-9271-806e6f6e6963}]
AutoRun\command- K:\Bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87098302-4c6c-11dc-97cb-001bfcd7bfde}]
Auto\command- S:\msconfig32.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL S:\msconfig32.exe e

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- End of Deckard's System Scanner: finished at 2008-07-04 17:17:57 ------------




The extra one is coming in the next post



Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU @ 2.40GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 2046.13 MiB / 942.67 MiB
Pagefile Memory (total/avail): 4333.27 MiB / 2881.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1890.24 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 97.66 GiB total, 48.52 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 78.12 GiB total, 23.05 GiB free.
F: is Fixed (NTFS) - 19.53 GiB total, 17.71 GiB free.
G: is Fixed (NTFS) - 102.78 GiB total, 57.31 GiB free.
H: is Fixed (NTFS) - 39.06 GiB total, 38.97 GiB free.
I: is Fixed (NTFS) - 19.53 GiB total, 19.41 GiB free.
J: is Removable (No Media)
K: is Fixed (NTFS) - 117.19 GiB total, 91.78 GiB free.
L: is Fixed (NTFS) - 39.06 GiB total, 23.87 GiB free.
M: is Fixed (NTFS) - 83.24 GiB total, 2.35 GiB free.
N: is Removable (No Media)
V: is Fixed (NTFS) - 136.73 GiB total, 62.18 GiB free.
W: is Fixed (NTFS) - 136.73 GiB total, 32.29 GiB free.
Z: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - WDC WD3200AAKS-00SBA0 ATA Device - 298.09 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 298.09 GiB - H: - I: - K: - L: - M:

\\.\PHYSICALDRIVE0 - WDC WD3200AAKS-00SBA0 ATA Device - 298.09 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 97.66 GiB - C:
\PARTITION1 - Installable File System - 78.13 GiB - E:
\PARTITION2 - Installable File System - 19.53 GiB - F:
\PARTITION3 - Installable File System - 102.78 GiB - G:

\\.\PHYSICALDRIVE2 - CSC146GB 10K REFURBISHED SCSI Disk Device - 136.73 GiB - 1 partition
\PARTITION0 - Installable File System - 136.73 GiB - V:

\\.\PHYSICALDRIVE3 - CSC146GB 10K REFURBISHED SCSI Disk Device - 136.73 GiB - 1 partition
\PARTITION0 - Installable File System - 136.73 GiB - W:

\\.\PHYSICALDRIVE4 - Generic Flash HS-CF USB Device

\\.\PHYSICALDRIVE5 - Generic Flash HS-COMBO USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated
AS: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"K:\\Program Files\\Orbitdownloader\\orbitdm.exe"="K:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"K:\\Program Files\\Orbitdownloader\\orbitnet.exe"="K:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Adriano Cisternino\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CORE2QUAD
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Adriano Cisternino
LOCALAPPDATA=C:\Users\Adriano Cisternino\AppData\Local
LOGONSERVER=\\CORE2QUAD
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\PROGRA~1\COMMON~1\Odbc\FILEMA~1;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;k:\Program Files\Pinnacle\Shared Files;k:\Program Files\Pinnacle\Shared Files\Filter;k:\Program Files\Avid\Avid Liquid 7\QTPlugIns;k:\Program Files\Pinnacle\Shared Files;k:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f07
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ADRIAN~1\AppData\Local\Temp
TMP=C:\Users\ADRIAN~1\AppData\Local\Temp
USERDOMAIN=Core2Quad
USERNAME=Adriano Cisternino
USERPROFILE=C:\Users\Adriano Cisternino
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Adriano Cisternino
Adri (new local, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
--> C:\Windows\NuNInst.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> K:\Program Files\Nero 8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
4D v11 SQL --> MsiExec.exe /I{92E06442-0F3E-4E21-B257-7E1AFDFDD2B2}
Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adrianne demo by NVIDIA (remove only) --> "K:\Program Files\NVIDIA Corporation\NVidia Demos\Adrianne\uninstall.exe"
AI Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
Anapod CopyGear (remove only) --> "k:\Program Files\Red Chair Software\Shared\anagear_uninst.exe"
Anapod Explorer (remove only) --> "k:\Program Files\Red Chair Software\Anapod Explorer\uninst.exe"
Apollo DVD Copy 4.5.5 --> "k:\Program Files\Apollo DVD Copy\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
AuctionNavigator 2.8.1.1 --> "K:\Program Files\RKD\AuctionNavigator\unins000.exe"
AuctionTimeWatch --> "K:\Program Files\AuctionTimeWatch\unins000.exe"
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avid Liquid 7.20 --> K:\PROGRA~1\Avid\AVIDLI~1\UNWISE.EXE K:\PROGRA~1\Avid\AVIDLI~1\INSTALL.LOG
BIAS SoundSoap PE 2.1 --> MsiExec.exe /I{42442CA9-90E6-4011-BB55-7C263F6D5EC1}
Bugs --> C:\Windows\IsUninst.exe -f"K:\Program Files\Nvidia Corporation\Nvidia Demos\Bugs\Uninst.isu"
Bullzip PDF Printer 3.0.0.290 --> "C:\Program Files\Bullzip\PDF Printer\unins000.exe"
Camtasia Studio 4 --> MsiExec.exe /I{1BA16E5A-72B9-44B7-9FDA-FB6CE7FF6C0C}
Canon RAW Codec --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAWCodec\CRCUnInstall.ini"
Cascades demo by NVIDIA (remove only) --> "K:\Program Files\NVIDIA Corporation\NVIDIA Demos\Cascades\uninstall.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Charles --> "C:\Program Files\Charles\uninstall.exe"
Chinese Traditional Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
Clarion 6 - Enterprise Edition --> K:\Clarion6\uninstx.exe K:\Clarion6\Clarion6EE_v6.log
Debugging Tools for Windows --> MsiExec.exe /I{F567DC55-F59A-4019-BBC3-9D12C5875487}
DHTML Editing Component --> MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DiscAPI (Liquid) --> MsiExec.exe /X{690D1794-6D7C-4A55-8371-17BAC69C66CE}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
DVD Decrypter (Remove Only) --> "k:\Program Files\DVD Decrypter\uninstall.exe"
dvdSanta 3.42 --> "k:\Program Files\dvdSanta\unins000.exe"
EA SPORTS™ NBA LIVE 08 --> MsiExec.exe /X{39C8EFBA-042B-11DC-A860-0EE955D89593}
EPSON TMNet WinConfig --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\EPSON\TMNet WinConfig\Uninst.isu" -c"C:\Program Files\EPSON\TMNet WinConfig\Tmuninst.dll"
EPSON TWAIN 5 --> C:\Program Files\InstallShield Installation Information\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
EpsonFP2 ActiveX Control --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\EpsonFP2 ActiveX Control\ST6UNST.LOG"
EpsonFpWizard --> MsiExec.exe /I{993F8B64-BE98-4FD8-A9A2-0E0C5EC330E2}
F1_Screensaver_08 --> C:\Windows\system32\F1_Screensaver_08.scr /u
FileMaker Pro 7 --> MsiExec.exe /I{65FA5E6D-B3D7-46D9-9571-CBBA1968346B}
Froggy demo by NVIDIA (remove only) --> "K:\Program Files\NVIDIA Corporation\NVidia Demos\Froggy\uninstall.exe"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
GPL Ghostscript 8.56 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.56\uninstal.txt"
GPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Graphics Converter Pro v6.9x --> K:\PROGRA~1\ICONCO~1\GRAPHI~1\UNWISE.EXE K:\PROGRA~1\ICONCO~1\GRAPHI~1\INSTALL.LOG
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
IKEA Home Planner --> C:\Windows\unvise32.exe k:\Program Files\IKEA Home Planner\IKEA Home Planner uninstal.log
Install Creator Pro --> K:\Program Files\Install Creator Pro\Uninstal.exe
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MacDrive 7 --> MsiExec.exe /X{124DAC39-585E-47BF-B11E-C81208835866}
MAESTRO GOLD --> "K:\Program Files\Geniosoft\Gold\uninstall.exe"
Magic Bullet Suite 2.0 --> C:\Windows\unvise32.exe K:\Program Files\mbsuite20.log
Magic Bullet Suite 2.1 --> C:\Windows\unvise32.exe K:\Program Files\mbsuite21.log
marvell 61xx --> C:\Program Files\Marvell\61xx\uninst-61xx.exe
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola Desktop Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABEBCB7D-60F7-4836-ACF4-CFCA39FA00DA}\setup.exe" -l0x9
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Need for Speed Underground 2 --> M:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR Print Server Software --> C:\Windows\IsUninst.exe -f"k:\Program Files\NETGEAR Print Server\Uninst.isu"
Network Print Monitor for Windows 2000/XP/2003 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Network Print Monitor\Uninst.isu" -c"C:\Program Files\Network Print Monitor\Loader.DLL"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver --> MsiExec.exe /I{0E94871C-623C-464F-A117-B8474BFF84E1}
Nokia Multimedia Factory --> "C:\ProgramData\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory --> MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite --> C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng_web.exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Nokia Software Launcher --> MsiExec.exe /I{5CCABD37-479D-4304-B1A5-67952C25F8F2}
Nokia Video Manager --> "C:\ProgramData\Installations\{B1B4E612-9ACC-4fab-BD04-1721D9503266}\NokiaVideoManager1.6.exe" /MAINTENANCE /SILENT="SGWLRPFCE" /LANG="2057" /O=";EXTUNINSTALL=1"
Nokia Video Manager --> MsiExec.exe /I{B1B4E612-9ACC-4FAB-BD04-1721D9503266}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PerfHUD 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70A66934-9248-4B31-A71A-E1E4239F7BC6}\setup.exe" -l0x9
NVIDIA PerfSDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41B6EF3E-C5D2-4196-B915-7DDD8842F8C0}\setup.exe" -l0x9
Orbit Downloader --> "K:\Program Files\Orbitdownloader\unins000.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Path Analyzer Pro 2.6 --> MsiExec.exe /I{318CE30A-2FD3-4E94-83F2-2501DD198D7B}
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PCMark05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C104E56-A441-429D-A609-D8A46EB92EA1}\setup.exe" -l0x9 -removeonly
Picasa 2 --> "K:\Program Files\Picasa2\Uninstall.exe"
Pinnacle Hollywood FX 6.0 for Liquid --> C:\Windows\unvise32.exe k:\Program Files\Avid\Avid Liquid 7\..\HFX for Liquid\6.0\uninstal.log
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
PowerISO --> "k:\Program Files\PowerISO\uninstall.exe"
proDAD Heroglyph 2.5 --> "C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
proDAD Vitascene 1.0 --> "C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
QuarkXPress 6.1 --> MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}
QuarkXPress 7.2 --> MsiExec.exe /I{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Race - The WTCC Game --> "C:\Program Files\Race - The WTCC Game\unins000.exe"
Race - The WTCC Game --> "M:\Program Files\Steam\steam.exe" steam://uninstall/4230
Race Dedicated Server --> "M:\Program Files\Steam\steam.exe" steam://uninstall/4240
Rapala Pro Fishing --> MsiExec.exe /I{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}
RAPID (Liquid) --> MsiExec.exe /X{CEF37035-C1BB-4174-8175-1E878435F61A}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
RiskII (remove only) --> "K:\Program Files\RiskII\Uninstall.exe"
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shadowrun --> C:\Program Files\InstallShield Installation Information\{8B3B9003-D3E5-45E3-8CCE-CDDDB111F42D}\setup.exe -runfromtemp -l0x0409
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Smoke demo by NVIDIA (remove only) --> "K:\Program Files\NVIDIA Corporation\NVidia Demos\Smoke\uninstall.exe"
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sony Media Manager 2.3 --> MsiExec.exe /X{8FA5B6B7-D8BD-49F7-98D7-701C26B01E97}
Sony Vegas Pro 8.0 --> MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Squid --> C:\Windows\IsUninst.exe -f"K:\Program Files\Nvidia Corporation\Nvidia Demos\Squid\Uninst.isu"
StationRipper 2.87 --> C:\Program Files\Ratajik Software\StationRipper\uninstall-StationRipper.exe
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stellar Phoenix Windows Data Recovery V3.0.0.1 --> "C:\Program Files\Stellar Phoenix Windows Data Recovery\unins000.exe"
Studio 11 --> C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Studio 11 Bonus DVD --> C:\Program Files\InstallShield Installation Information\{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Studio Ultimate --> C:\Program Files\InstallShield Installation Information\{CC874CBB-BD87-4126-9465-AE73BB62D6E0}\setup.exe -runfromtemp -l0x0009 -removeonly
TMPGEnc 4.0 XPress --> MsiExec.exe /I{EC62A668-2E2D-46F9-A999-0812F1699245}
Trendyflash Intro Builder --> MsiExec.exe /I{EA4E18F0-E334-41F8-9AB6-7C2E2D1F8CF2}
Trendyflash Site Builder --> MsiExec.exe /I{E3880573-B551-4549-B67E-8AC09AC919B6}
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Ulead DVD MovieFactory 6 --> C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
Ulead VideoStudio 11 --> C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
UltraISO V7.66 ME --> "K:\Program Files\UltraISO\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Video Server E --> k:\Program Files\Video Server E\UnInstall_27712.exe
VideoLAN VLC media player 0.8.6c --> k:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Cable Tester --> MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
VistaBootPRO 3.3 --> MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Sound Schemes --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Desktop Login --> MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Yahoo!7 Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zoltar --> C:\Windows\IsUninst.exe -f"K:\Program Files\nvidia corporation\nvidia demos\Zoltar\Uninst.isu"


-- Application Event Log -------------------------------------------------------

Event Record #/Type40234 / Warning
Event Submitted/Written: 07/04/2008 04:05:11 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-4116376760-1230811217-1833517263-1005:
Process 4468 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1005
Process 7884 (\Device\HarddiskVolume3\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1005\Software\Microsoft\Windows\CurrentVersion\Explorer

Event Record #/Type40227 / Warning
Event Submitted/Written: 07/04/2008 04:04:14 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}', feature 'Phone' failed during request for component '{57FF4446-590E-4894-AE39-D55928DBDE01}'

Event Record #/Type40226 / Warning
Event Submitted/Written: 07/04/2008 04:04:14 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}', feature 'Phone', component '{98916693-F0B5-4923-8BC6-1F0E6A883411}' failed. The resource 'HKEY_CURRENT_USER\Software\Skype\Phone\FE_label' does not exist.

Event Record #/Type40211 / Warning
Event Submitted/Written: 07/04/2008 03:56:34 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-4116376760-1230811217-1833517263-1000:
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\My
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\trust
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\CA
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\Root
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\Disallowed

Event Record #/Type40203 / Error
Event Submitted/Written: 07/04/2008 03:32:24 PM
Event ID/Source: 59 / SideBySide
Event Description:
Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type417255 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Event Record #/Type417254 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Event Record #/Type417253 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Event Record #/Type417252 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Event Record #/Type417251 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.



-- End of Deckard's System Scanner: finished at 2008-07-04 17:17:57 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Ultimate (build 6001) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Quad CPU @ 2.40GHz
Percentage of Memory in Use: 53%
Physical Memory (total/avail): 2046.13 MiB / 942.67 MiB
Pagefile Memory (total/avail): 4333.27 MiB / 2881.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1890.24 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 97.66 GiB total, 48.52 GiB free.
D: is CDROM (No Media)
E: is Fixed (NTFS) - 78.12 GiB total, 23.05 GiB free.
F: is Fixed (NTFS) - 19.53 GiB total, 17.71 GiB free.
G: is Fixed (NTFS) - 102.78 GiB total, 57.31 GiB free.
H: is Fixed (NTFS) - 39.06 GiB total, 38.97 GiB free.
I: is Fixed (NTFS) - 19.53 GiB total, 19.41 GiB free.
J: is Removable (No Media)
K: is Fixed (NTFS) - 117.19 GiB total, 91.78 GiB free.
L: is Fixed (NTFS) - 39.06 GiB total, 23.87 GiB free.
M: is Fixed (NTFS) - 83.24 GiB total, 2.35 GiB free.
N: is Removable (No Media)
V: is Fixed (NTFS) - 136.73 GiB total, 62.18 GiB free.
W: is Fixed (NTFS) - 136.73 GiB total, 32.29 GiB free.
Z: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - WDC WD3200AAKS-00SBA0 ATA Device - 298.09 GiB - 1 partition
\PARTITION0 - Logical Disk Manager - 298.09 GiB - H: - I: - K: - L: - M:

\\.\PHYSICALDRIVE0 - WDC WD3200AAKS-00SBA0 ATA Device - 298.09 GiB - 4 partitions
\PARTITION0 (bootable) - Installable File System - 97.66 GiB - C:
\PARTITION1 - Installable File System - 78.13 GiB - E:
\PARTITION2 - Installable File System - 19.53 GiB - F:
\PARTITION3 - Installable File System - 102.78 GiB - G:

\\.\PHYSICALDRIVE2 - CSC146GB 10K REFURBISHED SCSI Disk Device - 136.73 GiB - 1 partition
\PARTITION0 - Installable File System - 136.73 GiB - V:

\\.\PHYSICALDRIVE3 - CSC146GB 10K REFURBISHED SCSI Disk Device - 136.73 GiB - 1 partition
\PARTITION0 - Installable File System - 136.73 GiB - W:

\\.\PHYSICALDRIVE4 - Generic Flash HS-CF USB Device

\\.\PHYSICALDRIVE5 - Generic Flash HS-COMBO USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: Norton Internet Security v2007 (Symantec Corporation)
AV: Norton Internet Security v2007 (Symantec Corporation)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation) Disabled Outdated
AS: Norton Internet Security v2007 (Symantec Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"K:\\Program Files\\Orbitdownloader\\orbitdm.exe"="K:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"K:\\Program Files\\Orbitdownloader\\orbitnet.exe"="K:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Adriano Cisternino\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CORE2QUAD
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Adriano Cisternino
LOCALAPPDATA=C:\Users\Adriano Cisternino\AppData\Local
LOGONSERVER=\\CORE2QUAD
NUMBER_OF_PROCESSORS=4
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\PROGRA~1\COMMON~1\Odbc\FILEMA~1;C:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\QuickTime\QTSystem\;k:\Program Files\Pinnacle\Shared Files;k:\Program Files\Pinnacle\Shared Files\Filter;k:\Program Files\Avid\Avid Liquid 7\QTPlugIns;k:\Program Files\Pinnacle\Shared Files;k:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f07
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\ADRIAN~1\AppData\Local\Temp
TMP=C:\Users\ADRIAN~1\AppData\Local\Temp
USERDOMAIN=Core2Quad
USERNAME=Adriano Cisternino
USERPROFILE=C:\Users\Adriano Cisternino
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Adriano Cisternino
Adri (new local, net ready)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\InstallShield Installation Information\{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}\setup.exe" --u:{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}
--> C:\Windows\NuNInst.exe /UNINSTALL
--> C:\Windows\UNNeroBackItUp.exe /UNINSTALL
--> C:\Windows\UNNeroMediaHome.exe /UNINSTALL
--> C:\Windows\UNNeroShowTime.exe /UNINSTALL
--> C:\Windows\UNNeroVision.exe /UNINSTALL
--> C:\Windows\UNRecode.exe /UNINSTALL
--> K:\Program Files\Nero 8\\nero\uninstall\UNNERO.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2092B2A-A4FB-4464-A4C0-023D2C9993F8}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34449598-3F4B-43B5-A996-84A7345FD15F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B95708FA-609B-4F7F-A50C-76D2338464AE}\setup.exe" -l0x9
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
3DMark06 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
4D v11 SQL --> MsiExec.exe /I{92E06442-0F3E-4E21-B257-7E1AFDFDD2B2}
Acronis True Image Home --> MsiExec.exe /X{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adrianne demo by NVIDIA (remove only) --> "K:\Program Files\NVIDIA Corporation\NVidia Demos\Adrianne\uninstall.exe"
AI Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\Setup.exe" -l0x9
Anapod CopyGear (remove only) --> "k:\Program Files\Red Chair Software\Shared\anagear_uninst.exe"
Anapod Explorer (remove only) --> "k:\Program Files\Red Chair Software\Anapod Explorer\uninst.exe"
Apollo DVD Copy 4.5.5 --> "k:\Program Files\Apollo DVD Copy\unins000.exe"
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASUSUpdate --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9
ATITool Overclocking Utility --> "C:\Program Files\ATITool\Uninstall.exe"
AuctionNavigator 2.8.1.1 --> "K:\Program Files\RKD\AuctionNavigator\unins000.exe"
AuctionTimeWatch --> "K:\Program Files\AuctionTimeWatch\unins000.exe"
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Avid Liquid 7.20 --> K:\PROGRA~1\Avid\AVIDLI~1\UNWISE.EXE K:\PROGRA~1\Avid\AVIDLI~1\INSTALL.LOG
BIAS SoundSoap PE 2.1 --> MsiExec.exe /I{42442CA9-90E6-4011-BB55-7C263F6D5EC1}
Bugs --> C:\Windows\IsUninst.exe -f"K:\Program Files\Nvidia Corporation\Nvidia Demos\Bugs\Uninst.isu"
Bullzip PDF Printer 3.0.0.290 --> "C:\Program Files\Bullzip\PDF Printer\unins000.exe"
Camtasia Studio 4 --> MsiExec.exe /I{1BA16E5A-72B9-44B7-9FDA-FB6CE7FF6C0C}
Canon RAW Codec --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAWCodec\CRCUnInstall.ini"
Cascades demo by NVIDIA (remove only) --> "K:\Program Files\NVIDIA Corporation\NVIDIA Demos\Cascades\uninstall.exe"
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Charles --> "C:\Program Files\Charles\uninstall.exe"
Chinese Traditional Fonts Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-2448-0000-800000000003}
Clarion 6 - Enterprise Edition --> K:\Clarion6\uninstx.exe K:\Clarion6\Clarion6EE_v6.log
Debugging Tools for Windows --> MsiExec.exe /I{F567DC55-F59A-4019-BBC3-9D12C5875487}
DHTML Editing Component --> MsiExec.exe /I{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
DiscAPI (Liquid) --> MsiExec.exe /X{690D1794-6D7C-4A55-8371-17BAC69C66CE}
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Dragon NaturallySpeaking 9 --> MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
DVD Decrypter (Remove Only) --> "k:\Program Files\DVD Decrypter\uninstall.exe"
dvdSanta 3.42 --> "k:\Program Files\dvdSanta\unins000.exe"
EA SPORTS™ NBA LIVE 08 --> MsiExec.exe /X{39C8EFBA-042B-11DC-A860-0EE955D89593}
EPSON TMNet WinConfig --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\EPSON\TMNet WinConfig\Uninst.isu" -c"C:\Program Files\EPSON\TMNet WinConfig\Tmuninst.dll"
EPSON TWAIN 5 --> C:\Program Files\InstallShield Installation Information\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}\setup.exe -runfromtemp -l0x0009UNINSTALL -removeonly
EpsonFP2 ActiveX Control --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\EpsonFP2 ActiveX Control\ST6UNST.LOG"
EpsonFpWizard --> MsiExec.exe /I{993F8B64-BE98-4FD8-A9A2-0E0C5EC330E2}
F1_Screensaver_08 --> C:\Windows\system32\F1_Screensaver_08.scr /u
FileMaker Pro 7 --> MsiExec.exe /I{65FA5E6D-B3D7-46D9-9571-CBBA1968346B}
Froggy demo by NVIDIA (remove only) --> "K:\Program Files\NVIDIA Corporation\NVidia Demos\Froggy\uninstall.exe"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
GPL Ghostscript 8.56 --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.56\uninstal.txt"
GPL Ghostscript Fonts --> C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\fonts\uninstal.txt"
Graphics Converter Pro v6.9x --> K:\PROGRA~1\ICONCO~1\GRAPHI~1\UNWISE.EXE K:\PROGRA~1\ICONCO~1\GRAPHI~1\INSTALL.LOG
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
IKEA Home Planner --> C:\Windows\unvise32.exe k:\Program Files\IKEA Home Planner\IKEA Home Planner uninstal.log
Install Creator Pro --> K:\Program Files\Install Creator Pro\Uninstal.exe
Intel® Matrix Storage Manager --> C:\Windows\System32\Imsmudlg.exe
InterVideo DeviceService --> MsiExec.exe /I{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}
iPod for Windows 2006-06-28 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes --> MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
J2SE Runtime Environment 5.0 Update 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
LIVE gaming on Windows Runtime Version 1.0.6027 --> MsiExec.exe /X{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation) --> MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
MacDrive 7 --> MsiExec.exe /X{124DAC39-585E-47BF-B11E-C81208835866}
MAESTRO GOLD --> "K:\Program Files\Geniosoft\Gold\uninstall.exe"
Magic Bullet Suite 2.0 --> C:\Windows\unvise32.exe K:\Program Files\mbsuite20.log
Magic Bullet Suite 2.1 --> C:\Windows\unvise32.exe K:\Program Files\mbsuite21.log
marvell 61xx --> C:\Program Files\Marvell\61xx\uninst-61xx.exe
Marvell Miniport Driver --> MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 --> "C:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Motorola Desktop Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABEBCB7D-60F7-4836-ACF4-CFCA39FA00DA}\setup.exe" -l0x9
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist --> MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSVC80_x86 --> MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
Need for Speed Underground 2 --> M:\Program Files\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Nero 8 --> MsiExec.exe /X{B944FA21-81AF-4A77-8328-CE4F4CC51033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NETGEAR Print Server Software --> C:\Windows\IsUninst.exe -f"k:\Program Files\NETGEAR Print Server\Uninst.isu"
Network Print Monitor for Windows 2000/XP/2003 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Network Print Monitor\Uninst.isu" -c"C:\Program Files\Network Print Monitor\Loader.DLL"
Nokia Connectivity Cable Driver --> MsiExec.exe /X{4F1DCA42-2030-437C-A94E-736692A499C1}
Nokia Lifeblog 2.1 --> MsiExec.exe /I{EE565795-2776-415A-B31C-EB3A8D7C6FA4}
Nokia MTP driver --> MsiExec.exe /I{0E94871C-623C-464F-A117-B8474BFF84E1}
Nokia Multimedia Factory --> "C:\ProgramData\Installations\{4CFB3821-1582-4f3b-BF8D-30986923B36B}\Nokia_Multimedia_Factory_2_0.exe" /MAINTENANCE /SILENT="SWLPCER" /LANG="2057" /MSI_COMMON_OPTIONS="PCSLANG= MMFLANG=eng"
Nokia Multimedia Factory --> MsiExec.exe /I{4CFB3821-1582-4F3B-BF8D-30986923B36B}
Nokia PC Suite --> C:\ProgramData\Installations\{9C05FA75-0337-4523-AA57-9D3511018887}\Nokia_PC_Suite_rel_6_86_9_3_eng_web.exe
Nokia PC Suite --> MsiExec.exe /I{9C05FA75-0337-4523-AA57-9D3511018887}
Nokia Software Launcher --> MsiExec.exe /I{5CCABD37-479D-4304-B1A5-67952C25F8F2}
Nokia Video Manager --> "C:\ProgramData\Installations\{B1B4E612-9ACC-4fab-BD04-1721D9503266}\NokiaVideoManager1.6.exe" /MAINTENANCE /SILENT="SGWLRPFCE" /LANG="2057" /O=";EXTUNINSTALL=1"
Nokia Video Manager --> MsiExec.exe /I{B1B4E612-9ACC-4FAB-BD04-1721D9503266}
Norton AntiVirus --> MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
Norton Internet Security --> MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security --> MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security --> MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security --> MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security --> MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
Norton Protection Center --> MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
NVIDIA Drivers --> C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA nTune --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA PerfHUD 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70A66934-9248-4B31-A71A-E1E4239F7BC6}\setup.exe" -l0x9
NVIDIA PerfSDK --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41B6EF3E-C5D2-4196-B915-7DDD8842F8C0}\setup.exe" -l0x9
Orbit Downloader --> "K:\Program Files\Orbitdownloader\unins000.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Path Analyzer Pro 2.6 --> MsiExec.exe /I{318CE30A-2FD3-4E94-83F2-2501DD198D7B}
PC Connectivity Solution --> MsiExec.exe /I{AC599724-5755-48C1-ABE7-ABB857652930}
PC Probe II --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x9
PCMark05 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C104E56-A441-429D-A609-D8A46EB92EA1}\setup.exe" -l0x9 -removeonly
Picasa 2 --> "K:\Program Files\Picasa2\Uninstall.exe"
Pinnacle Hollywood FX 6.0 for Liquid --> C:\Windows\unvise32.exe k:\Program Files\Avid\Avid Liquid 7\..\HFX for Liquid\6.0\uninstal.log
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
PowerISO --> "k:\Program Files\PowerISO\uninstall.exe"
proDAD Heroglyph 2.5 --> "C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
proDAD Vitascene 1.0 --> "C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
QuarkXPress 6.1 --> MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}
QuarkXPress 7.2 --> MsiExec.exe /I{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}
QuickTime --> MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Race - The WTCC Game --> "C:\Program Files\Race - The WTCC Game\unins000.exe"
Race - The WTCC Game --> "M:\Program Files\Steam\steam.exe" steam://uninstall/4230
Race Dedicated Server --> "M:\Program Files\Steam\steam.exe" steam://uninstall/4240
Rapala Pro Fishing --> MsiExec.exe /I{CCCAA826-D6DE-4FA9-AC5F-73966AA00028}
RAPID (Liquid) --> MsiExec.exe /X{CEF37035-C1BB-4174-8175-1E878435F61A}
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Recover My Files --> "C:\Program Files\GetData\Recover My Files\unins000.exe"
RiskII (remove only) --> "K:\Program Files\RiskII\Uninstall.exe"
Safari --> MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Shadowrun --> C:\Program Files\InstallShield Installation Information\{8B3B9003-D3E5-45E3-8CCE-CDDDB111F42D}\setup.exe -runfromtemp -l0x0409
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
SmartSound Quicktracks Plugin --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
Smoke demo by NVIDIA (remove only) --> "K:\Program Files\NVIDIA Corporation\NVidia Demos\Smoke\uninstall.exe"
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sony Media Manager 2.3 --> MsiExec.exe /X{8FA5B6B7-D8BD-49F7-98D7-701C26B01E97}
Sony Vegas Pro 8.0 --> MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF}
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Squid --> C:\Windows\IsUninst.exe -f"K:\Program Files\Nvidia Corporation\Nvidia Demos\Squid\Uninst.isu"
StationRipper 2.87 --> C:\Program Files\Ratajik Software\StationRipper\uninstall-StationRipper.exe
Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Stellar Phoenix Windows Data Recovery V3.0.0.1 --> "C:\Program Files\Stellar Phoenix Windows Data Recovery\unins000.exe"
Studio 11 --> C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Studio 11 Bonus DVD --> C:\Program Files\InstallShield Installation Information\{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Studio Ultimate --> C:\Program Files\InstallShield Installation Information\{CC874CBB-BD87-4126-9465-AE73BB62D6E0}\setup.exe -runfromtemp -l0x0009 -removeonly
TMPGEnc 4.0 XPress --> MsiExec.exe /I{EC62A668-2E2D-46F9-A999-0812F1699245}
Trendyflash Intro Builder --> MsiExec.exe /I{EA4E18F0-E334-41F8-9AB6-7C2E2D1F8CF2}
Trendyflash Site Builder --> MsiExec.exe /I{E3880573-B551-4549-B67E-8AC09AC919B6}
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Ulead DVD MovieFactory 6 --> C:\Program Files\InstallShield Installation Information\{CCC4E428-411E-4605-B515-317D50ABD477}\setup.exe -runfromtemp -l0x0409
Ulead VideoStudio 11 --> C:\Program Files\InstallShield Installation Information\{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}\setup.exe -runfromtemp -l0x0409
UltraISO V7.66 ME --> "K:\Program Files\UltraISO\unins000.exe"
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb950378) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6296086-AED5-4EC0-938B-08EA0254F20E}
VCRedistSetup --> MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Video Server E --> k:\Program Files\Video Server E\UnInstall_27712.exe
VideoLAN VLC media player 0.8.6c --> k:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual Cable Tester --> MsiExec.exe /X{3D654496-9C3D-4565-858C-3E551ECDA4E2}
VistaBootPRO 3.3 --> MsiExec.exe /I{6C9FA746-8759-4040-A436-42922CB3492E}
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Driver Package - Nokia Modem (03/05/2008 3.7) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_ce5ad925\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_674398ba\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_4A1E30386F4D0DEC8F5DF262CFBD8845EEBAB175\pccsmcfd.inf
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Sound Schemes --> RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\UltSound.inf,Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Desktop Login --> MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Yahoo!7 Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zoltar --> C:\Windows\IsUninst.exe -f"K:\Program Files\nvidia corporation\nvidia demos\Zoltar\Uninst.isu"


-- Application Event Log -------------------------------------------------------

Event Record #/Type40234 / Warning
Event Submitted/Written: 07/04/2008 04:05:11 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-4116376760-1230811217-1833517263-1005:
Process 4468 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1005
Process 7884 (\Device\HarddiskVolume3\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1005\Software\Microsoft\Windows\CurrentVersion\Explorer

Event Record #/Type40227 / Warning
Event Submitted/Written: 07/04/2008 04:04:14 PM
Event ID/Source: 1001 / MsiInstaller
Event Description:
Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}', feature 'Phone' failed during request for component '{57FF4446-590E-4894-AE39-D55928DBDE01}'

Event Record #/Type40226 / Warning
Event Submitted/Written: 07/04/2008 04:04:14 PM
Event ID/Source: 1004 / MsiInstaller
Event Description:
Detection of product '{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}', feature 'Phone', component '{98916693-F0B5-4923-8BC6-1F0E6A883411}' failed. The resource 'HKEY_CURRENT_USER\Software\Skype\Phone\FE_label' does not exist.

Event Record #/Type40211 / Warning
Event Submitted/Written: 07/04/2008 03:56:34 PM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
15 user registry handles leaked from \Registry\User\S-1-5-21-4116376760-1230811217-1833517263-1000:
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Policies\Microsoft\SystemCertificates
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\My
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\TrustedPeople
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\trust
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\CA
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\Root
Process 1920 (\Device\HarddiskVolume3\Program Files\Common Files\Symantec Shared\ccSvcHst.exe) has opened key \REGISTRY\USER\S-1-5-21-4116376760-1230811217-1833517263-1000\Software\Microsoft\SystemCertificates\Disallowed

Event Record #/Type40203 / Error
Event Submitted/Written: 07/04/2008 03:32:24 PM
Event ID/Source: 59 / SideBySide
Event Description:
Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type417255 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Event Record #/Type417254 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Event Record #/Type417253 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Event Record #/Type417252 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.

Event Record #/Type417251 / Error
Event Submitted/Written: 07/04/2008 05:14:42 PM
Event ID/Source: 5 / BTHUSB
Event Description:
The Bluetooth driver expected an HCI event with a certain size but did not receive it.



-- End of Deckard's System Scanner: finished at 2008-07-04 17:17:57 ------------

Fix code tags. ~ OB

Edited by Orange Blossom, 04 July 2008 - 11:38 PM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:23 AM

Posted 05 July 2008 - 04:38 PM

Hello Mirage_xx and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

3. Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first (not for Windows Vista users !).
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you. (WinXP SP3 users, please download the appropriate SP2 file, Home or Pro, to install the RC)

In the event you already have Combofix, delete your current version and download the latest version as described in the tutorial.
It must be saved directly to your desktop.


Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 mirage_xx

mirage_xx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 05 July 2008 - 08:14 PM

Hello Thunder,

I downloaded and installed a free 30 days demo of Kaspersky 2009 v8 and that seemed to have got rid of most of my problems. Kaspersky seems a far better program then Norton so I will changing over soon. I also did what you recommended, and here are my 2 updated reports

Malwarebytes' Anti-Malware 1.19
Database version: 925
Windows 6.0.6001 Service Pack 1

10:35:24 AM 6/07/2008
mbam-log-7-6-2008 (10-35-24).txt

Scan type: Quick Scan
Objects scanned: 41594
Time elapsed: 3 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Deckard's System Scanner v20071014.68
Run by Adriano Cisternino on 2008-07-06 10:40:55
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Adriano Cisternino.exe) ----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:10 AM, on 6/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
K:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
K:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
K:\Program Files\Nero 8\InCD\NBHGui.exe
K:\Program Files\Nero 8\InCD\InCD.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
K:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
K:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
C:\PROGRA~1\symbian\shared\SYMBIA~1\SYMBIA~1.EXE
K:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\PROGRA~1\symbian\shared\SYMBIA~1\SCBal.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
K:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\Explorer.exe
C:\PROGRA~1\WINZIP\wzqkpick.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
L:\Famac\4DClient.exe
C:\Deckard\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\ADRIAN~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - K:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - K:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - K:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] K:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] K:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [UVS11 Preload] K:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe"
O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] K:\Program Files\Nero 8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] K:\Program Files\Nero 8\InCD\InCD.exe
O4 - HKLM\..\Run: [NBKeyScan] "K:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Picasa Media Detector] K:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [Sys493F.exe] C:\Windows\Sys493F.exe
O4 - HKCU\..\Run: [Sys498D.exe] C:\Windows\Sys498D.exe
O4 - HKCU\..\Run: [Sys6028.exe] C:\Windows\Sys6028.exe
O4 - HKCU\..\Run: [Sys7695.exe] C:\Windows\Sys7695.exe
O4 - HKCU\..\Run: [Sys9FF6.exe] C:\Windows\Sys9FF6.exe
O4 - HKCU\..\Run: [SysA025.exe] C:\Windows\SysA025.exe
O4 - HKCU\..\Run: [Sys63B1.exe] C:\Windows\Sys63B1.exe
O4 - HKCU\..\Run: [Sys6650.exe] C:\Windows\Sys6650.exe
O4 - HKCU\..\Run: [Sys8D41.exe] C:\Windows\Sys8D41.exe
O4 - HKCU\..\Run: [Sys8DEC.exe] C:\Windows\Sys8DEC.exe
O4 - HKCU\..\Run: [SysDA95.exe] C:\Windows\SysDA95.exe
O4 - HKCU\..\Run: [Sys4440.exe] C:\Windows\Sys4440.exe
O4 - HKCU\..\Run: [Sys314C.exe] C:\Windows\Sys314C.exe
O4 - HKCU\..\Run: [Sys3274.exe] C:\Windows\Sys3274.exe
O4 - HKCU\..\Run: [Sys44BC.exe] C:\Windows\Sys44BC.exe
O4 - HKCU\..\Run: [Sys4B23.exe] C:\Windows\Sys4B23.exe
O4 - HKCU\..\RunOnce: [ypagerps] cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Anapod Manager.lnk = K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe
O4 - Startup: AuctionTimeWatch.lnk = K:\Program Files\AuctionTimeWatch\AuctionTimeWatch.exe
O4 - Global Startup: Motorola Desktop Suite mRouter Config.lnk = C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe
O4 - Global Startup: Motorola Desktop Suite.lnk = C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe
O4 - Global Startup: SnagIt 8.lnk = K:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download by Orbit - res://K:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://K:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add all items to the auction list - res://K:\Program Files\RKD\AuctionNavigator\BidCtxtClick.dll/202
O8 - Extra context menu item: Add this item to the auction list - res://K:\Program Files\RKD\AuctionNavigator\BidCtxtClick.dll/201
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Do&wnload selected by Orbit - res://K:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://K:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Add to Auction Time Watch - {7472752B-8121-46D8-9075-A09E4BB1DC68} - K:\Program Files\AuctionTimeWatch\TLIntergIE.html (HKCU)
O9 - Extra 'Tools' menuitem: Add to Auction Time Watch - {7472752B-8121-46D8-9075-A09E4BB1DC68} - K:\Program Files\AuctionTimeWatch\TLIntergIE.html (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE374547-AA40-438A-869F-FF421BC3574C}: NameServer = 191.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - K:\Program Files\Nero 8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - K:\Program Files\Nero 8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - k:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 18273 bytes

-- Files created between 2008-06-06 and 2008-07-06 -----------------------------

2008-07-06 10:28:55 0 d-------- C:\Users\All Users\Malwarebytes
2008-07-06 10:28:51 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-05 13:03:04 0 d-------- C:\Program Files\iTunes
2008-07-05 13:01:57 0 d-------- C:\Program Files\Bonjour
2008-07-05 13:01:26 0 d-------- C:\Program Files\QuickTime
2008-07-04 23:15:00 96966 --a------ C:\Windows\system32\drivers\klin.dat
2008-07-04 23:15:00 88774 --a------ C:\Windows\system32\drivers\klick.dat
2008-07-04 23:13:56 712736 --ahs---- C:\Windows\system32\drivers\fidbox2.dat
2008-07-04 23:13:56 12705312 --ahs---- C:\Windows\system32\drivers\fidbox.dat
2008-07-04 23:13:56 0 d-------- C:\Users\All Users\Kaspersky Lab
2008-07-04 23:13:56 0 d-------- C:\Program Files\Kaspersky Lab
2008-07-04 22:49:53 0 d-------- C:\Users\All Users\Kaspersky Lab Setup Files
2008-07-04 21:14:45 0 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-07-04 21:07:37 0 d-------- C:\Windows\Sun
2008-07-04 17:14:58 0 d-------- C:\Program Files\Trend Micro
2008-07-04 15:57:15 0 dr------- C:\Users\Adri\Searches
2008-07-04 15:57:02 0 dr------- C:\Users\Adri\Contacts
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Videos
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Templates
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Start Menu
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\SendTo
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Saved Games
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Recent
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\PrintHood
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Pictures
2008-07-04 15:56:48 2621440 --ahs---- C:\Users\Adri\NTUSER.DAT
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\NetHood
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\My Documents
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Music
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Local Settings
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Links
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Favorites
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Downloads
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Documents
2008-07-04 15:56:48 0 dr------- C:\Users\Adri\Desktop
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Cookies
2008-07-04 15:56:48 0 d--hs---- C:\Users\Adri\Application Data
2008-07-04 15:56:48 0 d--h----- C:\Users\Adri\AppData
2008-07-04 14:58:51 0 d-------- C:\Windows\pss
2008-07-04 14:44:03 30208 --a------ C:\Windows\sysaef3.exe
2008-07-03 10:15:33 0 d-------- C:\Users\All Users\Nero
2008-07-03 10:15:33 0 d-------- C:\Program Files\Common Files\Nero
2008-07-02 21:23:43 0 d-------- C:\TempDVD
2008-06-09 20:39:51 0 d-------- C:\Users\All Users\WindowsSearch


-- Find3M Report ---------------------------------------------------------------

2008-07-06 10:40:40 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Skype
2008-07-06 10:28:58 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Malwarebytes
2008-07-06 09:36:04 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\skypePM
2008-07-05 17:39:37 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Yahoo!
2008-07-05 17:39:31 0 d-------- C:\Program Files\Yahoo!
2008-07-05 14:41:05 0 d-------- C:\Program Files\Java
2008-07-05 14:04:03 1660 --a------ C:\Windows\bthservsdp.dat
2008-07-05 13:03:06 0 d-------- C:\Program Files\iPod
2008-07-04 23:52:20 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\dvdcss
2008-07-04 23:08:53 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-07-04 23:08:17 0 d-------- C:\Program Files\Common Files
2008-07-04 23:07:35 0 d-------- C:\Program Files\Norton Internet Security
2008-07-04 22:52:04 0 d-------- C:\Program Files\Symantec
2008-07-04 20:19:39 0 d-------- C:\Program Files\Google
2008-07-04 15:00:59 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Orbit
2008-07-03 10:18:16 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Nero
2008-06-23 23:34:29 0 d-------- C:\Program Files\Safari
2008-06-20 13:56:49 0 d-------- C:\Users\Adriano Cisternino\AppData\Roaming\Mozilla
2008-06-11 18:41:10 0 d-------- C:\Program Files\Windows Mail
2008-06-04 08:54:34 0 d-------- C:\Program Files\Network Print Monitor
2008-06-03 08:23:57 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-05-20 22:04:51 0 d-------- C:\Program Files\Microsoft Silverlight
2008-05-14 01:16:50 174 --ahs---- C:\Program Files\desktop.ini
2008-05-14 01:08:12 0 d-------- C:\Program Files\Windows Sidebar
2008-05-14 01:08:12 0 d-------- C:\Program Files\Windows Calendar
2008-05-14 01:08:12 0 d-------- C:\Program Files\Movie Maker
2008-05-14 01:08:10 0 d-------- C:\Program Files\Windows Collaboration
2008-05-14 01:08:09 0 d-------- C:\Program Files\Windows Photo Gallery
2008-05-14 01:08:09 0 d-------- C:\Program Files\Windows Journal
2008-05-14 01:08:06 0 d-------- C:\Program Files\Windows Defender
2008-05-08 20:38:38 0 d-------- C:\Program Files\SmartSound Software
2008-05-08 20:37:38 0 d-------- C:\Program Files\DivX
2008-04-11 17:23:54 38400 --a------ C:\Windows\system32\SoundSchemes.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-09 08:40:31 24575 --a------ C:\Windows\system32\Mpwinapppiobas69.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
25/04/2008 06:22 PM 62728 --a------ C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 05:08 PM]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [21/03/2007 01:00 PM]
"RtHDVCpl"="RtHDVCpl.exe" [23/04/2007 05:21 PM C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [13/04/2007 05:06 PM C:\Windows\SkyTel.exe]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [07/05/2007 02:18 PM]
"GrooveMonitor"="E:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 06:00 AM]
"TrueImageMonitor.exe"="K:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [09/02/2007 08:33 PM]
"AcronisTimounterMonitor"="K:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [09/02/2007 08:50 PM]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [09/02/2007 08:39 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [25/03/2008 04:28 AM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [16/02/2005 03:15 PM]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [28/11/2007 06:51 PM]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [28/11/2006 12:12 AM]
"UVS11 Preload"="K:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [23/07/2007 12:55 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 09:16 PM]
"{B179023B-6238-4499-8F26-CD73E9D90E0A}"="C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" [04/06/2007 04:20 PM]
"MDGetStarted.exe"="C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" [13/06/2007 12:23 PM]
"PinnacleDriverCheck"="C:\Windows\system32\\PSDrvCheck.exe" [11/03/2004 01:26 AM]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [06/11/2007 07:00 PM]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [06/11/2007 07:00 PM]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [06/11/2007 07:00 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 03:57 PM]
"SecurDisc"="K:\Program Files\Nero 8\InCD\NBHGui.exe" [20/09/2007 10:36 AM]
"InCD"="K:\Program Files\Nero 8\InCD\InCD.exe" [20/09/2007 10:35 AM]
"NBKeyScan"="K:\Program Files\Nero 8\Nero BackItUp\NBKeyScan.exe" [20/09/2007 09:51 AM]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [25/04/2008 06:21 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [27/05/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/06/2008 11:13 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 05:03 PM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 10:34 AM]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [30/08/2007 05:43 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [12/11/2007 02:48 PM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" []
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 05:03 PM]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [26/03/2008 06:41 PM]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [16/04/2008 12:53 PM]
"Picasa Media Detector"="K:\Program Files\Picasa2\PicasaMediaDetector.exe" [26/02/2008 10:53 AM]
"Sys493F.exe"="C:\Windows\Sys493F.exe" []
"Sys498D.exe"="C:\Windows\Sys498D.exe" []
"Sys6028.exe"="C:\Windows\Sys6028.exe" []
"Sys7695.exe"="C:\Windows\Sys7695.exe" []
"Sys9FF6.exe"="C:\Windows\Sys9FF6.exe" []
"SysA025.exe"="C:\Windows\SysA025.exe" []
"Sys63B1.exe"="C:\Windows\Sys63B1.exe" []
"Sys6650.exe"="C:\Windows\Sys6650.exe" []
"Sys8D41.exe"="C:\Windows\Sys8D41.exe" []
"Sys8DEC.exe"="C:\Windows\Sys8DEC.exe" []
"SysDA95.exe"="C:\Windows\SysDA95.exe" []
"Sys4440.exe"="C:\Windows\Sys4440.exe" []
"Sys314C.exe"="C:\Windows\Sys314C.exe" []
"Sys3274.exe"="C:\Windows\Sys3274.exe" []
"Sys44BC.exe"="C:\Windows\Sys44BC.exe" []
"Sys4B23.exe"="C:\Windows\Sys4B23.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ypagerps"=cmd.exe /C del "C:\Program Files\Yahoo!\Messenger\ypagerps.dll"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

C:\Users\Adriano Cisternino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM]
Anapod Manager.lnk - K:\Program Files\Red Chair Software\Anapod Explorer\anamgr.exe [8/24/2007 5:25:35 PM]
AuctionTimeWatch.lnk - K:\Program Files\AuctionTimeWatch\AuctionTimeWatch.exe [8/31/2007 8:26:53 AM]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Motorola Desktop Suite mRouter Config.lnk - C:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterConfig.exe [8/21/2007 7:31:45 AM]
Motorola Desktop Suite.lnk - C:\Program Files\Motorola\Motorola Desktop Suite\DesktopSuite.exe [8/21/2007 7:31:07 AM]
SnagIt 8.lnk - K:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe [5/1/2007 11:11:48 AM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [7/5/2008 5:33:55 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableUIADesktopToggle"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll,

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Adriano Cisternino^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Core Temp.exe.lnk]
path=C:\Users\Adriano Cisternino\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Core Temp.exe.lnk
backup=C:\Windows\pss\Core Temp.exe.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
bthsvcs BthServ
GPSvcGroup GPSvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
AutoRun\command- O:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e7ec408-4c47-11dc-9271-806e6f6e6963}]
AutoRun\command- K:\Bin\Assetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87098302-4c6c-11dc-97cb-001bfcd7bfde}]
Auto\command- S:\msconfig32.exe e
AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL S:\msconfig32.exe e


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration



-- End of Deckard's System Scanner: finished at 2008-07-06 10:42:12 ------------



Thank you for your help and good advises and please let me know if you see anything wrong. At this stage the PC seems to be running fine.

Thanks again,
mirage_xx

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:23 AM

Posted 06 July 2008 - 01:38 PM

Hello Mirage_xx,

Did you run ComboFix ?
If so, I very much would like to see the ComboFix.txt log. :thumbsup:

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 mirage_xx

mirage_xx
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 06 July 2008 - 07:36 PM

Hi Thunder,

Running the ComboFix looks quite hard. As the PC is now running perfectly can I avoid this step as I would hate to do some unnecessary damage now.

Let me know what you think,
Adri

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:23 AM

Posted 07 July 2008 - 04:05 AM

Hello Adri,

Running ComboFix is really a piece of cake. :thumbsup:

As a Vista user you don't need to bother installing the Recovery Console.
You only have to download ComboFix and double click it to continue with the ComboFix scan.

As a matter of fact it's quite similar like the DSS scan you already ran.
This tool however has some advanced cleaning possibilities.

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:04:23 AM

Posted 05 August 2008 - 07:05 AM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users