Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Ad and audio opening


  • This topic is locked This topic is locked
4 replies to this topic

#1 jwoodscant

jwoodscant

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 24 November 2009 - 10:51 AM

You guys are great for offering this service. If only we could get the hackers to stop making the malware, life would be great.

Randomly, various ads and audio open up even when IE or Firefox is not running. Did a restore last week, helped for about 4 days. I could not run DDS.scr had to rename to dds.exe.


DDS (Ver_09-11-24.02) - NTFSx86
Run by jrw at 10:22:22.54 on Tue 11/24/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.85 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\jrw\My Documents\Downloads\RootRepeal.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jrw\My Documents\Downloads\dds.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll
BHO: precisead: {72d5f22e-7e30-5eda-41f2-ae82766367bc} - c:\windows\system32\nso15A.dll
BHO: precisead search enhancer: {843bbfe8-5e43-e8ed-5eb1-140923391267} - c:\windows\system32\iejjsbvnes.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: precisead browser enhancer: {c0dd469f-3c88-f66b-a118-bc6ffd14a48a} - c:\windows\system32\xzgedkopov.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll
TB: Intuit QuickenPicks Toolbar : {92c7eaff-a661-44b6-9db3-bcf536744ada} - c:\program files\quickenpicks_toolbar\qnpxb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: Search panel: {0e6db493-7031-d037-a8cb-26f07780e08e} - c:\windows\system32\iejjsbvnes.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [irqcuwzgporbtl] c:\windows\system32\regsvr32.exe /s "c:\windows\system32\xzgedkopov.dll"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {3C7339CF-3B05-4506-B3F3-F3508C6235AB} - c:\windows\system32\javac.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jrw\applic~1\mozilla\firefox\profiles\ub9u6ekf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.foxnews.com/
FF - component: c:\program files\mozilla firefox\components\iejjsbvnes.dll
FF - plugin: c:\documents and settings\jrw\application data\mozilla\firefox\profiles\ub9u6ekf.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-13 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1184912]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-25 47640]
S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2003-9-2 20064]
S4 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\esri\license\arcgis9x\lmgrd.exe [2009-10-23 467968]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-28 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-11-24 13:31:56 0 d-----w- C:\SDFix
2009-11-13 13:18:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-13 12:09:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-13 12:09:31 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-13 12:07:56 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-13 12:07:37 0 d-----w- c:\program files\Lavasoft
2009-11-13 11:03:03 58341 ----a-w- c:\windows\system32\u_iejjsbvnes.dll.exe
2009-11-12 19:41:11 60026 ----a-w- c:\windows\system32\iejjsbvnes.dll-uninst.exe
2009-11-12 19:40:57 85733 ----a-w- c:\windows\system32\ddfd57e0-d665-05cd-5b07-5859367e6920.exe
2009-11-12 19:40:48 48283 ----a-w- c:\windows\system32\idgzhddvfoefkfdex.exe
2009-11-12 13:07:44 0 d--h--w- c:\windows\PIF
2009-11-12 12:56:28 0 d-----w- C:\PRELIM5
2009-11-12 12:54:44 0 d-----w- C:\Prelim 5
2009-11-11 19:19:14 0 d-----w- C:\f8bf31c5741ee9111c
2009-11-11 14:39:05 0 d-----w- C:\ArcGIS Desktop 9.2
2009-11-11 14:36:12 0 d-----w- c:\docume~1\jrw\applic~1\Azureus
2009-11-11 14:35:51 0 d-----w- c:\program files\Localhost
2009-11-10 17:06:57 81 ----a-w- C:\2012-clip1_1080p.mov
2009-11-10 17:02:22 0 d-----w- C:\wmdownloads
2009-11-10 16:48:20 0 d-----w- c:\program files\Microsoft Digital Image 10
2009-11-10 16:07:44 160059 ----a-w- C:\PQ VFD.pdf
2009-11-06 14:21:36 0 d-----w- c:\program files\Search Commands
2009-11-05 14:15:01 0 d-----w- c:\docume~1\jrw\applic~1\Windows Search
2009-11-05 14:04:23 0 d-----w- c:\docume~1\jrw\applic~1\Windows Desktop Search
2009-11-05 14:01:42 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-05 14:01:42 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-05 14:01:42 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-11-05 14:00:20 0 d-----w- c:\windows\system32\GroupPolicy
2009-11-05 14:00:20 0 d-----w- c:\program files\Windows Desktop Search
2009-11-05 13:59:10 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2009-11-05 13:59:10 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2009-11-05 13:59:10 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2009-11-05 13:54:59 3244 ----a-w- c:\windows\system32\wbem\Outlook_01ca5e1f906dd196.mof
2009-11-05 12:57:18 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-04 15:55:09 90158 ----a-w- C:\Document1.pdf
2009-11-03 13:00:29 403216 ----a-w- c:\windows\system32\msrepl35.dll
2009-11-03 13:00:29 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-11-03 13:00:29 290816 ----a-w- c:\windows\system32\msxbse35.dll
2009-11-03 13:00:29 254976 ----a-w- c:\windows\system32\msexcl35.dll
2009-11-03 13:00:29 253952 ----a-w- c:\windows\system32\mspdox35.dll
2009-11-03 13:00:29 169984 ----a-w- c:\windows\system32\msltus35.dll
2009-11-03 13:00:29 166912 ----a-w- c:\windows\system32\mstext35.dll
2009-11-03 13:00:28 37136 ----a-w- c:\windows\system32\msjint35.dll
2009-11-03 13:00:28 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2009-11-03 13:00:28 24336 ----a-w- c:\windows\system32\msjter35.dll
2009-11-03 13:00:28 1039360 ----a-w- c:\windows\system32\msjet35.dll
2009-11-03 12:59:41 430080 ----a-w- c:\windows\system32\Vsflex7L.ocx
2009-11-03 12:59:40 2602496 ----a-w- c:\windows\system32\TeeChart5.ocx
2009-11-03 12:59:39 421888 ----a-w- c:\windows\system32\hmiMFCModelingExt.dll
2009-11-03 12:59:37 0 d-----w- c:\program files\common files\Haestad
2009-11-03 12:59:32 335360 ------w- c:\windows\system32\Gds32.dll
2009-11-03 12:59:32 183808 ------w- c:\windows\system32\Bdeadmin.cpl
2009-11-03 12:59:32 154576 ------w- c:\windows\system32\Dbclient.dll
2009-11-03 12:59:28 0 d-----w- c:\program files\IntrBase
2009-11-03 12:59:19 89600 ----a-w- c:\windows\system32\Grid32.ocx
2009-11-03 12:59:19 84992 ----a-w- c:\windows\system32\atl70.dll
2009-11-03 12:59:16 47104 ----a-w- c:\windows\system32\wh2robo.dll
2009-11-03 12:59:15 164864 ----a-w- c:\windows\system32\Unwise32.exe
2009-11-03 12:59:15 1044480 ----a-w- c:\windows\system32\Roboex32.dll
2009-11-03 12:59:14 0 d-----w- c:\program files\Haestad
2009-11-03 12:53:13 67472 ----a-w- c:\windows\UnDeploy.exe
2009-11-03 12:53:13 0 d-----w- c:\program files\HydroCAD
2009-10-28 19:00:18 0 d-----w- c:\windows\Performance
2009-10-28 18:59:31 0 d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor

==================== Find3M ====================

2009-10-28 17:18:17 86088 ----a-w- c:\docume~1\jrw\applic~1\GDIPFONTCACHEV1.DAT
2009-10-23 12:14:45 494 ----a-w- C:\ESRIFloat.reg
2009-10-22 06:38:32 484864 ----a-w- c:\windows\system32\xzgedkopov.dll
2009-10-13 18:07:39 739752 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-10-13 18:07:39 133576 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-10-12 15:16:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-10 11:26:25 120320 ----a-w- c:\windows\system32\cliconfg32.dll
2009-10-09 17:02:24 1730 --sha-w- c:\windows\system32\GroupPolicy000.dat
2009-10-05 09:14:08 467456 ----a-w- c:\windows\system32\iejjsbvnes.dll
2009-10-02 10:01:22 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-02 10:01:21 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-10-02 10:01:21 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-09-22 11:19:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-09-16 15:16:56 412200 ----a-w- c:\windows\olch2d32.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2003-07-28 10:16:52 36864 ----a-w- c:\windows\inf\i386\Vizmicro.dll
2003-07-28 10:16:26 172032 ----a-w- c:\windows\inf\i386\viceo.dll
2003-07-28 10:01:10 36207 ----a-w- c:\windows\inf\i386\9320FW.bin
2003-07-28 10:01:10 274432 ----a-w- c:\windows\inf\i386\9320LLD.dll
2003-07-28 10:01:10 155648 ----a-w- c:\windows\inf\i386\rtscan.dll
2001-08-03 22:29:18 13824 ----a-w- c:\windows\inf\i386\Usbscan.sys

============= FINISH: 10:29:15.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:28 PM

Posted 29 November 2009 - 12:00 PM

Hello,

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and
we are trying our best to keep up.

My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if you
would let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 jwoodscant

jwoodscant
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 30 November 2009 - 07:12 AM

Have not solved it yet, thank you for your help.

info.txt logfile of random's system information tool 1.06 2009-11-30 07:04:42

======Uninstall list======

-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AcroPlot-->MsiExec.exe /I{2015C4C8-56E6-485D-A743-7C21861C7EB8}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat 9 Pro Extended - English, Franšais, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat 9.2.0 - CPSID_50026-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
AnswerWorks 5.0 English Runtime-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}\setup.exe" -l0x9 -uninst -removeonly
AOL Radio Toolbar-->"C:\Program Files\AOL Radio Toolbar\uninstall.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcGIS Desktop-->MsiExec.exe /I{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}
ArcGIS License Manager-->C:\PROGRA~1\ESRI\License\arcgis9x\UNWISE32.EXE C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS~1.LOG "License Manager"
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD Civil 3D 2008-->C:\Program Files\AutoCAD Civil 3D 2008\Setup\Setup.exe /P {5783F2D7-6000-0409-0002-0060B0CE6BBA} /M C3D
AutoCAD Civil 3D Land Desktop Companion 2008-->C:\Program Files\AutoCAD Civil 3D Land Desktop Companion 2008\Setup\Setup.exe /P {5783F2D7-6018-0409-0002-0060B0CE6BBA} /M ACAD
AutoCAD Raster Design 2008-->MsiExec.exe /I{65298656-E224-4407-8B77-3C5402A05262}
Autodesk Design Review 2008-->MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057}
BDE 5.01-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Borland\Common Files\Bde\BDEUninst.isu" -c"C:\Program Files\Borland\Common Files\Bde\Uninst.dll"
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Contextual Tool Precisead-->C:\WINDOWS\system32\ddfd57e0-d665-05cd-5b07-5859367e6920.exe
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
FlexUnits-->C:\WINDOWS\system32\Unwise32.exe /U "C:\PROGRA~1\COMMON~1\Haestad\FlexUnits\Install.log" FlexUnits by Haestad Methods
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.33\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{3A05B900-A3E7-11DE-A9B7-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
HydroCAD-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\HydroCAD\Deploy.log"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel® PRO Network Connections Drivers-->Prounstl.exe
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
KONICA MINOLTA magicolor 4650-->C:\PROGRA~1\KONICA~1\PRINTE~1\mc4650\setup.exe /UinsOnly:10 C:\PROGRA~1\KONICA~1\PRINTE~1\mc4650\setup.exe Setup.ini /UnInst /LANG:0409
KONICA MINOLTA PageScope Box Operator 3.2.01000-->MsiExec.exe /I{2F892D3E-3F96-4518-B715-F8D5A6E256DF}
Localhost-->"C:\Program Files\Localhost\uninstall.exe"
LogMeIn-->MsiExec.exe /I{84713778-D9A9-4130-A811-DF3187827B05}
magicolor 2300 DL-->MUINST_B.EXE /PRN:"magicolor 2300 DL"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Digital Image Suite 10-->"C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=SUITE
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
PDF-XChange 3-->"C:\Program Files\AcroPlot\unins000.exe"
PosiSoft.2.16.00.13-->MsiExec.exe /X{3DD4D410-744E-4894-9412-FC36AAABCBBC}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
Python 2.4.1-->C:\Python24\\Python24\UNWISE.EXE C:\Python24\\Python24\INSTALL.LOG
Quicken 2009-->MsiExec.exe /X{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}
Quicken Picks Toolbar-->"C:\Program Files\QuickenPicks_Toolbar\qnpxt.exe" unqnpx
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Registry Mechanic 5.1-->"C:\Program Files\Registry Mechanic\unins000.exe"
RON Too1 Precisead-->C:\WINDOWS\system32\idgzhddvfoefkfdex.exe
Search Assistant Precisead-->C:\WINDOWS\system32\u_iejjsbvnes.dll.exe
Search Commands from Microsoft Office Labs-->MsiExec.exe /I{2DBF9D2F-522F-4B19-8679-3539CC38EB5F}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sentinel System Driver 5.42.1 (32-bit)-->MsiExec.exe /I{F02598C2-2A5F-4593-8F09-439F3317B2C8}
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Tweak UI-->"C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (kb975960)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F1AB1BED-7477-4D5A-BD0C-04C2109459A5}
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visioneer OneTouch 9320-->C:\PROGRA~1\VISION~2\UNWISE.EXE C:\PROGRA~1\VISION~2\INSTALL.LOG
Visioneer PaperPort 6.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Visioneer\PaperPort\Config\DeIsL1.isu" -y -c"C:\Program Files\Visioneer\PaperPort\UnInstl2.dll"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WaterCAD 6.5 by Haestad Methods-->C:\PROGRA~1\Haestad\WTRC\DELHMI3.EXE C:\PROGRA~1\Haestad\WTRC\WTRCARX.SLL
WaterCAD Assembly Files-->MsiExec.exe /I{5F2B79E2-2A1C-4809-BD86-C2914F91A6AA}
Windows 7 Upgrade Advisor-->MsiExec.exe /I{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Security center information======

AV: CA Anti-Virus

======System event log======

Computer Name: JOHN
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 2513
Source Name: Cdrom
Time Written: 20091026061009.000000-240
Event Type: error
User:

Computer Name: JOHN
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 2512
Source Name: Cdrom
Time Written: 20091026061002.000000-240
Event Type: error
User:

Computer Name: JOHN
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 2511
Source Name: Cdrom
Time Written: 20091026060955.000000-240
Event Type: error
User:

Computer Name: JOHN
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 2510
Source Name: Cdrom
Time Written: 20091026060947.000000-240
Event Type: error
User:

Computer Name: JOHN
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 2509
Source Name: Cdrom
Time Written: 20091026060940.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: JOHN
Event Code: 10005
Message: Product: ArcGIS Desktop -- Internal Error 2753. StripSlash.EXE.31E96541_5977_446A_9397_22DA57E04BAB

Record Number: 905
Source Name: MsiInstaller
Time Written: 20091023092633.000000-240
Event Type: error
User: JOHN\jrw

Computer Name: JOHN
Event Code: 11706
Message: Product: ArcGIS Desktop -- Error 1706. No valid source could be found for product ArcGIS Desktop. Windows Installer cannot continue.

Record Number: 904
Source Name: MsiInstaller
Time Written: 20091023092449.000000-240
Event Type: error
User: JOHN\jrw

Computer Name: JOHN
Event Code: 10005
Message: Product: ArcGIS Desktop -- Internal Error 2753. StripSlash.EXE.31E96541_5977_446A_9397_22DA57E04BAB

Record Number: 903
Source Name: MsiInstaller
Time Written: 20091023092027.000000-240
Event Type: error
User: JOHN\jrw

Computer Name: JOHN
Event Code: 1517
Message: Windows saved user JOHN\jrw registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 894
Source Name: Userenv
Time Written: 20091023081618.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JOHN
Event Code: 1517
Message: Windows saved user JOHN\jrw registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 872
Source Name: Userenv
Time Written: 20091022141044.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\KONICA MINOLTA\PageScope Box Operator3\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Raster Design 2008\;C:\PROGRA~1\COMMON~1\Haestad;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0404
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"PYTHONPATH"=C:\Program Files\ArcGIS\bin
"ARCGISHOME"=C:\Program Files\ArcGIS\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Logfile of random's system information tool 1.06 (written by random/random)
Run by jrw at 2009-11-30 07:04:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 108 GB (71%) free of 153 GB
Total RAM: 1022 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:04:39 AM, on 11/30/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\jrw\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\jrw.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Radio Toolbar Loader - {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O2 - BHO: precisead - {72d5f22e-7e30-5eda-41f2-ae82766367bc} - C:\WINDOWS\system32\nso15A.dll
O2 - BHO: precisead search enhancer - {843BBFE8-5E43-E8ED-5EB1-140923391267} - C:\WINDOWS\system32\iejjsbvnes.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: precisead browser enhancer - {C0DD469F-3C88-F66B-A118-BC6FFD14A48A} - C:\WINDOWS\system32\xzgedkopov.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AOL Radio Toolbar - {9167da98-6f9b-46f1-991d-826cae46cab6} - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll
O3 - Toolbar: Intuit QuickenPicks Toolbar - {92C7EAFF-A661-44B6-9DB3-BCF536744ADA} - C:\Program Files\QuickenPicks_Toolbar\qnpxb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [irqcuwzgporbtl] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\xzgedkopov.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 6221 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as jrw at 9 14 AM.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{F3E82426-FF8F-4D50-850C-5A14F6920649}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2abdb2f7-4cbf-4939-ba12-fddc827b6a2d}]
AOL Radio Toolbar Loader - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll [2009-08-31 1308008]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72d5f22e-7e30-5eda-41f2-ae82766367bc}]
precisead - C:\WINDOWS\system32\nso15A.dll [2009-04-10 711680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{843BBFE8-5E43-E8ED-5EB1-140923391267}]
precisead search enhancer - C:\WINDOWS\system32\iejjsbvnes.dll [2009-10-05 467456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C0DD469F-3C88-F66B-A118-BC6FFD14A48A}]
precisead browser enhancer - C:\WINDOWS\system32\xzgedkopov.dll [2009-10-22 484864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{9167da98-6f9b-46f1-991d-826cae46cab6} - AOL Radio Toolbar - C:\Program Files\AOL Radio Toolbar\aolradiotb.dll [2009-08-31 1308008]
{92C7EAFF-A661-44B6-9DB3-BCF536744ADA} - Intuit QuickenPicks Toolbar - C:\Program Files\QuickenPicks_Toolbar\qnpxb.dll [2008-10-07 329016]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]
"irqcuwzgporbtl"=C:\WINDOWS\System32\regsvr32.exe [2008-04-14 11776]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-09-05 417792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-10-02 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-10-03 38768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-02-09 344064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID]
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2009-10-14 230664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray]
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2009-09-22 177392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\irqcuwzgporbtl]
C:\WINDOWS\System32\regsvr32.exe [2008-04-14 11776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OneTouch Monitor]
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [2003-08-18 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
c:\progra~1\vision~1\paperp~1\pptd40nt.exe [1999-04-13 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qnpxm]
C:\Program Files\QuickenPicks_Toolbar\qnpxt.exe [2008-10-07 300344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2009-09-22 14088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
C:\WINDOWS\stsystra.exe [2005-03-22 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-12 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [2008-05-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jrw^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\PROGRA~1\LimeWire\LimeWire.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3
"VETMSGNT"=2
"PPCtlPriv"=3
"MDM"=2
"JavaQuickStarterService"=2
"ITMRTSVC"=2
"idsvc"=3
"gupdate"=2
"CAISafe"=2
"CaCCProvSP"=3
"ATI Smart"=2
"Ati HotKey Poller"=2
"ArcGIS License Manager"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-10-02 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 2 months======

2009-11-30 07:04:16 ----D---- C:\Program Files\trend micro
2009-11-30 07:04:10 ----D---- C:\rsit
2009-11-26 16:11:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970483$
2009-11-26 16:10:45 ----HDC---- C:\WINDOWS\$NtUninstallKB953155$
2009-11-25 11:45:42 ----D---- C:\WINDOWS\IIS Temporary Compressed Files
2009-11-25 11:44:36 ----D---- C:\WINDOWS\system32\Cache
2009-11-25 11:44:00 ----A---- C:\WINDOWS\system32\snprfdll.dll
2009-11-25 11:44:00 ----A---- C:\WINDOWS\system32\smtpctrs.ini
2009-11-25 11:44:00 ----A---- C:\WINDOWS\system32\smtpctrs.dll
2009-11-25 11:43:59 ----A---- C:\WINDOWS\system32\regtrace.exe
2009-11-25 11:43:58 ----A---- C:\WINDOWS\system32\ntfsdrct.ini
2009-11-25 11:43:58 ----A---- C:\WINDOWS\system32\fcachdll.dll
2009-11-25 11:43:57 ----A---- C:\WINDOWS\system32\adsiisex.dll
2009-11-25 11:39:50 ----A---- C:\WINDOWS\system32\w3ctrs.ini
2009-11-25 11:39:49 ----A---- C:\WINDOWS\system32\w3svapi.dll
2009-11-25 11:39:49 ----A---- C:\WINDOWS\system32\w3ctrs.dll
2009-11-25 11:39:49 ----A---- C:\WINDOWS\system32\axperf.ini
2009-11-25 11:39:48 ----A---- C:\WINDOWS\system32\aspperf.dll
2009-11-25 11:39:46 ----A---- C:\WINDOWS\system32\iisrstap.dll
2009-11-25 11:39:46 ----A---- C:\WINDOWS\system32\iisreset.exe
2009-11-25 11:39:45 ----A---- C:\WINDOWS\system32\ftpsapi2.dll
2009-11-25 11:39:44 ----A---- C:\WINDOWS\system32\wamregps.dll
2009-11-25 11:39:43 ----A---- C:\WINDOWS\system32\inetsloc.dll
2009-11-25 11:39:42 ----A---- C:\WINDOWS\system32\iismui.dll
2009-11-25 11:39:41 ----A---- C:\WINDOWS\system32\infoctrs.ini
2009-11-25 11:39:40 ----A---- C:\WINDOWS\system32\infoctrs.dll
2009-11-25 11:39:39 ----A---- C:\WINDOWS\system32\convlog.exe
2009-11-25 11:39:39 ----A---- C:\WINDOWS\system32\admxprox.dll
2009-11-25 11:38:00 ----D---- C:\Inetpub
2009-11-25 06:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$
2009-11-25 06:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2009-11-24 10:36:15 ----A---- C:\RootRepeal report 11-24-09 (10-36-15).txt
2009-11-24 08:31:56 ----D---- C:\SDFix
2009-11-19 08:34:36 ----D---- C:\Documents and Settings\jrw\Application Data\ImgBurn
2009-11-19 08:33:07 ----D---- C:\Program Files\ImgBurn
2009-11-13 09:23:01 ----D---- C:\WINDOWS\system32\DRVSTORE
2009-11-13 08:18:52 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-11-13 07:07:56 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-13 07:07:37 ----D---- C:\Program Files\Lavasoft
2009-11-13 07:07:37 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-11-13 06:03:03 ----A---- C:\WINDOWS\system32\u_iejjsbvnes.dll.exe
2009-11-12 14:41:11 ----A---- C:\WINDOWS\system32\iejjsbvnes.dll-uninst.exe
2009-11-12 14:40:57 ----A---- C:\WINDOWS\system32\ddfd57e0-d665-05cd-5b07-5859367e6920.exe
2009-11-12 14:40:48 ----A---- C:\WINDOWS\system32\idgzhddvfoefkfdex.exe
2009-11-12 08:07:44 ----HD---- C:\WINDOWS\PIF
2009-11-12 07:56:28 ----D---- C:\PRELIM5
2009-11-12 07:54:44 ----D---- C:\Prelim 5
2009-11-11 14:19:14 ----D---- C:\f8bf31c5741ee9111c
2009-11-11 14:16:04 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-11 09:39:05 ----D---- C:\ArcGIS Desktop 9.2
2009-11-11 09:36:12 ----D---- C:\Documents and Settings\jrw\Application Data\Azureus
2009-11-11 09:35:51 ----D---- C:\Program Files\Localhost
2009-11-10 12:28:23 ----D---- C:\Documents and Settings\jrw\Application Data\Apple Computer
2009-11-10 12:09:33 ----D---- C:\Program Files\QuickTime
2009-11-10 12:09:32 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-11-10 12:09:11 ----D---- C:\Program Files\Common Files\Apple
2009-11-10 12:08:48 ----D---- C:\Program Files\Apple Software Update
2009-11-10 12:08:48 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-11-10 12:02:22 ----D---- C:\wmdownloads
2009-11-10 11:48:20 ----D---- C:\Program Files\Microsoft Digital Image 10
2009-11-07 03:17:33 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$
2009-11-06 09:21:36 ----D---- C:\Program Files\Search Commands
2009-11-05 09:15:01 ----D---- C:\Documents and Settings\jrw\Application Data\Windows Search
2009-11-05 09:04:23 ----D---- C:\Documents and Settings\jrw\Application Data\Windows Desktop Search
2009-11-05 09:01:42 ----A---- C:\WINDOWS\system32\muweb.dll
2009-11-05 09:01:42 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-11-05 09:01:42 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-11-05 09:00:20 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-11-05 09:00:20 ----D---- C:\Program Files\Windows Desktop Search
2009-11-05 09:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$
2009-11-05 08:59:21 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-11-05 08:12:01 ----D---- C:\Program Files\Microsoft Works
2009-11-05 08:08:26 ----D---- C:\Program Files\Microsoft.NET
2009-11-05 07:57:18 ----D---- C:\Program Files\Microsoft Visual Studio 8
2009-11-05 07:54:31 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-11-05 07:50:12 ----RHD---- C:\MSOCache
2009-11-03 08:00:29 ----A---- C:\WINDOWS\system32\vbar332.dll
2009-11-03 08:00:29 ----A---- C:\WINDOWS\system32\msxbse35.dll
2009-11-03 08:00:29 ----A---- C:\WINDOWS\system32\mstext35.dll
2009-11-03 08:00:29 ----A---- C:\WINDOWS\system32\msrepl35.dll
2009-11-03 08:00:29 ----A---- C:\WINDOWS\system32\mspdox35.dll
2009-11-03 08:00:29 ----A---- C:\WINDOWS\system32\msltus35.dll
2009-11-03 08:00:29 ----A---- C:\WINDOWS\system32\msexcl35.dll
2009-11-03 08:00:28 ----A---- C:\WINDOWS\system32\msrd2x35.dll
2009-11-03 08:00:28 ----A---- C:\WINDOWS\system32\msjter35.dll
2009-11-03 08:00:28 ----A---- C:\WINDOWS\system32\msjint35.dll
2009-11-03 08:00:28 ----A---- C:\WINDOWS\system32\msjet35.dll
2009-11-03 07:59:39 ----A---- C:\WINDOWS\system32\hmiMFCModelingExt.dll
2009-11-03 07:59:37 ----D---- C:\Program Files\Common Files\Haestad
2009-11-03 07:59:32 ----N---- C:\WINDOWS\system32\Gds32.dll
2009-11-03 07:59:32 ----N---- C:\WINDOWS\system32\Dbclient.dll
2009-11-03 07:59:28 ----D---- C:\Program Files\IntrBase
2009-11-03 07:59:28 ----D---- C:\Program Files\Borland
2009-11-03 07:59:19 ----A---- C:\WINDOWS\system32\atl70.dll
2009-11-03 07:59:16 ----A---- C:\WINDOWS\system32\wh2robo.dll
2009-11-03 07:59:15 ----A---- C:\WINDOWS\system32\Unwise32.exe
2009-11-03 07:59:15 ----A---- C:\WINDOWS\system32\Roboex32.dll
2009-11-03 07:59:14 ----D---- C:\Program Files\Haestad
2009-11-03 07:53:13 ----D---- C:\Program Files\HydroCAD
2009-11-03 07:53:13 ----A---- C:\WINDOWS\UnDeploy.exe
2009-10-28 14:00:18 ----D---- C:\WINDOWS\Performance
2009-10-28 13:59:31 ----D---- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2009-10-23 09:10:16 ----D---- C:\flexlm
2009-10-23 08:59:32 ----D---- C:\Program Files\ESRI
2009-10-23 08:42:02 ----D---- C:\ARCGIS 9.2
2009-10-23 08:25:28 ----D---- C:\WINDOWS\1F34839E48264B64B1B342E5AE8DEC5A.TMP
2009-10-23 07:16:00 ----D---- C:\WINDOWS\system32\appmgmt
2009-10-22 14:08:51 ----A---- C:\WINDOWS\system32\python24.dll
2009-10-22 14:06:42 ----D---- C:\Documents and Settings\jrw\Application Data\ESRI
2009-10-22 13:33:52 ----D---- C:\Documents and Settings\All Users\Application Data\ESRI
2009-10-22 13:32:21 ----D---- C:\Program Files\Common Files\ESRI
2009-10-22 13:28:44 ----D---- C:\Program Files\Common Files\AnswerWorks 4.0
2009-10-22 11:58:28 ----A---- C:\WINDOWS\system32\pxc25pm.dll
2009-10-22 11:58:27 ----A---- C:\WINDOWS\system32\unicows.dll
2009-10-22 11:58:13 ----D---- C:\Documents and Settings\jrw\Application Data\CADzation
2009-10-22 11:58:02 ----D---- C:\Program Files\AcroPlot
2009-10-22 09:53:42 ----D---- C:\Program Files\PowerISO
2009-10-20 11:54:16 ----D---- C:\temp
2009-10-20 11:14:11 ----D---- C:\Program Files\Raster Design 2008 OE
2009-10-20 11:13:46 ----D---- C:\Program Files\Raster Design 2008
2009-10-20 09:59:40 ----D---- C:\Program Files\AutoCAD Civil 3D Land Desktop Companion 2008
2009-10-20 09:59:40 ----D---- C:\Land Projects 2008
2009-10-20 09:01:42 ----D---- C:\Program Files\AutoCAD Civil 3D 2008
2009-10-20 09:01:42 ----D---- C:\Documents and Settings\jrw\Application Data\Autodesk
2009-10-20 09:01:42 ----D---- C:\Documents and Settings\All Users\Application Data\Autodesk
2009-10-20 09:01:42 ----D---- C:\Civil 3D Projects
2009-10-20 09:01:42 ----D---- C:\Civil 3D Project Templates
2009-10-20 08:59:47 ----D---- C:\Program Files\Common Files\Autodesk Shared
2009-10-20 08:59:47 ----D---- C:\Program Files\Autodesk
2009-10-20 08:58:33 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-10-20 08:44:40 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2009-10-20 08:43:49 ----A---- C:\WINDOWS\logfile.txt
2009-10-20 08:43:47 ----A---- C:\WINDOWS\system32\vizMicro.dll
2009-10-20 08:43:42 ----D---- C:\Program Files\Visioneer OneTouch
2009-10-20 08:37:44 ----A---- C:\WINDOWS\maxlink.ini
2009-10-20 08:37:44 ----A---- C:\WINDOWS\calera.ini
2009-10-20 08:37:42 ----D---- C:\Program Files\Common Files\Visioneer Shared
2009-10-20 08:37:40 ----N---- C:\WINDOWS\system32\VB40032.DLL
2009-10-20 08:37:40 ----N---- C:\WINDOWS\system32\UNIDRV.DLL
2009-10-20 08:37:39 ----N---- C:\WINDOWS\system32\JPEGACC.DLL
2009-10-20 08:37:39 ----N---- C:\WINDOWS\system32\IGLZW32S.DLL
2009-10-20 08:37:39 ----N---- C:\WINDOWS\system32\IGFPX32P.DLL
2009-10-20 08:37:39 ----N---- C:\WINDOWS\system32\GEAR32PD.DLL
2009-10-20 08:37:39 ----N---- C:\WINDOWS\system32\FPXIG.DLL
2009-10-20 08:37:33 ----N---- C:\WINDOWS\system32\WELSOF32.DLL
2009-10-20 08:37:31 ----D---- C:\Visioneer Documents
2009-10-20 08:37:31 ----D---- C:\Program Files\Visioneer
2009-10-20 08:37:04 ----A---- C:\WINDOWS\IsUninst.exe
2009-10-19 10:26:53 ----D---- C:\Program Files\MSECache
2009-10-19 09:28:49 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-10-19 09:28:48 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-10-15 12:22:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 12:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 12:19:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 12:19:12 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 12:19:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 12:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 12:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 12:17:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 12:17:01 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-12 13:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-12 10:17:02 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-12 10:17:02 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-12 10:17:02 ----A---- C:\WINDOWS\system32\java.exe
2009-10-12 10:17:02 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-10-12 10:15:49 ----D---- C:\Documents and Settings\jrw\Application Data\Sun
2009-10-09 12:16:41 ----D---- C:\Documents and Settings\jrw\Application Data\WinRAR
2009-10-09 12:16:30 ----D---- C:\Program Files\WinRAR
2009-10-09 12:02:24 ----D---- C:\WINDOWS\system32\LocalService
2009-10-09 12:02:20 ----A---- C:\WINDOWS\system32\cliconfg32.dll
2009-10-09 10:31:35 ----D---- C:\Documents and Settings\jrw\Application Data\LimeWire
2009-10-09 10:22:38 ----D---- C:\Program Files\Java
2009-10-05 04:14:08 ----A---- C:\WINDOWS\system32\iejjsbvnes.dll

======List of files/folders modified in the last 2 months======

2009-11-30 07:04:16 ----RD---- C:\Program Files
2009-11-30 07:04:03 ----D---- C:\WINDOWS\Prefetch
2009-11-30 06:56:01 ----D---- C:\Program Files\Mozilla Firefox
2009-11-30 06:01:58 ----D---- C:\Program Files\LogMeIn
2009-11-30 06:01:03 ----D---- C:\WINDOWS\Temp
2009-11-29 22:35:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-29 19:28:30 ----D---- C:\WINDOWS\system32\inetsrv
2009-11-27 07:10:22 ----SD---- C:\WINDOWS\Tasks
2009-11-27 06:01:36 ----D---- C:\WINDOWS
2009-11-27 06:00:23 ----D---- C:\WINDOWS\system32
2009-11-26 16:11:19 ----HD---- C:\WINDOWS\inf
2009-11-26 16:11:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-11-26 16:11:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-26 16:10:59 ----A---- C:\WINDOWS\imsins.BAK
2009-11-26 06:04:19 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-25 12:17:55 ----SHD---- C:\WINDOWS\Installer
2009-11-25 11:53:45 ----D---- C:\WINDOWS\security
2009-11-25 11:46:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-25 11:45:49 ----D---- C:\WINDOWS\Registration
2009-11-25 11:38:50 ----D---- C:\WINDOWS\Help
2009-11-25 06:41:03 ----D---- C:\WINDOWS\WinSxS
2009-11-24 10:17:49 ----D---- C:\WINDOWS\system32\drivers
2009-11-24 08:23:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-23 07:05:27 ----A---- C:\WINDOWS\QUICKEN.INI
2009-11-23 06:57:40 ----D---- C:\Program Files\Quicken
2009-11-23 06:57:40 ----D---- C:\Program Files\Common Files
2009-11-19 08:33:07 ----D---- C:\WINDOWS\CAVTemp
2009-11-13 07:00:11 ----D---- C:\WINDOWS\pss
2009-11-13 07:00:10 ----RASH---- C:\boot.ini
2009-11-13 07:00:10 ----A---- C:\WINDOWS\win.ini
2009-11-13 07:00:10 ----A---- C:\WINDOWS\system.ini
2009-11-12 07:59:21 ----A---- C:\AUTOEXEC.BAT
2009-11-12 07:56:38 ----A---- C:\CONFIG.BAK
2009-11-12 07:56:33 ----A---- C:\AUTOEXEC.BAK
2009-11-10 11:55:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-10 11:48:18 ----RSD---- C:\WINDOWS\Fonts
2009-11-10 07:36:34 ----RSD---- C:\WINDOWS\assembly
2009-11-10 07:28:37 ----D---- C:\Program Files\Common Files\System
2009-11-09 12:05:17 ----SD---- C:\Documents and Settings\jrw\Application Data\Microsoft
2009-11-05 12:36:21 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-05 09:00:47 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-05 09:00:24 ----D---- C:\WINDOWS\system32\en-us
2009-11-05 09:00:19 ----D---- C:\WINDOWS\system32\wbem
2009-11-05 08:22:24 ----D---- C:\WINDOWS\ShellNew
2009-11-05 08:13:33 ----D---- C:\WINDOWS\system32\config
2009-11-05 08:11:48 ----D---- C:\Program Files\MSBuild
2009-11-05 08:11:35 ----D---- C:\Program Files\Microsoft Office
2009-11-04 03:00:39 ----D---- C:\WINDOWS\ie8updates
2009-10-28 10:07:15 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-10-28 07:51:34 ----D---- C:\Documents and Settings\jrw\Application Data\QuickenPicks_Toolbar
2009-10-23 08:10:32 ----D---- C:\Program Files\Registry Mechanic
2009-10-22 11:44:02 ----D---- C:\Program Files\Internet Explorer
2009-10-22 04:19:04 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-22 01:38:32 ----A---- C:\WINDOWS\system32\xzgedkopov.dll
2009-10-20 10:34:58 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-20 09:50:01 ----D---- C:\WINDOWS\system32\DirectX
2009-10-20 09:25:54 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-20 08:58:57 ----D---- C:\Program Files\Common Files\InstallShield
2009-10-20 08:58:14 ----D---- C:\Program Files\Common Files\Designer
2009-10-20 08:43:50 ----D---- C:\WINDOWS\twain_32
2009-10-20 08:43:46 ----D---- C:\WINDOWS\Driver Cache
2009-10-15 07:26:56 ----D---- C:\Program Files\Common Files\Adobe
2009-10-11 14:26:46 ----D---- C:\Program Files\KONICA MINOLTA
2009-10-09 11:45:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-10-02 05:01:22 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2009-10-02 05:01:21 ----A---- C:\WINDOWS\system32\LMIport.dll
2009-10-02 05:01:21 ----A---- C:\WINDOWS\system32\LMIinit.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [2007-02-06 16512]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-07-26 58908]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2009-10-13 739752]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2004-05-14 76288]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-09 1502208]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e1e5132.sys [2005-03-31 180736]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2009-10-13 133576]
S2 MLPTDR_B;MLPTDR_B; \??\C:\WINDOWS\system32\MLPTDR_B.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-23 1184912]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2009-10-14 233472]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15360]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-10-20 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-22 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ArcGIS License Manager;ArcGIS License Manager; C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe [1999-12-01 467968]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-09 405504]
S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-02-09 520192]
S4 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-09-22 214256]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-09-28 133104]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-12 153376]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:28 PM

Posted 30 November 2009 - 10:53 AM

Hi jwoodscant,

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.



Please post back here with the following logs:
  • MBAM log
  • Gmer log
  • New Rsit log
Thanks

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:07:28 PM

Posted 05 December 2009 - 12:34 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users