Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with trojan-downloader.js.agent.czp


  • This topic is locked This topic is locked
3 replies to this topic

#1 Mob-ruhls

Mob-ruhls

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 07 December 2008 - 11:41 PM

I have zone alarm security suite and use window washer to clean at least 1/week. About 1 week ago, I started getting pop-ups for spyware detection software with alert windows appearing to be from ms. Then zone alarm detected the trojan downloader virus and quarantined it. I immediately washed and ran za scans. Since then, I continue to run za spyware and virus scans and quarantined or deleted several spywares, but it keeps coming back. I've noticed much slower processing speed, some websites that will not allow certain views (ebay will not show my "watching" page) and some programs that will not launch.

Any help you can provide is greatly appreciated.

Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrator at 2008-12-07 19:06:05
Microsoft Windows XP Professional Service Pack 3
System drive C: has 83 GB (54%) free of 153 GB
Total RAM: 511 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:07:16 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\CTsvcCDA.exe
C:\WINNT\ehome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\slserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\ups.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\ehome\ehtray.exe
C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINNT\ehome\ehmsas.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINNT\system32\Rundll32.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINNT\system32\slrundll.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Desktop Alert\desktopalert_1969710.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...JN+VnCdqLsKAHJ+
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a207a208-d6a3-4061-ac65-262f908a95a3} - C:\WINNT\system32\wupinade.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINNT\ehome\ehtray.exe
O4 - HKLM\..\Run: [DVDTray] C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe
O4 - HKLM\..\Run: [DVDBitSet] C:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe /NOUI
O4 - HKLM\..\Run: [DSL Connection Tool] C:\Program Files\MSN\MSNIA\dslmon.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [DSS] C:\WINNT\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [mupitojala] Rundll32.exe "C:\WINNT\system32\viriveda.dll",s
O4 - HKLM\..\Run: [606b3374] rundll32.exe "C:\WINNT\system32\wifukolu.dll",b
O4 - HKLM\..\Run: [CPM635800e8] Rundll32.exe "c:\winnt\system32\defadegi.dll",a
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKUS\S-1-5-19\..\Run: [mupitojala] Rundll32.exe "C:\WINNT\system32\viriveda.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mupitojala] Rundll32.exe "C:\WINNT\system32\viriveda.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Startup: Desktop Alert.lnk = C:\Program Files\Desktop Alert\desktopalert_1969710.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?80b934c20c624d029b390a1dda39e048
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?80b934c20c624d029b390a1dda39e048
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.sierra.com/cab/WONWebLauncherControl.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O20 - AppInit_DLLs: C:\WINNT\system32\helileve.dll C:\WINNT\system32\wuzowohi.dll c:\winnt\system32\defadegi.dll
O20 - Winlogon Notify: vtstu - C:\WINNT\system32\vtstu.dll (file missing)
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\defadegi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\defadegi.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe

--
End of file - 15446 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\Check Updates for Windows Live Toolbar.job
C:\WINNT\tasks\Microsoft_Hardware_Launch_IPoint_exe.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{68F9551E-0411-48E4-9AAF-4BC42A6A46BE}]
EWPBrowseObject Class - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [2006-06-09 34304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DD0BC06-4719-4BA3-BEBC-FBAE6A448152}]
MSEvents Object

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a207a208-d6a3-4061-ac65-262f908a95a3}]
C:\WINNT\system32\wupinade.dll [2008-09-05 64733]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-07-17 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-07 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2007-07-17 2403392]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINNT\System32\NvCpl.dll [2003-10-06 5058560]
"nwiz"=nwiz.exe /install []
"IgfxTray"=C:\WINNT\System32\igfxtray.exe [2003-07-10 155648]
"HotKeysCmds"=C:\WINNT\System32\hkcmd.exe [2003-07-10 114688]
"Gateway Ink Monitor"=C:\Program Files\Gateway Utilities\GWInkMonitor.exe [2003-06-24 303180]
"ehTray"=C:\WINNT\ehome\ehtray.exe [2008-04-13 50176]
"DVDTray"=C:\PROGRA~1\HPDVD~1\Umbrella\DVDTray.exe [2003-07-23 69632]
"DVDBitSet"=C:\PROGRA~1\HPDVD~1\Umbrella\DVDBitSet.exe [2003-07-18 204800]
"DSL Connection Tool"=C:\Program Files\MSN\MSNIA\dslmon.exe [2002-10-26 110592]
"CTHelper"=C:\WINNT\system32\CTHELPER.EXE [2003-01-21 28672]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-07 50688]
"WT GameChannel"=C:\Program Files\WildTangent\Apps\GameChannel.exe []
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"UserFaultCheck"=C:\WINNT\system32\dumprep 0 -u []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-06-21 35328]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2005-02-16 49152]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-10-16 1197648]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-10-31 57344]
"P17Helper"=Rundll32 P17.dll []
"UpdReg"=C:\WINNT\UpdReg.EXE [2000-05-11 90112]
"CTXFIREG"=CTxfiReg.exe []
"DSS"=C:\WINNT\BBSTORE\DSS\DSSAGENT.EXE []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-10-09 981904]
"mupitojala"=C:\WINNT\system32\viriveda.dll [2008-09-05 64733]
"606b3374"=C:\WINNT\system32\wifukolu.dll [2008-12-07 88322]
"CPM635800e8"=c:\winnt\system32\defadegi.dll [2008-12-07 93263]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-07 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe []
"Window Washer"=C:\Program Files\Webroot\Washer\wwDisp.exe [2007-09-05 1261384]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe []
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2004-11-22 307200]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-02-13 155648]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
Desktop Alert.lnk - C:\Program Files\Desktop Alert\desktopalert_1969710.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINNT\system32\helileve.dll C:\WINNT\system32\wuzowohi.dll c:\winnt\system32\defadegi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-07-10 319488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vtstu]
C:\WINNT\system32\vtstu.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\defadegi.dll [2008-12-07 93263]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\winnt\system32\defadegi.dll [2008-12-07 93263]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINNT\system32\helileve.dll
C:\WINNT\system32\wuzowohi.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\BitTorrent\btdownloadgui.exe"="C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\MSN\MSNCoreFiles\msn.exe"="C:\Program Files\MSN\MSNCoreFiles\msn.exe:*:Disabled:msn"
"C:\WINNT\system32\dpvsetup.exe"="C:\WINNT\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINNT\system32\rundll32.exe"="C:\WINNT\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\WINNT\explorer.exe"="C:\WINNT\explorer.exe:*:Enabled:Explorer"
"C:\WINNT\system32\logonui.exe"="C:\WINNT\system32\logonui.exe:*:Enabled:logonui"
"C:\WINNT\system32\winlogon.exe"="C:\WINNT\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINNT\system32\lsass.exe"="C:\WINNT\system32\lsass.exe:*:Enabled:lsass"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd3d7bab-b97d-11db-9853-00038a000015}]
shell\AutoRun\command - G:\setupSNK.exe


======List of files/folders created in the last 1 months======

2008-12-07 19:06:08 ----D---- C:\Program Files\trend micro
2008-12-07 19:06:05 ----D---- C:\rsit
2008-12-07 14:36:49 ----A---- C:\WINNT\system32\deploytk.dll
2008-12-07 14:36:48 ----A---- C:\WINNT\system32\javaws.exe
2008-12-07 14:36:48 ----A---- C:\WINNT\system32\javaw.exe
2008-12-07 14:36:47 ----A---- C:\WINNT\system32\java.exe
2008-12-07 12:33:54 ----SH---- C:\WINNT\system32\ulokufiw.ini
2008-12-06 19:07:42 ----SH---- C:\WINNT\system32\enolopij.ini
2008-12-06 07:07:21 ----SH---- C:\WINNT\system32\eyehumut.ini
2008-12-05 19:07:43 ----SH---- C:\WINNT\system32\aguvutun.ini
2008-12-05 07:06:57 ----SH---- C:\WINNT\system32\ebugitoz.ini
2008-12-04 19:12:58 ----SH---- C:\WINNT\system32\etetimol.ini
2008-12-03 19:49:13 ----SH---- C:\WINNT\system32\uvudaziz.ini
2008-12-03 06:43:34 ----SH---- C:\WINNT\system32\abawelek.ini
2008-12-02 18:33:44 ----SH---- C:\WINNT\system32\uhosupok.ini
2008-12-02 18:33:08 ----A---- C:\WINNT\system32\zpeng25.dll
2008-12-02 18:33:08 ----A---- C:\WINNT\system32\~GLH0020.TMP
2008-12-02 06:33:23 ----SH---- C:\WINNT\system32\odiwiyas.ini
2008-12-02 03:32:54 ----SH---- C:\WINNT\system32\uvasigug.ini
2008-12-01 15:32:06 ----SH---- C:\WINNT\system32\enayevoh.ini
2008-11-29 15:30:47 ----SH---- C:\WINNT\system32\apumiyef.ini
2008-11-29 15:06:42 ----A---- C:\WINNT\system32\~.exe
2008-11-28 22:15:26 ----D---- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
2008-11-16 16:21:32 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-16 16:21:32 ----D---- C:\Documents and Settings\Administrator\Application Data\Yahoo!
2008-11-16 16:15:31 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-16 16:14:24 ----D---- C:\Program Files\Nick Jr. Arcade
2008-11-12 19:04:25 ----D---- C:\d0df50495f69bff48a
2008-11-12 19:03:47 ----HDC---- C:\WINNT\$NtUninstallKB957097$
2008-11-12 19:03:08 ----HDC---- C:\WINNT\$NtUninstallKB954459$
2008-11-12 19:02:17 ----HDC---- C:\WINNT\$NtUninstallKB955069$
2008-11-12 03:00:49 ----D---- C:\eeb06ce8dcdaf5ce689b482aa93a03

======List of files/folders modified in the last 1 months======

2008-12-07 19:06:35 ----D---- C:\WINNT\Prefetch
2008-12-07 19:06:08 ----D---- C:\Program Files
2008-12-07 19:04:15 ----D---- C:\WINNT\Internet Logs
2008-12-07 18:53:49 ----A---- C:\WINNT\ModemLog_Smart Link 56K Modem.txt
2008-12-07 18:52:39 ----D---- C:\WINNT\Temp
2008-12-07 18:51:37 ----D---- C:\WINNT
2008-12-07 18:49:29 ----A---- C:\WINNT\SchedLgU.Txt
2008-12-07 15:42:35 ----D---- C:\WINNT\system32
2008-12-07 15:06:46 ----A---- C:\rollback.ini
2008-12-07 14:38:08 ----SHD---- C:\WINNT\Installer
2008-12-07 14:36:06 ----D---- C:\Program Files\Java
2008-12-07 14:04:45 ----D---- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-12-07 13:32:21 ----D---- C:\WINNT\system32\drivers
2008-12-07 12:33:37 ----ASH---- C:\WINNT\system32\wifukolu.dll
2008-12-07 12:33:33 ----ASH---- C:\WINNT\system32\defadegi.dll
2008-12-07 12:11:45 ----D---- C:\WINNT\system32\CatRoot2
2008-12-06 19:07:37 ----ASH---- C:\WINNT\system32\jipolone.dll
2008-12-06 19:07:35 ----ASH---- C:\WINNT\system32\nerefone.dll
2008-12-06 07:07:24 ----ASH---- C:\WINNT\system32\zikeyame.dll
2008-12-06 07:07:20 ----N---- C:\WINNT\system32\tumuheye.dll
2008-12-05 19:07:14 ----N---- C:\WINNT\system32\nutuvuga.dll
2008-12-05 19:07:14 ----ASH---- C:\WINNT\system32\fejahawo.dll
2008-12-05 19:07:07 ----ASH---- C:\WINNT\system32\sanapuyi.dll
2008-12-05 10:11:07 ----D---- C:\WINNT\system32\ZoneLabs
2008-12-05 07:06:47 ----N---- C:\WINNT\system32\zotigube.dll
2008-12-05 07:06:45 ----ASH---- C:\WINNT\system32\huwiyuke.dll
2008-12-04 20:13:12 ----AC---- C:\WINNT\ntbtlog.txt
2008-12-04 19:12:55 ----N---- C:\WINNT\system32\lomitete.dll
2008-12-04 19:12:54 ----A---- C:\WINNT\system32\zibuzuhu.dll
2008-12-04 18:06:01 ----ASH---- C:\WINNT\system32\pinapuwe.dll
2008-12-03 19:49:08 ----ASH---- C:\WINNT\system32\yamomenu.dll
2008-12-03 18:49:09 ----ASH---- C:\WINNT\system32\zibuyubo.dll
2008-12-03 18:49:09 ----ASH---- C:\WINNT\system32\rohebiyi.dll
2008-12-03 06:39:33 ----ASH---- C:\WINNT\system32\kelewaba.dll
2008-12-03 06:39:33 ----ASH---- C:\WINNT\system32\dokanisu.dll
2008-12-02 18:33:40 ----ASH---- C:\WINNT\system32\pojezija.dll
2008-12-02 18:33:38 ----ASH---- C:\WINNT\system32\kopusohu.dll
2008-12-02 18:30:07 ----D---- C:\WINNT\WinSxS
2008-12-02 06:33:20 ----N---- C:\WINNT\system32\sayiwido.dll
2008-12-02 06:33:20 ----ASH---- C:\WINNT\system32\zanamalo.dll
2008-12-02 03:32:20 ----ASH---- C:\WINNT\system32\setorera.dll
2008-12-02 03:32:18 ----N---- C:\WINNT\system32\gugisavu.dll
2008-12-01 20:23:14 ----D---- C:\Program Files\RecordNow
2008-12-01 15:31:55 ----ASH---- C:\WINNT\system32\fozihiha.dll
2008-12-01 15:31:54 ----N---- C:\WINNT\system32\hoveyane.dll
2008-11-28 22:15:15 ----D---- C:\Program Files\MSN
2008-11-28 22:14:59 ----HD---- C:\WINNT\inf
2008-11-12 19:03:50 ----RSHD---- C:\WINNT\system32\dllcache
2008-11-12 19:03:40 ----HD---- C:\WINNT\$hf_mig$
2008-11-12 19:03:15 ----A---- C:\WINNT\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINNT\system32\DRIVERS\klif.sys [2008-09-18 148496]
R1 SSHDRV64;SSHDRV64; \??\C:\WINNT\System32\drivers\SSHDRV64.sys []
R1 vsdatant;vsdatant; C:\WINNT\System32\vsdatant.sys [2008-10-09 353680]
R2 ASCTRM;ASCTRM; C:\WINNT\system32\drivers\ASCTRM.sys [2003-11-06 8552]
R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINNT\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINNT\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINNT\system32\drivers\ctsfm2k.sys [2005-12-08 142336]
R3 E100B;Intel® PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-01-29 16168]
R3 MauiIIIG;Emuzed Maui III-G Device; C:\WINNT\System32\DRIVERS\MauiIIIG.sys [2003-10-23 175232]
R3 Mtlmnt5;Mtlmnt5; C:\WINNT\System32\DRIVERS\Mtlmnt5.sys [2003-05-20 210592]
R3 Mtlstrm;Mtlstrm; C:\WINNT\System32\DRIVERS\Mtlstrm.sys [2003-05-20 1295472]
R3 MxlW2k;MxlW2k; C:\WINNT\system32\drivers\MxlW2k.sys [2007-03-04 28352]
R3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2003-10-06 1550043]
R3 ossrv;Creative OS Services Driver; C:\WINNT\system32\drivers\ctoss2k.sys [2005-12-08 114688]
R3 P17;Sound Blaster Audigy; C:\WINNT\system32\drivers\P17.sys [2006-03-17 1163264]
R3 p17filt;p17filt; C:\WINNT\system32\drivers\p17filt.sys [2006-03-20 1452032]
R3 Pcouffin;Low level access layer for CD devices; C:\WINNT\System32\Drivers\Pcouffin.sys [2004-02-20 34528]
R3 Pfc;Padus ASPI Shell; C:\WINNT\system32\drivers\pfc.sys [2003-09-03 10368]
R3 RecAgent;recagent; \??\C:\WINNT\System32\DRIVERS\RecAgent.sys []
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINNT\System32\DRIVERS\slntamr.sys [2003-05-13 521408]
R3 SlNtHal;SlNtHal; C:\WINNT\System32\DRIVERS\Slnthal.sys [2003-05-20 85688]
R3 SlWdmSup;SlWdmSup; C:\WINNT\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Keyboard HID Driver; C:\WINNT\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel® Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-08-03 120094]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel® Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-08-03 96858]
S3 ac97intc;Intel® 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-04-01 4816]
S3 Arp1394;1394 ARP Client Protocol; C:\WINNT\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ctac32k;Creative AC3 Software Decoder; C:\WINNT\system32\drivers\ctac32k.sys [2003-01-21 135040]
S3 ctaud2k;Creative Audio Driver (WDM); C:\WINNT\system32\drivers\ctaud2k.sys [2003-01-21 497376]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINNT\system32\drivers\ctdvda2k.sys [2003-01-21 286384]
S3 ctprxy2k;Creative Proxy Driver; C:\WINNT\system32\drivers\ctprxy2k.sys [2003-01-21 6144]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINNT\System32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINNT\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINNT\System32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 emupia;E-mu Plug-in Architecture Driver; C:\WINNT\system32\drivers\emupia2k.sys [2003-01-21 116000]
S3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINNT\system32\drivers\ha10kx2k.sys [2003-01-21 822416]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINNT\system32\drivers\hap16v2k.sys [2003-01-21 139936]
S3 HidIr;Microsoft Infrared HID Driver; C:\WINNT\System32\DRIVERS\hidir.sys [2008-04-13 19200]
S3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-08-03 91419]
S3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINNT\System32\DRIVERS\IrBus.sys [2008-04-13 46592]
S3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MsnDslLn;Microsoft MSN™ DSL 1000 Modem Driver; C:\WINNT\System32\DRIVERS\MsnDslLn.sys [2002-07-08 28832]
S3 MsnDslUs;Microsoft MSN™ DSL 1000 Modem Interface Device Driver; C:\WINNT\System32\DRIVERS\MsnDslUs.sys [2002-07-08 46880]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINNT\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 NtMtlFax;NtMtlFax; C:\WINNT\System32\DRIVERS\NtMtlFax.sys [2003-05-19 169120]
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINNT\system32\DRIVERS\point32.sys [2006-11-08 21760]
S3 RapFile;RapFile; \??\C:\WINNT\System32\drivers\RapFile.sys []
S3 RapNet;RapNet; \??\C:\WINNT\System32\drivers\RapNet.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2003-03-18 542976]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINNT\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINNT\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINNT\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 sscdserd;SAMSUNG Mobile Modem Diagnostic Serial Port (WDM); C:\WINNT\system32\DRIVERS\sscdserd.sys [2007-07-03 86824]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINNT\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINNT\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [2003-08-06 1376360]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINNT\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ehSched;Media Center Scheduler Service; C:\WINNT\ehome\ehSched.exe [2008-04-13 84992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-07 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINNT\System32\nvsvc32.exe [2003-10-06 81920]
R2 SLService;SmartLinkService; C:\WINNT\system32\slserv.exe [2003-05-20 45056]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINNT\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 vsmon;TrueVector Internet Monitor; C:\WINNT\system32\ZoneLabs\vsmon.exe [2008-10-09 2405776]
R2 WANMiniportService;WAN Miniport (ATW) Service; C:\WINNT\wanmpsvc.exe [2003-01-10 65536]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-09-05 389448]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-17 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.04 2008-12-07 19:07:26

======Uninstall list======

-->"C:\Program Files\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\CTCMSGO\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /l0x0009
-->"C:\Program Files\Creative\SBAudigy\Program\SETUP.EXE" /S /U /W
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->C:\WINNT\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINNT\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
-->C:\WINNT\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2670895A-4E6C-4450-B868-7B7DB80A3357}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX-->C:\WINNT\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player-->C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
Ahead Nero BurnRights-->C:\WINNT\UNNeroBurnRights.exe /UNINSTALL
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Coach Version 1.0(Build:20030807.3)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\Setup.exe" -l0x9
BitTorrent 3.4.2-->"C:\Program Files\BitTorrent\uninstall.exe"
Blackhawk Striker from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\70216ACD-1547-44E5-8966-615BE9569EAD\Uninstall.exe"
Blasterball 2 from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4AF3F682-FE2A-488D-A11C-A0470A325E93\Uninstall.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Bounce Symphony from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\AA4162B8-1BB1-4110-8F93-0092D4DEF122\Uninstall.exe"
Broderbund Home Design 5.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{EA10FC33-3DBC-4268-A90E-1681760FD417}
Candy Land - Dora the Explorer Edition-->C:\PROGRA~1\NICKJR~1.ARC\CANDYL~1\UNWISE.EXE C:\PROGRA~1\NICKJR~1.ARC\CANDYL~1\INSTALL.LOG
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP600 User Registration-->C:\Program Files\Canon\IJEREG\MP600\UNINST.EXE
Canon MP600-->"C:\WINNT\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CD Wave Editor version 1.94.4-->"C:\Program Files\CD Wave\unins000.exe"
Creative Driver-->C:\WINNT\System32\ctdrvins /s /u
Creative EAX Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\setup.exe" -l0x9 /remove
Creative Software AutoUpdate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Desktop Alert-->C:\WINNT\uninstall.exe "Desktop Alert"
DoMore-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5B26C1E-4751-4F03-BC18-634F41F31EC6}\setup.exe" -l0x9
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DVD X Copy Platinum 4.0.3-->"C:\Program Files\321Studios\Platinum\uninstall.exe"
DVD X Rescue-->C:\PROGRA~1\321STU~1\DVDXRE~1\UNWISE.EXE C:\PROGRA~1\321STU~1\DVDXRE~1\INSTALL.LOG
DVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Easy-WebPrint-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Edmark MindTwister Math-->C:\WINNT\unvise32.exe C:\Program Files\Edmark\MindTwister Math\uninstal.log
Educated Investor Guide to Personal Finance-->MsiExec.exe /I{E2FE6C50-6717-49AA-9019-9C2723E43AAB}
eMusic - 50 Free MP3 offer-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Excavation from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\ADFCE1E4-A420-437C-998D-EAF04E3601BE\Uninstall.exe"
Five Card Frenzy from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\97D31CB6-F2B5-4875-B6B0-8AF75AC414DB\Uninstall.exe"
FLAC Installer 1.1.2a (remove only)-->C:\Program Files\FLAC\uninstall.exe
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
Gateway Ink Monitor-->MsiExec.exe /X{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}
Gateway Rhapsody-->"C:\Program Files\Gateway Rhapsody\Unwise32.exe" C:\PROGRA~1\GATEWA~1\Install.log
Gateway Rhapsody-->"C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20BBF229-A337-40AD-9FEB-2C98CDA53D1C /Prompt
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet 3740-->msiexec /x{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}
HP DVD Writer-->"C:\Program Files\HP DVD\Support\Uninstall.exe" /UNINSTALL
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
IBM ViaVoice Command and Control Runtime 5.3-->C:\ViaVoice\Bin\vunUS.exe ProdRunControl Dc En_US 'IBM ViaVoice™ Command and Control Runtime' C:\WINNT\IsUninst.exe -fC:\ViaVoice\DeIsL1.isu
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINNT\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
iPod for Windows 2006-06-28-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1033
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
JumpStart Advanced 1st Grade-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UnJSA1G.exe
JumpStart Art Club-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSArtClubUn.exe
Jumpstart First Grade v1.4-->C:\WINNT\IsUninst.exe -fC:\KA\FG\DeIsL1.isu
JumpStart Kindergarten 98-->C:\WINNT\IsUninst.exe -fC:\KA\KG98\DeIsL1.isu
JumpStart Music-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSMusicUn.exe
JumpStart Parent Resource Center v1.0-->C:\WINNT\IsUninst.exe -fC:\KA\PRC\DeIsL1.isu
JumpStart Phonics-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\UNJSPhon.exe
JumpStart Preschool v2.0-->C:\WINNT\IsUninst.exe -fC:\KA\PRSCHL99\DeIsL1.isu
JumpStart Spanish-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSSpanUn.exe
JumpStart Spy Masters Training-->C:\WINNT\IsUninst.exe -f"C:\Program Files\JumpStart\JumpStart Spy Masters Training\DeIsL1.isu"
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Linksys EasyLink Advisor 1.6 (0032)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
MathPlayer-->C:\Program Files\Design Science\MathPlayer\Setup.exe -u
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Data Access Components KB870669-->C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft MSN™ DSL 1000 Modem-->C:\Program Files\Microsoft Network\DSL 1000 USB Modem\MSNUnist.exe -w7 Microsoft\MSN™ DSL 1000 Modem
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo Premium 9-->C:\WINNT\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)-->MsiExec.exe /X{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}
Microsoft Streets and Trips 2004-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790210}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works 2004 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe d:\
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Microsoft Works-->MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
MSN Encarta Plus Support Files-->MsiExec.exe /I{00000000-785F-478A-BAA2-87F1A136068C}
MSN Money Investment Toolbox-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer DVD Edition - HPC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69E84B43-8227-4DC3-A4E4-CAB022DCF858}\Setup.exe" -l0x9
NVIDIA Display Driver-->C:\WINNT\System32\nvudisp.exe Uninstall C:\WINNT\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINNT\System32\nvinstnt.dll,NvUninstallNT4 nvgw.inf
OLYMPUS CAMEDIA Master 4.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30BB4D60-81DB-11D5-BB77-00400536ABAC}\setup.exe" CAMEDIA Master 4.2
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{DF821FC5-C198-452B-A0D4-82433EFEAE9B}
Orbital from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BECB8A74-E07D-44A1-813D-1E390EB3047B\Uninstall.exe"
Otto from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5A137FCB-35EA-4849-8239-AFEBD2F45B3B\Uninstall.exe"
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Overball from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24\Uninstall.exe"
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
Pinnacle Expression-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70B4227A-CA3A-4516-9E93-D419ECEE2834}\Setup.exe" -l0x9 UNINSTALLUNINSTALL
Polar Bowler from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C4D2212B-5331-470D-9BF7-96DB25A398C7\Uninstall.exe"
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
Quicken WillMaker Plus 2005-->C:\WINNT\unvise32.exe C:\Program Files\Quicken WillMaker Plus 2005\uninstal.log
QuickTime for Windows (32-bit)-->C:\WINNT\QTW32DEL.EXE
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
QwestDex Live! (Component)-->"C:\WINNT\Downloaded Program Files\qst\uninst-axi.exe"
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{C1E693A4-B1D5-4DCD-B68D-2087835B7184}
Scholastic's I SPY Fantasy-->C:\PROGRA~1\SCHOLA~1\ISPYFA~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYFA~1\INSTALL.LOG
Scholastic's I SPY Mystery-->C:\PROGRA~1\SCHOLA~1\ISPYMY~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYMY~1\INSTALL.LOG
Scholastic's I SPY Spooky Mansion Deluxe-->C:\PROGRA~1\SCHOLA~1\ISPYSP~1\UNWISE.EXE C:\PROGRA~1\SCHOLA~1\ISPYSP~1\INSTALL.LOG
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINNT\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINNT\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINNT\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINNT\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINNT\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shockwave-->C:\WINNT\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Slyder from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\618CD711-AFB3-4EB4-9B48-ABD2AB370B21\Uninstall.exe"
Smart Link 56K Modem-->C:\Documents and Settings\Administrator\My Documents\My Downloads\Norton Internet Security\setup.exe /Remove
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic PrimeTime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DA9061C-A8C6-4B0E-BF2B-1E444D8642E3}\Setup.exe" -l0x9 -L0x9 /SMAINT
Sonic Simple Backup-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
Starware358 4.4.1.0-->C:\Program Files\Starware358\Starware358Uninstall.exe
Studio 9.0.4-->C:\PROGRA~1\Pinnacle\SHARED~1\UNWISE.EXE C:\PROGRA~1\Pinnacle\SHARED~1\INSTALL.LOG
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax ItsDeductible 2006-->MsiExec.exe /X{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINNT\$NtUninstallKB951978$\spuninst\spuninst.exe"
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Window Washer-->C:\WINNT\Unwash6.exe
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Customizations-->C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Internet Mail-->C:\WINNT\System32\regsvr32 /u /s C:\WINNT\DOWNLO~1\ymmapi.dll
Yahoo! Messenger Explorer Bar-->C:\WINNT\System32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall

======Environment variables======

"COLLECTIONID"=COL8143
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"HMSERVER"=https://wwss1proa.cce.hp.com/wuss/servlet/WUSSServlet
"ITEMID"=dj-22741-15
"LANG"=1033
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"OSVER"=winXPP
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Sonic Shared;C:\Program Files\PC-Doctor for Windows\services;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier";C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"SESSIONID"=1135023636685htx60601a16b0d:10868598496:5f5a
"SWUTVER"=1.0.3.1
"TEMP"=%SystemRoot%\TEMP
"TIMEOUT"=0
"TMP"=%SystemRoot%\TEMP
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"UPDATEDIR"=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rad23E27.tmp
"VERSION"=3.0.5.001
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, December 7, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, December 07, 2008 18:38:47
Records in database: 1442673
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - Critical Areas:
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Program Files
C:\WINNT

Scan statistics:
Files scanned: 64200
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:02:49

No malware has been detected. The scan area is clean.

The selected area was scanned.

BC AdBot (Login to Remove)

 


#2 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:33 AM

Posted 15 December 2008 - 01:12 PM

We'll begin with ComboFix. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the combofix log and a new HijackThis log as a reply to this topic.

#3 Mob-ruhls

Mob-ruhls
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 19 December 2008 - 10:12 PM

Thanks for your reply. I seemed to have eliminated my virus by following instructions in a forum post on my security suite's website. It instructed to download a 3rd party malware scanner which found and removed the virus.

Should I have further issues, I will repost. Thanks again for your help.

#4 random/random

random/random

  • Malware Response Team
  • 2,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:33 AM

Posted 20 December 2008 - 08:45 AM

Since this issue appears to be resolved, this topic is now closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users