Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Diagnosis help please


  • This topic is locked This topic is locked
12 replies to this topic

#1 boydie

boydie

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 06 December 2008 - 06:20 PM

Hi Folks,

Re this misplaced post - http://www.bleepingcomputer.com/forums/t/184529/never-leave-your-pc-in-the-hands-of-the-elderly/

I was directed here after posting in the wrong forum - I have run RSIT and enclose my logs.

Symptoms include the intermittent appearance of a small pop up box simply saying looking for new software....' - this appears to hang a quarter way doing whatever it is doing - there is no application running in task manager - so I am unsure which software this is pertinent to. Please note this computer was active whilst I was out of town and my parents used it for their amusement - they are none too computer saavy but I figured I was fairly well protected. Other symptoms - I may be wrong here but I could swear that boot up takes longer and overall performance seems to have taken a hit.

Thanks so much for looking.

Logs........

Logfile of random's system information tool 1.04 (written by random/random)
Run by TheOne at 2008-12-06 23:01:08
Microsoft Windows XP Professional Service Pack 3
System drive C: has 206 GB (88%) free of 235 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:01:16, on 06/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Titan Backup\TitanBackup.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\RapidSolution\Tunebite\vcdw\VCDAudioService.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\FSAUA\program\fsus.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\TheOne\Desktop\RSIT.exe
C:\Documents and Settings\TheOne\My Documents\DownLoads\Security\hijackthis\HiJackThis\TheOne.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Tunebite_WebRipPlugin Class - {AA102584-3B97-47e7-B9BC-75D54C110A7D} - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: IE DevToolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [Titan Backup] "C:\Program Files\Titan Backup\TitanBackup.exe" /startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/...101/CTSUEng.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15106/CTPID.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: Virtual CDAudio Service - RapidSolution Software AG - C:\Program Files\RapidSolution\Tunebite\vcdw\VCDAudioService.exe

--
End of file - 10438 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled scanning task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-04-18 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA102584-3B97-47e7-B9BC-75D54C110A7D}]
Tunebite_WebRipPlugin Class - C:\Program Files\RapidSolution\Tunebite\plugins\IE\TB_WebRipIePlugin.dll [2008-09-15 144688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-10 652784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC7E636D-39AA-49b6-B511-65413DA137A1}]
IE DevToolbar BHO - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll [2007-01-11 623992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}]
C:\Program Files\PicLensIE\cooliris.dll [2008-11-21 3725272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-04-18 552960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"=C:\WINDOWS\system32\ptipbmf.dll [2003-06-20 118784]
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-12-20 131072]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"SpeedTouch USB Diagnostics"=C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe [2004-01-26 866816]
"F-Secure Manager"=C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE [2008-04-04 182936]
"F-Secure TNB"=C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe [2008-04-04 739936]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"Corel File Shell Monitor"=C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"CTZDetec.exe"=C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe [2007-12-18 401408]
"Titan Backup"=C:\Program Files\Titan Backup\TitanBackup.exe [2008-11-06 4076992]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2008-08-18 16712]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-12-06 23:01:08 ----D---- C:\rsit
2008-12-03 18:42:45 ----A---- C:\WINDOWS\system32\Log_20081203_184245_174C.txt
2008-12-03 18:42:43 ----A---- C:\WINDOWS\system32\Log_20081203_184243_1410.txt
2008-12-03 18:42:41 ----A---- C:\WINDOWS\system32\Log_20081203_184241_EAC.txt
2008-12-03 18:42:39 ----A---- C:\WINDOWS\system32\Log_20081203_184239_17DC.txt
2008-12-03 18:42:37 ----A---- C:\WINDOWS\system32\Log_20081203_184236_15DC.txt
2008-12-03 18:42:34 ----A---- C:\WINDOWS\system32\Log_20081203_184234_136C.txt
2008-12-03 18:42:32 ----A---- C:\WINDOWS\system32\Log_20081203_184232_1158.txt
2008-12-03 18:42:30 ----A---- C:\WINDOWS\system32\Log_20081203_184230_188.txt
2008-12-03 18:42:28 ----A---- C:\WINDOWS\system32\Log_20081203_184228_168C.txt
2008-12-03 18:42:26 ----A---- C:\WINDOWS\system32\Log_20081203_184226_148C.txt
2008-12-03 18:42:23 ----A---- C:\WINDOWS\system32\Log_20081203_184223_12A8.txt
2008-12-03 18:42:21 ----A---- C:\WINDOWS\system32\Log_20081203_184221_108C.txt
2008-12-03 18:42:19 ----A---- C:\WINDOWS\system32\Log_20081203_184219_558.txt
2008-12-03 18:42:17 ----A---- C:\WINDOWS\system32\Log_20081203_184217_16B4.txt
2008-12-03 18:42:15 ----A---- C:\WINDOWS\system32\Log_20081203_184215_1530.txt
2008-12-03 18:42:13 ----A---- C:\WINDOWS\system32\Log_20081203_184213_137C.txt
2008-12-03 18:42:11 ----A---- C:\WINDOWS\system32\Log_20081203_184211_1220.txt
2008-12-03 18:42:09 ----A---- C:\WINDOWS\system32\Log_20081203_184209_102C.txt
2008-12-03 18:42:07 ----A---- C:\WINDOWS\system32\Log_20081203_184206_9C4.txt
2008-12-03 18:42:04 ----A---- C:\WINDOWS\system32\Log_20081203_184204_1704.txt
2008-12-03 18:42:02 ----A---- C:\WINDOWS\system32\Log_20081203_184202_15E0.txt
2008-12-03 18:42:00 ----A---- C:\WINDOWS\system32\Log_20081203_184200_1468.txt
2008-12-03 18:41:58 ----A---- C:\WINDOWS\system32\Log_20081203_184158_133C.txt
2008-12-03 18:41:56 ----A---- C:\WINDOWS\system32\Log_20081203_184156_11CC.txt
2008-12-03 18:41:54 ----A---- C:\WINDOWS\system32\Log_20081203_184154_1094.txt
2008-12-03 18:41:52 ----A---- C:\WINDOWS\system32\Log_20081203_184152_CCC.txt
2008-12-03 18:41:50 ----A---- C:\WINDOWS\system32\Log_20081203_184150_F8C.txt
2008-12-03 18:41:48 ----A---- C:\WINDOWS\system32\Log_20081203_184148_4A8.txt
2008-12-03 18:41:46 ----A---- C:\WINDOWS\system32\Log_20081203_184146_69C.txt
2008-12-03 18:41:45 ----A---- C:\WINDOWS\system32\Log_20081203_184145_114.txt
2008-12-03 18:41:43 ----A---- C:\WINDOWS\system32\Log_20081203_184143_668.txt
2008-12-03 18:41:41 ----A---- C:\WINDOWS\system32\Log_20081203_184141_8D4.txt
2008-12-03 18:41:39 ----A---- C:\WINDOWS\system32\Log_20081203_184139_A04.txt
2008-12-03 18:41:37 ----A---- C:\WINDOWS\system32\Log_20081203_184137_AA8.txt
2008-12-03 18:41:33 ----A---- C:\WINDOWS\system32\Log_20081203_184133_DC4.txt
2008-12-03 18:41:30 ----A---- C:\WINDOWS\system32\Log_20081203_184129_8FC.txt
2008-11-27 09:03:03 ----D---- C:\Program Files\PicLensIE
2008-11-22 17:41:56 ----D---- C:\Program Files\iPod
2008-11-22 17:41:53 ----D---- C:\Program Files\iTunes
2008-11-22 17:41:53 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-22 16:09:33 ----A---- C:\WINDOWS\system32\TUProgSt.exe
2008-11-22 16:09:31 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2008-11-22 16:09:29 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-11-21 16:59:11 ----D---- C:\Program Files\TuneUp Utilities 2009
2008-11-21 16:58:44 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2008-11-16 05:14:59 ----D---- C:\Documents and Settings\TheOne\Application Data\Corel
2008-11-16 05:12:30 ----D---- C:\Program Files\Common Files\Protexis
2008-11-16 05:12:30 ----D---- C:\Program Files\Common Files\Corel
2008-11-16 05:12:30 ----D---- C:\Documents and Settings\All Users\Application Data\Corel
2008-11-16 05:10:51 ----D---- C:\Program Files\Corel
2008-11-15 19:33:09 ----D---- C:\WINDOWS\system32\syncdb
2008-11-15 18:21:47 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData
2008-11-15 18:21:47 ----A---- C:\AdobeDebug.txt
2008-11-15 18:19:09 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-11-15 17:44:19 ----D---- C:\Documents and Settings\TheOne\Application Data\Download Manager
2008-11-12 18:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 18:32:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 18:31:48 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-06 23:01:16 ----D---- C:\WINDOWS\Temp
2008-12-06 23:00:36 ----D---- C:\WINDOWS\Prefetch
2008-12-06 22:51:19 ----D---- C:\Program Files\Mozilla Firefox
2008-12-06 22:30:12 ----SHD---- C:\WINDOWS\Installer
2008-12-06 22:30:12 ----SHD---- C:\Config.Msi
2008-12-06 21:49:21 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-06 20:04:42 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-06 20:04:24 ----A---- C:\WINDOWS\ModemLog_PCI SoftV92 Modem.txt
2008-12-06 20:04:13 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-06 20:03:02 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-06 18:41:11 ----AD---- C:\WINDOWS
2008-12-06 18:03:24 ----D---- C:\Program Files\Titan Backup
2008-12-06 14:08:14 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-06 14:08:07 ----HD---- C:\WINDOWS\inf
2008-12-06 13:19:17 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-03 21:05:11 ----A---- C:\Log.txt
2008-12-03 18:42:45 ----D---- C:\WINDOWS\system32
2008-12-03 16:08:12 ----D---- C:\WINDOWS\system32\Macromed
2008-12-02 16:41:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-01 22:13:45 ----D---- C:\Documents and Settings\TheOne\Application Data\StarOffice8
2008-11-29 18:52:34 ----A---- C:\EyeCandyLog.txt
2008-11-28 16:01:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-27 10:04:32 ----D---- C:\WINDOWS\Help
2008-11-27 09:03:03 ----RD---- C:\Program Files
2008-11-22 17:41:55 ----D---- C:\Program Files\Common Files\Apple
2008-11-22 17:40:29 ----D---- C:\Program Files\QuickTime
2008-11-22 16:09:33 ----SD---- C:\WINDOWS\Tasks
2008-11-21 19:43:22 ----SHD---- C:\System Volume Information
2008-11-21 19:43:22 ----D---- C:\WINDOWS\system32\Restore
2008-11-21 19:37:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-21 17:12:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-21 16:59:42 ----D---- C:\WINDOWS\system32\config
2008-11-16 05:12:30 ----D---- C:\Program Files\Common Files
2008-11-15 20:02:27 ----D---- C:\WINDOWS\Debug
2008-11-15 19:38:38 ----D---- C:\Program Files\Adobe
2008-11-15 19:36:55 ----D---- C:\Program Files\Common Files\Adobe
2008-11-15 19:34:40 ----D---- C:\WINDOWS\system32\drivers
2008-11-15 19:33:09 ----D---- C:\Documents and Settings\TheOne\Application Data\Adobe
2008-11-15 18:19:39 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-15 18:11:36 ----RSD---- C:\WINDOWS\Fonts
2008-11-14 07:00:04 ----D---- C:\WINDOWS\WinSxS
2008-11-12 18:33:34 ----HD---- C:\WINDOWS\$hf_mig$
2008-11-07 13:29:51 ----D---- C:\Documents and Settings\TheOne\Application Data\Serif
2008-11-07 13:28:42 ----D---- C:\Program Files\Serif

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys []
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-12-22 44384]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-09-29 1036928]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-09-29 219136]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2004-09-01 13106]
R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2004-09-01 55042]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2004-09-01 71758]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 nvax;Service for NVIDIAŽ nForce™ Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2005-07-26 53376]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 nvnforce;Service for NVIDIAŽ nForce™ Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2005-07-26 415360]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-09-15 43552]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-09-29 702592]
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2006-11-01 128104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 fasttx2k;fasttx2k; C:\WINDOWS\system32\DRIVERS\fasttx2k.sys [2003-08-06 159744]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys []
S4 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2004-04-20 472960]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 m5287;m5287; C:\WINDOWS\system32\DRIVERS\m5287.sys [2005-02-05 85888]
S4 m5289;m5289; C:\WINDOWS\system32\DRIVERS\m5289.sys [2004-12-01 51840]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S4 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-03-29 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-19 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 CTDevice_Srv;CT Device Query service; C:\Program Files\Creative\Shared Files\CTDevSrv.exe [2007-04-02 61440]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe [2008-04-04 47800]
R2 FSMA;FSMA; C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE [2008-04-04 113304]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-10 168432]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2008-11-22 603904]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Virtual CDAudio Service;Virtual CDAudio Service; C:\Program Files\RapidSolution\Tunebite\vcdw\VCDAudioService.exe [2008-09-15 118784]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe [2008-04-04 457312]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe [2008-04-04 453216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-22 362240]

-----------------EOF-----------------


and.....

info.txt logfile of random's system information tool 1.04 2008-12-06 23:01:17

======Uninstall list======

-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
-->"C:\Program Files\F-Secure Internet Security\Uninstall\fsuninst.exe" /UninstRegKey:"News Service"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 8.04-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
Ashampoo ClipFinder 1.48-->"C:\Program Files\Ashampoo\Ashampoo ClipFinder\unins000.exe"
Ashampoo Magical Snap 2.30-->"C:\Program Files\Ashampoo\Ashampoo Magical Snap 2\unins001.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP160 User Registration-->C:\Program Files\Canon\IJEREG\MP160\UNINST.EXE
Canon MP160-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160 /L0x0009
Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ColorImpact version 2.8.7-->"C:\Program Files\TigerColor\ColorImpact 2\unins000.exe"
Cooliris for Internet Explorer-->MsiExec.exe /I{B46BC183-3713-3814-9067-D1C6BC952F7B}
Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}
Creative Media Lite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1A99CB37-AEB0-492F-A85A-8A2536D22393}\setup.exe" -l0x9 /remove
Creative ZEN Stone Plus User's Guide-->"C:\Program Files\Creative\Creative ZEN Stone Plus\UGRemove.exe" /Product_Name:ZENStonePlusUG
DaisyTrail DigiKit Collection 1-->MsiExec.exe /X{BC489586-33E9-412D-BA70-485F3EA92DBE}
DriverAgent by TouchStone Software-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
Easy-WebPrint-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
F-Secure Internet Security 2008-->"C:\Program Files\F-Secure Internet Security\FSGUI\PostInstall.exe" /tUnInstall
GML Matting 0.1-->"C:\Program Files\GML\Matting\0.1\unins000.exe"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
GTK+ 2.8.18-1 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Documents and Settings\TheOne\My Documents\DownLoads\Security\hijackthis\HiJackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\TheOne\Application Data\HouseCall 6.6\uninstaller.exe"
Internet Explorer Developer Toolbar-->MsiExec.exe /I{A9C3943B-FCE5-4DA9-9575-B8B0B13C79C8}
Ipswitch WS_FTP Professional 2007-->C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe -runfromtemp -l0x0009 -removeonly
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Jasc Animation Shop 3-->MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9
Macromedia Contribute 3.11-->MsiExec.exe /I{4B9535BF-CC90-4158-AF32-CAF57A8820CA}
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Fireworks 8-->MsiExec.exe /I{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Mesh Online-->"C:\Program Files\Mesh Online\uninstall.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.18)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MultipleIEs-->"C:\Program Files\MultipleIEs\unins000.exe"
Name It Your Way (NIYoW) v1.7.6-->"C:\Program Files\NIYoW\unins000.exe"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NvMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Opera 9.60-->MsiExec.exe /X{D0C04904-ED13-4DB3-ACCA-A41079EBA23C}
Paint.NET v3.10-->MsiExec.exe /X{5E749AEB-5A19-43BA-BB20-3CBB37539FE4}
PCI SoftV92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF
PhotoScape-->"C:\Program Files\PhotoScape\uninstall.exe"
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PixiePack Codec Pack-->MsiExec.exe /I{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Serif Christmas Card 2008 DigiKit-->MsiExec.exe /X{72F6E0E4-76B4-4C15-8C78-0F098F8FAAC6}
Serif Digital Scrapbook Artist-->MsiExec.exe /X{D303CDE8-D1DB-4DBA-A15A-C7EE3D775726}
Serif DrawPlus 8 Resources-->MsiExec.exe /I{9044384C-1D53-4DEA-B257-0A0C7D6C7452}
Serif DrawPlus 8-->MsiExec.exe /I{838E3304-69BE-4537-8297-1760E36A2DA5}
Serif PagePlus 11 Resources-->MsiExec.exe /I{C9A391A7-E3C0-45B3-9A8E-1D878C9A3997}
Serif PagePlus 11-->MsiExec.exe /I{0B884C9B-5D85-4461-88EE-826E1BB33008}
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" /l0009 -Control_Panel
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
StarOffice 8-->MsiExec.exe /I{FD42253B-9B4B-4150-998A-26B16E370EA9}
Style Master 4.6-->MsiExec.exe /I{90381EFF-A3F1-42FB-8CF5-E3C941DC0548}
SWiSH Max2-->C:\WINDOWS\unvise32.exe C:\Program Files\SWiSH Max2\uninstal.log
The GIMP 2.2.13-->"C:\Program Files\GIMP-2.0\unins000.exe"
Titan Backup-->"C:\PROGRA~1\TITANB~1\UNWISE.EXE" "C:\PROGRA~1\TITANB~1\INSTALL.LOG"
Tunebite-->MsiExec.exe /I{C0B5744A-3748-48AA-A30D-2B4A2E2D827C}
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48963B63-7A10-49D6-8B08-61E6132453D0}\Setup.exe" -l0x9
ViewSonic Monitor Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
ViewSonic Windows XP Signed Files-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC47C7A5-BE63-11D5-B7C9-005004566E4D}\Setup.exe" -l0x9
Virtual Pool 3 DL-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Celeris\Virtual Pool 3 DL\Uninst.isu"
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WS_FTP Professional 2007.1 HF1-->"C:\Program Files\InstallShield Installation Information\{3C88E09E-78A2-414C-BAC6-989A0E150F4A}\setup.exe" -runfromtemp -l0x0009 -removeonly
Xara Xtreme 4-->C:\Program Files\Xara\Xara Xtreme 4\unwise.exe

======Security center information======

AV: F-Secure Internet Security 2008 8.00
FW: F-Secure Internet Security 2008 8.00

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2302
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 AM

Posted 14 December 2008 - 04:22 AM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files before we run OTScanIt. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
  • If you use any other browsers, select them appropriately from the top and empty all items.
Download and Run OTScanIt
Download OTScanIt by OldTimer to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program. If you are running on Vista then right-click the program and choose Run as Administrator.
  • Check the Scan all users box at the top left.
  • Change the Rootkit Scan setting from "No" to Yes.
  • Click the Extras button under "Additional Scans".
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessary).
  • Use the Add Reply button in the forum and Attach the scan back here (do not copy/paste it as it will be too big to fit into the post). It will be located in the OTScanIt folder and named OTScanIt.txt.

Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


In your next reply include:
-the OTScanIt log (attached)
-the Kaspersky log (pasted directly into your reply)

Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 boydie

boydie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 14 December 2008 - 01:48 PM

Hi Panda - thanks so much for helping me out here - much appreciated.

I'm in the middle of the Kapersky scan and have a question which concerns OTScanIt2 - on opening this zip file I noticed 2 exe files - OTScanIt2.exe and catchme.exe - running OTScanIt2 produced two files - OTScanIT.txt and CatchMe.log - should I attach BOTH these files along with the Kapersky scan when it completes?

Cheers

#4 boydie

boydie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 14 December 2008 - 06:17 PM

Hi,

Thanks again for helping out - here goes - Kaspersky log and attached files created by OTScanIt2....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 14, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 14, 2008 17:34:54
Records in database: 1460955
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan statistics:
Files scanned: 250693
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:23:47


File name / Threat name / Threats count
C:\Documents and Settings\TheOne\My Documents\DownLoads\Security\addawareaddons\vx2cleaner_inst.exe Infected: Backdoor.Win32.IRCBot.guu 1

The selected area was scanned.

Attached Files



#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 AM

Posted 15 December 2008 - 04:42 AM

Hello.

Sorry for the delay in response. For some reason, I had missed your post.

As you can see, Kaspersky found a trojan in this file:
\My Documents\DownLoads\Security\addawareaddons\vx2cleaner_inst.exe
Please delete the file. Have you run this installer yet?

The device driver that is trying to install is "rsvcdwdr". Do you have any idea what this is?

"Style Master 4.6" was also having trouble installing, but you probably know this from the errors.

Please open OTScanIt2, and paste into the custom scans:
%SystemRoot%\System32\syncdb\*.* /s
c:\rsvcdwdr.sys /s
c:\rsvcdwdr1.sys /s
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rsvcdwdr /rs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rsvcdwdr1 /rs
Next round, we'll try to disable that device.

With Regards,
The Panda

#6 boydie

boydie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 15 December 2008 - 08:07 AM

Hi,

Again thanks for your help.

This is so weird - the trojan that Kaspersky found I believe was an addon for a previous version of addaware se which I may have run at some point, I really can't remember - I now have a newer version of addaware se which I don't believe utilised this addon.

The odd thing is I run weekly scans with F-Secure 2008 and never once did this get flagged - after Kaspersky ran and found this I pointed F-Secure directly at this folder and guess what - it was flagged straight away and offered to rename it - this now has given me serious doubts about F-Secure!

StyleMaster 4,6: is a CSS editor which I've had problems like this with in the past - I think re-installing did the trick last time - I'm not too bothered it's seldom used.

rsvcdwdr: - I didn't realise I had this problem - I have gone to device manager to check - under SCSI and RAID controllers - I have 3 instances of RapidSolution Pseudo SCSI Adapter 2 of which have exclamation marks against them - I think these adapters may be connected to TuneBite mp3 software - can I remove these 3 adapters from within Device Manager - I don't know what they are or what they are doing?

One last thing ( if your still with me :-) ) - the code you quoted - should I enter this and run a scan and post results?

Cheers

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 AM

Posted 15 December 2008 - 08:17 AM

Hello boydie.

If you are posting into this topic, I'm still with you :thumbsup: .

Using the device manager, right click those entries and select Disable. Does this fix the device setup at startup?

Please paste time code into OTScanIt's Custom Scans and click Run Scan. Leave other settings at default:
%SystemRoot%\System32\syncdb\*.* /s
I wanted to see wat was in that folder. Probably not malicious, but I want to check it.

Please attach the scan log to your reply.

Had you run full scans with F-Secure? If a "quick scan" was used, the My Documents folder may be skipped.

With Regards,
The Panda

#8 boydie

boydie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 15 December 2008 - 09:52 AM

Hi Panda,

Glad you are still with me - it's very reassuring.

I've disabled all three SCSI adapters and all seems fine at start-up - for a while previously I was getting a 'new device' alert but that settled down after a while - all now seems fine - should I delete these entries or just leave them disabled?

Ah - F-Secure - I had set a schedule for once a week - I hadn't realised that after a manual scan it would have kept those settings - my bad! Perhaps I spoke too soon about F-Secure - in my defence - "to err is human" <lol>

BTW - Since starting this thread and following the fixes I have noticed that CCleaner has lost it's right click capabilities - no delete/shred?

I've attached the OTScanIT log - Once again StyleMaster threw the dummy when running this scan!

Cheers....

Attached Files



#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 AM

Posted 15 December 2008 - 09:19 PM

Hello Boydie.

Looks like there's nothing in that folder.

should I delete these entries or just leave them disabled?

I would just leave them disabled. If you delete them, it might say "Driver not there.. do you want to install it?".

I have noticed that CCleaner has lost it's right click capabilities - no delete/shred?

After which "fix" did this happened? We haven't actually done anything yet.

I don't remember CCleaner adding context menus other than the ones for the Recycling Bin icon. Reinstalling it would fix whatever happened.

Do you have any issues other than the ones already mentioned right now?

With Regards,
The Panda

#10 boydie

boydie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 15 December 2008 - 09:31 PM

Hey Panda,

Thanks for your continued support....

I'll leave those SCSI adapters disabled.

CCleaner - of course you are right and I DO have the right click options on the recycle bin - I'm losing the plot ;-)

No other issues - I removed Style Master as it spat the dummy when I tried to run it - other than that all seems good.

Cheers

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 AM

Posted 15 December 2008 - 10:12 PM

Hello.

Let's cleanup our tools and set a new restore point.

Run Cleanup with OTScantIt
This will remove all the tools we used.
  • Double click the OTScanIt.exe icon in the OTScanIt folder on your desktop. If you are using Windows Vista, right click OTScanIt.exe and select Run as Administrator.
  • Click the CleanUp bottun.
  • Restart if prompted.
Set New System Restore Point
Now you should Set a New Restore Point to prevent the settings from returning.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restore.
  • Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type:
    cleanmgr
  • Click OK.
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

For general slowness problems, take a look at Slow Computer/browser? It May Not Be Malware. Read [b]How to use the Startup Database
to identify and disable uneeded processes and increase the amount of available resources.

Do you have any further questions or concerns?

With Regards,
The Panda

#12 boydie

boydie
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 15 December 2008 - 10:49 PM

Hi Panda,

That's brilliant - I now feel much happier and more secure - I'll read up on the links you posted and follow the instructions.

I do still have RSIT.exe and ATF-Cleaner.exe on my desktop - can I just delete those?

Much obliged.

Cheers

#13 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:41 AM

Posted 15 December 2008 - 11:28 PM

Welcome :thumbsup: .

If any programs we used are left, feel free to delete them.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users