Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus?


  • This topic is locked This topic is locked
2 replies to this topic

#1 sp2update

sp2update

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:01 PM

Posted 31 January 2010 - 05:19 PM

Hi all

I am getting ready to update to XP SP3 and I want to make sure the system is clean, as this system has a history of numerous infections.

I was unable to run DDS, and it suggested that I run RSIT and post the log in this thread:

http://www.bleepingcomputer.com/forums/t/292199/dds-wont-run/

Here is the RSIT log, also posting RSIT info.txt log though not told to do so.

RootRepeal runs this system out of VM. Never gets past the Initialzation please wait window.


Logfile of random's system information tool 1.06 (written by random/random)
Run by Doug Driscoll at 2010-01-31 16:40:38
Microsoft Windows XP Professional Service Pack 1
System drive C: has 13 GB (17%) free of 76 GB
Total RAM: 447 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:40:54 PM, on 1/31/2010
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Doug Driscoll\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Doug Driscoll.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128255394082
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\Autodesk Architectural Desktop 3\AcDcToday.ocx
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk Express Viewer Control) - http://www.autodesk.com/global/expressview...ViewerSetup.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NTI BackupNowEZSvr - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9794 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - [name removed for bleeping post].job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2000-12-31 263280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-16 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 218736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [2009-10-16 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - C:\Program Files\Norton AntiVirus\NavShExt.dll [2005-10-19 218736]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-17 844048]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2000-12-31 263280]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QT4HPOT"=C:\Program Files\HPQ\One-Touch\OneTouch.EXE [2003-01-30 106496]
"Display Settings"=C:\Program Files\HPQ\Notebook Utilities\hptasks.exe [2002-08-15 45056]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2002-08-14 290816]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2002-08-15 28672]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2005-10-02 100056]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-07-14 58992]
"SSC_UserPrompt"=C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-11-02 218240]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-25 185872]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-26 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-29 68856]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]
"ctfmon.exe"=C:\WINDOWS\System32\ctfmon.exe [2002-08-28 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2003-03-26 684032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\appch.exe]
C:\WINDOWS\system32\appch.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe [2004-09-16 538112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray]
C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe [2009-05-08 552192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CARPService]
C:\WINDOWS\system32\carpserv.exe [2003-05-21 4608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2005-07-14 58992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe [2003-02-26 180316]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2006-02-23 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\System32\PSDrvCheck.exe [2004-03-11 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PreloadApp]
c:\hp\drivers\printers\photosmart\hphprld.exe [2001-12-12 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-03-19 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe [2004-11-02 218240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-29 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-25 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-08-27 247144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
C:\WINDOWS\system32\WDBtnMgr.exe [2006-04-15 339968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~3\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
C:\PROGRA~1\MI0041~1\Office\OSA.EXE [1997-07-11 51984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WD Backup Monitor.lnk]
C:\PROGRA~1\MYBOOK~1\WDBACK~1\UBBMON~1.EXE [2006-01-22 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Doug Driscoll^Start Menu^Programs^Startup^HotSync Manager.lnk]
C:\PROGRA~1\Palm\hotsync.exe [2000-03-17 265728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Browser"=2
"seclogon"=2
"Schedule"=2
"Automatic LiveUpdate Scheduler"=2
"Themes"=3
"Macromedia Licensing Service"=3
"RSVP"=3
"Netlogon"=3
"NetDDEdsdm"=3
"NetDDE"=3
"mnmsrvc"=3
"helpsvc"=2
"COMSysApp"=3
"ClipSrv"=3
"BITS"=3
"Alerter"=3
"TomTomHOMEService"=2
"LiveUpdate"=3
"gusvc"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\Explorer.EXE:*:enabled:Explorer"

======File associations======

.inf - open -
.inf - install -
.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-01-31 16:40:38 ----D---- C:\rsit
2010-01-31 11:36:18 ----D---- C:\Documents and Settings\Doug Driscoll\Application Data\High Impact eMail 5
2010-01-31 11:36:11 ----D---- C:\WINDOWS\LastGood
2010-01-31 11:35:46 ----D---- C:\Documents and Settings\Doug Driscoll\Application Data\LiveMetrics
2010-01-31 11:35:30 ----A---- C:\WINDOWS\System32\Test.dll
2010-01-31 11:35:29 ----A---- C:\WINDOWS\System32\regobj.dll
2010-01-31 11:35:28 ----D---- C:\Program Files\Common Files\LiveMetrics
2010-01-31 11:35:28 ----A---- C:\WINDOWS\System32\LWXLLDFRequest3.dll
2010-01-31 11:35:28 ----A---- C:\WINDOWS\System32\LWLLInstances3.dll
2010-01-31 11:35:28 ----A---- C:\WINDOWS\System32\LWLLHttpsUpload2.dll
2010-01-31 11:35:28 ----A---- C:\WINDOWS\System32\LWLLClientMiddleWare3.dll
2010-01-31 11:35:28 ----A---- C:\WINDOWS\System32\LWLLClasses3.dll
2010-01-31 11:35:28 ----A---- C:\WINDOWS\System32\GUID.dll
2010-01-31 11:35:28 ----A---- C:\WINDOWS\System32\coreEncryptDecrypt.dll
2010-01-31 11:35:27 ----A---- C:\WINDOWS\System32\AdvMetrics.dll
2010-01-13 20:18:19 ----D---- C:\annalise
2010-01-03 13:36:01 ----D---- C:\MARKETING

======List of files/folders modified in the last 1 months======

2010-01-31 11:52:22 ----D---- C:\WINDOWS\Help
2010-01-31 11:36:19 ----RSHD---- C:\WINDOWS\System32\dllcache
2010-01-31 11:36:13 ----AD---- C:\WINDOWS\system32
2010-01-31 11:36:11 ----D---- C:\WINDOWS
2010-01-31 11:35:45 ----D---- C:\WINDOWS\System32\CatRoot2
2010-01-31 11:35:28 ----D---- C:\Program Files\Common Files
2010-01-31 10:15:52 ----D---- C:\Program Files\Mozilla Firefox
2010-01-31 05:20:46 ----A---- C:\WINDOWS\System32\PerfStringBackup.INI
2010-01-31 05:19:22 ----D---- C:\WINDOWS\System32\drivers
2010-01-31 05:18:08 ----D---- C:\WINDOWS\temp
2010-01-31 05:17:56 ----AD---- C:\Program Files
2010-01-30 08:35:20 ----D---- C:\Mother
2010-01-28 17:39:35 ----D---- C:\dancesport
2010-01-16 03:38:16 ----SHD---- C:\WINDOWS\Installer
2010-01-16 03:38:06 ----D---- C:\Program Files\Google
2010-01-16 03:37:39 ----SD---- C:\WINDOWS\Tasks
2010-01-07 16:47:37 ----D---- C:\LEED
2010-01-05 13:12:16 ----A---- C:\WINDOWS\wordpad.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\System32\drivers\Cdr4_xp.sys [2003-03-26 62288]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\System32\drivers\Cdralw2k.sys [2003-03-26 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\System32\drivers\cdudf_xp.sys [2003-03-26 241280]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\System32\drivers\pclepci.sys []
R1 pwd_2k;pwd_2k; C:\WINDOWS\System32\drivers\pwd_2k.sys [2003-03-26 144250]
R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2005-04-05 267192]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\System32\drivers\UdfReadr_xp.sys [2003-03-26 206464]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS []
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2001-08-17 55296]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 StreamDispatcher;StreamDispatcher; C:\WINDOWS\System32\DRIVERS\strmdisp.sys [2003-05-21 30592]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALiIRDA;ALi Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\aliirda.sys [2003-01-23 27648]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2002-08-28 57344]
R3 ASAPIW2K;ASAPIW2K; \??\C:\WINDOWS\System32\Drivers\asapiW2k.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-08-15 471168]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO; C:\WINDOWS\system32\drivers\caliaud.sys [2002-11-05 291328]
R3 CALIHALA;CALIHALA; C:\WINDOWS\system32\drivers\calihal.sys [2002-11-05 244608]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2002-08-28 13184]
R3 DKbFltr;Dritek HotKey Keyboard Filter Driver; C:\WINDOWS\System32\Drivers\DKbFltr.SYS [2002-10-16 14543]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver; C:\WINDOWS\System32\DRIVERS\DP83815.SYS [2002-08-28 16512]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2005-03-07 14408]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HPCI;HP Configuration Interface; C:\WINDOWS\System32\DRIVERS\hpci.sys [2002-07-17 14504]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-05-21 1063040]
R3 HSFHWALI;HSFHWALI; C:\WINDOWS\System32\DRIVERS\HSFHWALI.sys [2003-05-21 179712]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [2005-06-02 171008]
R3 mmc_2K;mmc_2K; C:\WINDOWS\System32\drivers\mmc_2K.sys [2003-03-26 30662]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2002-08-28 57984]
R3 NTIDrvr;NTIDrvr; \??\C:\WINDOWS\System32\drivers\NTIDrvr.sys []
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\System32\DRIVERS\point32.sys [2003-05-15 19072]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2005-04-05 11512]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2005-04-05 173208]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2005-04-05 36984]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20070221.002\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2005-04-05 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2005-04-05 17976]
R3 UBHelper;UBHelper; \??\C:\WINDOWS\System32\drivers\UBHelper.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2003-07-03 19328]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-05-21 631296]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-28 37504]
S3 61883;61883 Unit Device; C:\WINDOWS\System32\DRIVERS\61883.sys [2002-08-29 46080]
S3 allegro;ESS Allegro Audio Driver (WDM); C:\WINDOWS\system32\drivers\es198x.sys [2001-08-17 174464]
S3 atimpab;atimpab; C:\WINDOWS\System32\DRIVERS\atimpab.sys [2001-08-17 289664]
S3 Avc;AVC Device; C:\WINDOWS\System32\DRIVERS\avc.sys [2002-08-29 36224]
S3 BCM43XX;HP WLAN 54g W450 Network Adapter Driver; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [2003-02-06 164352]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-28 68864]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2002-08-28 68864]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2003-02-17 16384]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 CE3;Xircom Ethernet Adapter 10/100 Service; C:\WINDOWS\System32\DRIVERS\ce3n5.sys [2001-08-17 27164]
S3 dvd_2K;dvd_2K; C:\WINDOWS\System32\drivers\dvd_2K.sys [2003-03-26 25930]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\System32\drivers\mbamswissarmy.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2003-02-17 52096]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-11 5504]
S3 MTDVC;Panasonic DVC USB-SERIAL Driver for NT Technology; C:\WINDOWS\System32\DRIVERS\mtdv2ku1.sys [2002-04-12 12590]
S3 MTDVC_ENUM;Panasonic DVC COM Driver for NT Technology; C:\WINDOWS\System32\DRIVERS\mtdv2ks1.sys [2002-04-24 11569]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2003-02-17 83968]
S3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\NAVENG.Sys []
S3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070214.020\NavEx15.Sys []
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2003-02-17 10112]
S3 PCX500;Cisco Wireless LAN Adapters Driver; C:\WINDOWS\System32\DRIVERS\pcx500.sys [2003-02-14 222720]
S3 PCX500MP;Cisco 350 Series Lower Device Filter; C:\WINDOWS\System32\DRIVERS\pcx500mp.sys [2002-08-05 4990]
S3 SAVRT;SAVRT; \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2003-02-17 10880]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2003-02-17 14976]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S3 VisorUsb;Handspring USB; C:\WINDOWS\System32\DRIVERS\VisorUsb.sys [2000-03-17 19968]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-28 12032]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2003-02-17 18688]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2005-07-14 198256]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2005-07-14 181872]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\System32\drivers\CDAC11BA.EXE [2004-11-11 54784]
R2 HPConfig;HP Configuration Interface Service; C:\WINDOWS\system32\HPConfig.exe [2002-08-15 151552]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-26 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
R2 NPFMntor;Norton AntiVirus Firewall Monitor Service; C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe [2005-10-19 46704]
R2 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2005-04-05 206552]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2005-10-02 826512]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\atievxx.exe [2001-08-17 37376]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-16 135664]
S2 Ip6FwHlp;IPv6 Internet Connection Firewall; C:\WINDOWS\System32\svchost.exe [2002-08-28 12800]
S2 SBService;ScriptBlocking Service; C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe [2005-10-19 67184]
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2005-07-14 79472]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-27 182768]
S3 HPWirelessMgr;HPWirelessMgr; C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe [2003-01-14 53248]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]
S3 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2002-08-28 12800]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 navapsvc;Norton AntiVirus Auto-Protect Service; C:\Program Files\Norton AntiVirus\navapsvc.exe [2005-10-19 177264]
S3 NTI BackupNowEZSvr;NTI BackupNowEZSvr; C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2009-05-08 45312]
S3 SAVScan;SAVScan; C:\Program Files\Norton AntiVirus\SAVScan.exe [2005-03-07 198368]
S3 SPBBCSvc;Symantec SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
S4 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2004-03-20 68096]
S4 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]

-----------------EOF-----------------


RSIT INFO LOG

info.txt logfile of random's system information tool 1.06 2010-01-31 16:41:02

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\HPQ\Software Setup\Uninst.isu" -c"C:\Program Files\HPQ\Software Setup\CPQUNST.DLL"
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6041B9C1-775E-4C6A-AECE-70C39CAED90A}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{828633A1-8064-4AB8-8454-CB3E1B2C6508}\Setup.exe"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E01ADB17-4514-401F-ADE2-815946A651D6}\Setup.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3ds max 6 Architectural Materials-->MsiExec.exe /I{DD8C1183-6548-4A43-B9E5-CD0E970751E4}
3ds max 6 Reference Files-->MsiExec.exe /I{BC14A1F6-0511-4360-8351-FB7964979317}
3ds max 6 Sample Files-->MsiExec.exe /I{EC63CD9C-676B-4384-A280-378842B99DCA}
3ds max 6-->MsiExec.exe /I{69E6A869-8B59-4619-A9E9-58DDFA7C05B8}
A1 Keyword Research-->"C:\Program Files\Microsys\Keyword Research 2\unins000.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Plus-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat 6.0 Standard-->MsiExec.exe /I{AC76BA86-1033-0000-BA7E-000000000001}
Adobe Download Manager 1.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advanced Networking Pack for Windows XP-->C:\WINDOWS\$NtUninstallKB817778$\spuninst\spuninst.exe
A-PDF Restrictions Remover 1.6-->"C:\Program Files\A-PDF Restrictions Remover\unins000.exe"
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autodesk Architectural Desktop 2004-->MsiExec.exe /I{5783F2D7-0204-0409-0002-0060B0CE6BBA}
Autodesk Architectural Desktop 3.3-->MsiExec.exe /I{5783F2D7-0134-0409-0000-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Autodesk Express Viewer-->C:\PROGRA~1\Autodesk\AUTODE~2\Setup.exe /remove
Autodesk® VIZ 4-->MsiExec.exe /I{C3280F9F-0C9D-43CC-8BC5-11F4319996ED}
BEES40e-->C:\BEES40e\caindreg.exe
Canon i960-->C:\WINDOWS\System32\CNMCP5c.exe "-PRINTERNAMECanon i960" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i960 Installer\Inst2\cnmi0409.dll"
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{03CDDD00-BD57-4326-9480-4C74449AF597}
ccCommon-->MsiExec.exe /I{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
character studio 4.2-->MsiExec.exe /I{3191ADFC-5BA3-474D-BCBA-1B5615ABFFC1}
Chess Mentor-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Chess Mentor\Uninst.isu"
Chessmaster 10th Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
Cisco Aironet Installation Wizard-->C:\WINDOWS\Cisco\DInstall\Setup.exe /cp
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant 56K ACLink Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C\HXFSETUP.EXE -U -Ihpm08505.inf
Conexant AC-Link Audio-->CIAunwdm.exe
Cool Edit 2000-->C:\Program Files\Cool2000\ce2Kunin.exe
Daylight 1-2-3 (version 1.3)-->C:\WINDOWS\unvise32.exe C:\Program Files\Daylight1-2-3\uninstal.log
DAYSIM 2.1.P4-->C:\WINDOWS\unvise32.exe C:\DAYSIM\uninstal.log
Designjet Software & Driver Installation Wizard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21E6C8E8-C2DF-46B9-8C50-3538C26AEDCC}\IS_SETUP.EXE" -l0x9
DirectX 9 Hotfix - KB839643-->C:\WINDOWS\$NtUninstallKB839643-DirectX9$\spuninst\spuninst.exe
DiscAPI-->MsiExec.exe /X{A77F3C2D-50CC-4A29-A1FB-1E018BE4DCA2}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DMVlite-->C:\Program Files\Internet Explorer\iexplore.exe "C:\WINDOWS\System32\wsxsvc\uninstall.html"
Duct Calculator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46CC1C00-8DA6-11D5-A258-005004243E56}\Setup.exe" -l0x9
DV Studio3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5DF68560-292A-11D5-99D1-00010256D40E}\setup.exe"
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
EnergyPlus Version 1.4-->C:\ENERGY~2\UNWISE.EXE C:\ENERGY~2\INSTALL.LOG
eQUEST 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5173295-F8F1-4E51-A7F8-FB39F761160C}\setup.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
FileAlyzer 1.1i-->"C:\Program Files\PepiMK Software\FileAlyzer\unins000.exe"
FileZilla Client 3.2.7.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
GIMP 2.4.7-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Google Gears-->MsiExec.exe /I{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0E996B068B56FCA2.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Handmark® PocketChess™ Deluxe for Palm OS-->C:\WINDOWS\unvise32.exe C:\Program Files\Handmark\PocketChess Deluxe for Palm OS\uninstal.log
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Inactive HP Printer Drivers (Remove only)-->RunDll32 hpuninst.dll,InstallHinfSection UninstDefault 132 prntunin.inf
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-06-26-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{654F0312-CB3D-4FE2-962C-6BB9752E9146} /l1033
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LargeEdit-->"C:\Program Files\Netlegger\LargeEdit\unins000.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic M4A to MP3 Converter 3.1-->"C:\Program Files\Magic M4A to MP3 Converter\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MASTERWORKS 5.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Specware\MWorks\Uninst.isu"
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft FrontPage 2002-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Office 97, Professional Edition-->C:\program files\microsoft office 97\Office\Setup\Acme.exe /w Off97Pro.STF
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Project Standard 2002-->MsiExec.exe /I{913A0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Norton AntiVirus 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton AntiVirus Parent MSI-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton AntiVirus SCSSDist MSI-->MsiExec.exe /I{541230A3-1D3A-4879-B7E0-E71F90E35548}
Norton AntiVirus SYMLT MSI-->MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Notebook Utilities-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A8F2DCDE-AE4E-4AC9-BECD-496FB80FBF6A}\Setup.exe" -l0x9 UNINSTALL
NTI Backup Now EZ-->C:\Program Files\InstallShield Installation Information\{B9ECA41B-55CC-4654-B6B5-6731D009EC69}\setup.exe -runfromtemp -l0x0409
NTI Backup Now EZ-->C:\Program Files\InstallShield Installation Information\{B9ECA41B-55CC-4654-B6B5-6731D009EC69}\setup.exe -runfromtemp -l0x0409
One-Touch Buttons-->C:\WINDOWS\UnInst32.exe QT4HPOT.UNI
Pinnacle Hollywood FX for Studio-->C:\WINDOWS\unvise32.exe C:\Program Files\Pinnacle\Hollywood FX for Studio\6.0\uninstal.log
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{929408E6-D265-4174-805F-81D1D914E2A4} /l1033
RAPID-->MsiExec.exe /X{EEECE229-49F6-4851-A73A-99B058221F8C}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegAlyzer 1.0f-->"C:\Program Files\PepiMK Software\RegAlyzer\unins000.exe"
RegHance 2.12-->C:\PROGRA~1\LAVASO~1\UNWISE.EXE C:\PROGRA~1\LAVASO~1\INSTALL.LOG
RETScreen Version 4-->MsiExec.exe /I{E9021599-1E2A-4027-A1CC-40E42A08603C}
S3Dfree 2000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CWDesign\S3Dfree 2000\Uninst.isu"
SafeCast Shared Components-->C:\Program Files\Common Files\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall
SAM 2009.10.13-->"C:\SAM\2009.10.13\unins000.exe"
Script Maker-->C:\WINDOWS\iun506.exe C:\Program Files\Script Maker\irunin.ini
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SortSite 3.0 Evaluation-->MsiExec.exe /X{21869F2E-70A6-4993-9EAE-11FE283C182F}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot - Search & Destroy 1.3-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster v3.4-->"C:\Program Files\SpywareBlaster\unins000.exe"
Studio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CB05291-F546-458E-A796-B5BCF5A3CDC4}\Setup.exe" -l0x9 UNINSTALL
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
THERM5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C8ECD77-7CFD-4CD0-BA6F-B2ADDA48FD4C}\Setup.exe" -l0x9
TomTom HOME 2.7.2.1825-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
Turbo Lister-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99CC78D1-2356-497C-84C1-F239884001EC}
TurboProject v.4-->MsiExec.exe /I{4BEED434-8D57-11D4-A3B6-008048EE5CCD}
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
USB Driver for Panasonic DVC (with Web Camera)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{82AF8AF6-6D0B-4EE6-B11F-CF9877877F69}\setup.exe" anythinganything
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\System32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Volo View Express-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Volo View Express\DeIsL1.isu"
WD Backup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A351224F-533A-4EED-89F4-0BF3417FD31D}\setup.exe" -l0x9
WD Firewire HID Driver-->MsiExec.exe /X{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}
WebIQ Client Software-->C:\WINDOWS\System32\WebIQInstall.exe /u
WinBoard-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WinBoard\Uninst.isu"
Window5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47C67570-B91F-47B5-B072-661912718FAC}\Setup.exe" -l0x9
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Hotfix [See wm828026 for more information]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe
Windows XP Hotfix - KB810217-->C:\WINDOWS\$NtUninstallKB810217$\spuninst\spuninst.exe
Windows XP Hotfix - KB820291-->C:\WINDOWS\$NtUninstallKB820291$\spuninst\spuninst.exe
Windows XP Hotfix - KB821253-->C:\WINDOWS\$NtUninstallKB821253$\spuninst\spuninst.exe
Windows XP Hotfix - KB821557-->C:\WINDOWS\$NtUninstallKB821557$\spuninst\spuninst.exe
Windows XP Hotfix - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe
Windows XP Hotfix - KB823182-->C:\WINDOWS\$NtUninstallKB823182$\spuninst\spuninst.exe
Windows XP Hotfix - KB823559-->C:\WINDOWS\$NtUninstallKB823559$\spuninst\spuninst.exe
Windows XP Hotfix - KB823980-->C:\WINDOWS\$NtUninstallKB823980$\spuninst\spuninst.exe
Windows XP Hotfix - KB824105-->C:\WINDOWS\$NtUninstallKB824105$\spuninst\spuninst.exe
Windows XP Hotfix - KB824141-->C:\WINDOWS\$NtUninstallKB824141$\spuninst\spuninst.exe
Windows XP Hotfix - KB824146-->C:\WINDOWS\$NtUninstallKB824146$\spuninst\spuninst.exe
Windows XP Hotfix - KB825119-->C:\WINDOWS\$NtUninstallKB825119$\spuninst\spuninst.exe
Windows XP Hotfix - KB828028-->C:\WINDOWS\$NtUninstallKB828028$\spuninst\spuninst.exe
Windows XP Hotfix - KB828035-->C:\WINDOWS\$NtUninstallKB828035$\spuninst\spuninst.exe
Windows XP Hotfix - KB828741-->C:\WINDOWS\$NtUninstallKB828741$\spuninst\spuninst.exe
Windows XP Hotfix - KB835732-->C:\WINDOWS\$NtUninstallKB835732$\spuninst\spuninst.exe
Windows XP Hotfix - KB837001-->C:\WINDOWS\$NtUninstallKB837001$\spuninst\spuninst.exe
Windows XP Hotfix - KB839645-->C:\WINDOWS\$NtUninstallKB839645$\spuninst\spuninst.exe
Windows XP Hotfix - KB840315-->C:\WINDOWS\$NtUninstallKB840315$\spuninst\spuninst.exe
Windows XP Hotfix - KB840374-->C:\WINDOWS\$NtUninstallKB840374$\spuninst\spuninst.exe
Windows XP Hotfix - KB841873-->C:\WINDOWS\$NtUninstallKB841873$\spuninst\spuninst.exe
Windows XP Hotfix - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
Windows XP Hotfix - KB911567-->"C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918439-->"C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe"
Windows XP Hotfix - KB918899-->"C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
Windows XP Hotfix - KB925486-->"C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
Windows XP Hotfix (SP2) [See Q329048 for more information]-->C:\WINDOWS\$NtUninstallQ329048$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329115 for more information]-->C:\WINDOWS\$NtUninstallQ329115$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329390 for more information]-->C:\WINDOWS\$NtUninstallQ329390$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) [See Q329834 for more information]-->C:\WINDOWS\$NtUninstallQ329834$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q322011-->C:\WINDOWS\$NtUninstallQ322011$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q327979-->C:\WINDOWS\$NtUninstallQ327979$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q328310-->C:\WINDOWS\$NtUninstallQ328310$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329170-->C:\WINDOWS\$NtUninstallQ329170$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q329441-->C:\WINDOWS\$NtUninstallQ329441$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q331953-->C:\WINDOWS\$NtUninstallQ331953$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810565-->C:\WINDOWS\$NtUninstallQ810565$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810577-->C:\WINDOWS\$NtUninstallQ810577$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q810833-->C:\WINDOWS\$NtUninstallQ810833$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q811493-->C:\WINDOWS\$NtUninstallQ811493$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q814033-->C:\WINDOWS\$NtUninstallQ814033$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q814995-->C:\WINDOWS\$NtUninstallQ814995$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q815021-->C:\WINDOWS\$NtUninstallQ815021$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q817287-->C:\WINDOWS\$NtUninstallQ817287$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q817606-->C:\WINDOWS\$NtUninstallQ817606$\spuninst\spuninst.exe
Windows XP Hotfix (SP2) Q819696-->C:\WINDOWS\$NtUninstallQ819696$\spuninst\spuninst.exe
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======System event log======

Computer Name: DOG
Event Code: 7000
Message: The wscsvc service failed to start due to the following error:
The executable program that this service is configured to run in does not implement the service.


Record Number: 6015
Source Name: Service Control Manager
Time Written: 20091126084102.000000-300
Event Type: error
User:

Computer Name: DOG
Event Code: 7000
Message: The Ati HotKey Poller service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 6014
Source Name: Service Control Manager
Time Written: 20091126084102.000000-300
Event Type: error
User:

Computer Name: DOG
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the Ati HotKey Poller service to connect.

Record Number: 6013
Source Name: Service Control Manager
Time Written: 20091126084102.000000-300
Event Type: error
User:

Computer Name: DOG
Event Code: 32005
Message: The IPv6 Internet Connection Firewall service was unable to find
support for IPv6.
This may indicate that the IPv6 protocol suite is not installed
or it failed to start.
The data is the error code.

Record Number: 6012
Source Name: ip6fwhlp
Time Written: 20091126084053.000000-300
Event Type: error
User:

Computer Name: DOG
Event Code: 7
Message: The device, \Device\Harddisk0\D, has a bad block.

Record Number: 6003
Source Name: Disk
Time Written: 20091126083246.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: DOG
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20081.2918, faulting module unknown, version 0.0.0.0, fault address 0x07b5f9f0.

Record Number: 4576
Source Name: Application Error
Time Written: 20090401071126.000000-300
Event Type: error
User:

Computer Name: DOG
Event Code: 2001
Message: Rejected Safe Mode action : Microsoft Word.

Record Number: 4563
Source Name: Microsoft Office 10
Time Written: 20090325071649.000000-300
Event Type: error
User:

Computer Name: DOG
Event Code: 1000
Message: Faulting application winword.exe, version 10.0.2627.0, faulting module winword.exe, version 10.0.2627.0, fault address 0x008248f2.

Record Number: 4562
Source Name: Microsoft Office 10
Time Written: 20090325071620.000000-300
Event Type: error
User:

Computer Name: DOG
Event Code: 1000
Message: Faulting application winword.exe, version 10.0.2627.0, faulting module comctl32.dll, version 5.82.2800.1106, fault address 0x0000b43f.

Record Number: 4296
Source Name: Microsoft Office 10
Time Written: 20081229234535.000000-300
Event Type: error
User:

Computer Name: DOG
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20080.62306, faulting module js3250.dll, version 4.0.0.0, fault address 0x0001ecc2.

Record Number: 4045
Source Name: Application Error
Time Written: 20081007235101.000000-240
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\backburner 2;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

Edited by sp2update, 31 January 2010 - 05:33 PM.


BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:01 PM

Posted 08 February 2010 - 12:07 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:01 AM

Posted 13 February 2010 - 03:37 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users