Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rsit log


  • This topic is locked This topic is locked
2 replies to this topic

#1 SandyBeach

SandyBeach

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:16 PM

Posted 12 April 2010 - 10:02 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/306200/71-infections-say-stop-zilla/ ~ OB

Hi I have followed the prep guide but I was unable to get DDS to run Gmer kept crashing my machine DDS simply flashes the DOS window and nothing else. Before Gmer crashed I pulled this info and was advised to post it here.

Below this is the RSIT log



Type - Service
Name - (**hidden**)
Value - [BOOT] qmugfahv

above is in red

This also appears on the scan that is cancelled when gmer is first started.

The third line of the scan also shows the following entry

Type - ?
Name - System32\drivers\qmugfahv.sys
Value - Adevice attached to the system is not functioning !

This text is in black.

Don't know if this helps,


RSIT lOG


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:54:22, on 12/04/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Home Computer\Desktop\RSIT.exe
C:\Program Files\trend micro\Home Computer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.myphotocalendar.co.uk/common/ImageUploader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Window Washer Engine (wwEngineSvc) - Webroot Software, Inc. - C:\Program Files\Webroot\Washer\WasherSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7663 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At25.job
C:\Windows\tasks\At26.job
C:\Windows\tasks\At27.job
C:\Windows\tasks\At28.job
C:\Windows\tasks\At29.job
C:\Windows\tasks\At30.job
C:\Windows\tasks\At31.job
C:\Windows\tasks\At32.job
C:\Windows\tasks\At33.job
C:\Windows\tasks\At34.job
C:\Windows\tasks\At35.job
C:\Windows\tasks\At36.job
C:\Windows\tasks\At37.job
C:\Windows\tasks\At38.job
C:\Windows\tasks\At39.job
C:\Windows\tasks\At40.job
C:\Windows\tasks\At41.job
C:\Windows\tasks\At42.job
C:\Windows\tasks\At43.job
C:\Windows\tasks\At44.job
C:\Windows\tasks\At45.job
C:\Windows\tasks\At46.job
C:\Windows\tasks\At47.job
C:\Windows\tasks\At48.job
C:\Windows\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-12-21 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2009-03-25 833776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-03-29 2012912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe -launchedbylogin []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atmlocalgfx]
C:\Users\Home Computer\AppData\Local\atmlocalgfx\atmlocalgfx.dll, DllInit []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-10-23 202024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ErrorRepairPro]
C:\Program Files\Error Repair Professional\autostart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero8\InCD\InCD.exe [2007-10-15 1077032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-11-06 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe [2007-10-15 2045224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Paul\Just Stuff\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Window Washer]
C:\Program Files\Webroot\Washer\wwDisp.exe [2007-11-26 1206600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Home Computer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68081616-dccd-11de-a55c-001d92447fa4}]
shell\AutoRun\command - I:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{833e5f5a-0a56-11df-9b56-001d92447fa4}]
shell\AutoRun\command - I:\Setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.txt - open -

======List of files/folders created in the last 1 months======

2010-04-12 15:54:17 ----D---- C:\Program Files\trend micro
2010-04-12 15:54:16 ----D---- C:\rsit
2010-04-07 09:24:37 ----A---- C:\ProgramData\hpeD29C.dll
2010-04-07 09:24:05 ----D---- C:\Program Files\Common Files\Sony Shared
2010-04-07 09:23:34 ----D---- C:\ProgramData\Sony Corporation
2010-04-07 09:23:00 ----D---- C:\Users\Home Computer\AppData\Roaming\Sony Setup
2010-04-07 09:22:56 ----D---- C:\Program Files\Sony Setup
2010-04-07 08:24:55 ----D---- C:\ProgramData\BVRP Software
2010-04-06 20:42:49 ----A---- C:\ProgramData\hpeD66.dll
2010-04-01 14:02:43 ----D---- C:\Users\Home Computer\AppData\Roaming\Big Fish Games
2010-04-01 13:36:28 ----D---- C:\Windows\Mystery Case Files - Dire Grove Collector's Edition
2010-04-01 13:36:28 ----D---- C:\Program Files\Mystery Case Files - Dire Grove Collector's Edition
2010-04-01 13:36:03 ----A---- C:\Windows\Mystery Case Files - Dire Grove Collector's Edition Setup Log.txt
2010-04-01 12:59:34 ----D---- C:\Users\Home Computer\AppData\Roaming\Avira
2010-04-01 11:27:02 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-04-01 11:26:54 ----D---- C:\Users\Home Computer\AppData\Roaming\SUPERAntiSpyware.com
2010-04-01 11:26:54 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-01 08:40:50 ----A---- C:\mbam-error.txt
2010-03-31 15:29:12 ----D---- C:\ProgramData\SITEguard
2010-03-31 15:28:27 ----D---- C:\ProgramData\STOPzilla!
2010-03-31 15:28:27 ----D---- C:\Program Files\Common Files\iS3
2010-03-31 12:42:14 ----D---- C:\ProgramData\WEBREG
2010-03-31 12:41:57 ----D---- C:\Users\Home Computer\AppData\Roaming\HP
2010-03-31 12:38:30 ----D---- C:\Program Files\Hewlett-Packard
2010-03-31 12:38:30 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-03-31 12:38:12 ----D---- C:\Program Files\Common Files\HP
2010-03-31 12:32:26 ----D---- C:\Program Files\HP
2010-03-31 12:29:40 ----D---- C:\ProgramData\HP
2010-03-31 12:29:37 ----A---- C:\Windows\system32\hpzids01.dll
2010-03-31 12:29:37 ----A---- C:\Windows\system32\hpowiav1.dll
2010-03-31 12:29:37 ----A---- C:\Windows\system32\hpovst01.dll
2010-03-31 07:59:14 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 07:59:13 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 07:59:12 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 07:59:12 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 07:59:12 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\occache.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\msfeedssync.exe
2010-03-31 07:59:11 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 07:59:11 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\iesysprep.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\iernonce.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 07:59:11 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-30 17:21:09 ----D---- C:\Users\Home Computer\AppData\Roaming\Media Player Classic
2010-03-30 17:20:59 ----D---- C:\Program Files\MPC HomeCinema
2010-03-29 21:27:33 ----D---- C:\Program Files\Sophos
2010-03-29 18:21:54 ----D---- C:\Users\Home Computer\AppData\Roaming\Red Thumb Games
2010-03-29 18:21:25 ----D---- C:\ProgramData\Trymedia
2010-03-29 18:20:50 ----D---- C:\Windows\Dragon Hatchery
2010-03-29 18:20:50 ----D---- C:\Program Files\Dragon Hatchery
2010-03-29 18:20:39 ----A---- C:\Windows\Dragon Hatchery Setup Log.txt
2010-03-29 13:41:23 ----D---- C:\Users\Home Computer\AppData\Roaming\Webroot
2010-03-29 13:41:22 ----D---- C:\ProgramData\Webroot
2010-03-29 13:41:22 ----D---- C:\Program Files\Webroot
2010-03-29 13:41:22 ----D---- C:\Program Files\Common Files\Webroot Shared
2010-03-29 13:41:15 ----A---- C:\Windows\Unwash6.exe
2010-03-29 13:11:43 ----D---- C:\Program Files\KeyScrambler
2010-03-27 09:28:15 ----AD---- C:\ProgramData\TEMP
2010-03-26 10:55:16 ----D---- C:\Program Files\DDR - Pen Drive Recovery (DEMO)
2010-03-25 13:07:40 ----D---- C:\Program Files\Moleskinsoft Directory Size 2.4
2010-03-25 10:08:24 ----D---- C:\Users\Home Computer\AppData\Roaming\Artogon
2010-03-22 20:55:01 ----D---- C:\Program Files\Power CD DVD Recovery
2010-03-19 17:30:50 ----D---- C:\ProgramData\SpinTop Games

======List of files/folders modified in the last 1 months======

2010-04-12 15:54:22 ----D---- C:\Windows\Prefetch
2010-04-12 15:54:17 ----RD---- C:\Program Files
2010-04-12 15:54:12 ----D---- C:\Windows\Temp
2010-04-12 15:41:56 ----D---- C:\Windows\System32
2010-04-12 15:41:56 ----D---- C:\Windows\inf
2010-04-12 15:41:56 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-04-12 15:39:51 ----D---- C:\Users\Home Computer\AppData\Roaming\uTorrent
2010-04-12 08:59:09 ----SHD---- C:\System Volume Information
2010-04-12 07:56:57 ----D---- C:\ProgramData\NVIDIA
2010-04-08 19:03:01 ----D---- C:\Louise
2010-04-08 07:50:52 ----D---- C:\Windows
2010-04-07 09:33:35 ----D---- C:\Windows\system32\drivers
2010-04-07 09:32:02 ----D---- C:\Users\Home Computer\AppData\Roaming\Sony
2010-04-07 09:25:25 ----D---- C:\Windows\system32\catroot
2010-04-07 09:25:15 ----D---- C:\Windows\system32\catroot2
2010-04-07 09:24:37 ----HD---- C:\ProgramData
2010-04-07 09:24:11 ----SHD---- C:\Windows\Installer
2010-04-07 09:24:05 ----D---- C:\Program Files\Common Files
2010-04-07 09:23:59 ----D---- C:\Program Files\Sony
2010-04-07 09:23:42 ----RSD---- C:\Windows\assembly
2010-04-07 09:23:27 ----D---- C:\Windows\winsxs
2010-04-07 09:13:51 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-07 09:13:51 ----D---- C:\Program Files\Sony Ericsson
2010-04-07 09:13:50 ----D---- C:\ProgramData\Sony Ericsson
2010-04-01 20:04:14 ----D---- C:\Windows\Minidump
2010-04-01 18:51:55 ----A---- C:\Windows\ntbtlog.txt
2010-04-01 12:50:04 ----D---- C:\Windows\pss
2010-04-01 12:45:49 ----D---- C:\Program Files\Spyware Doctor
2010-04-01 12:43:15 ----D---- C:\Program Files\DVDVideoSoft
2010-04-01 12:42:26 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-04-01 12:32:01 ----D---- C:\Program Files\Privacy Mantra 2.05
2010-04-01 11:26:16 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-01 08:40:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-03-31 21:20:26 ----D---- C:\games
2010-03-31 18:17:10 ----D---- C:\Program Files\AVIConverter
2010-03-31 15:40:08 ----D---- C:\Windows\system32\config
2010-03-31 12:41:52 ----A---- C:\Windows\win.ini
2010-03-31 12:38:34 ----D---- C:\Windows\twain_32
2010-03-31 10:31:51 ----D---- C:\Windows\system32\Tasks
2010-03-31 08:01:01 ----D---- C:\Windows\system32\migration
2010-03-31 08:01:01 ----D---- C:\Program Files\Internet Explorer
2010-03-29 17:42:17 ----D---- C:\Windows\LiveKernelReports
2010-03-29 17:22:07 ----D---- C:\Windows\Setup
2010-03-29 17:18:55 ----D---- C:\Program Files\Adobe
2010-03-29 14:02:10 ----D---- C:\Windows\Tasks
2010-03-29 13:33:06 ----D---- C:\Windows\PLA
2010-03-29 11:15:07 ----D---- C:\Temp
2010-03-29 09:16:47 ----D---- C:\Program Files\Unlocker
2010-03-28 19:42:20 ----D---- C:\ProgramData\TuneUp Software
2010-03-27 14:03:43 ----D---- C:\Program Files\MP3 Player Utilities 4.00
2010-03-27 10:15:43 ----D---- C:\Program Files\Sage
2010-03-25 22:51:39 ----D---- C:\Program Files\PeerBlock
2010-03-23 22:14:27 ----D---- C:\Program Files\Games
2010-03-22 16:55:54 ----D---- C:\Users\Home Computer\AppData\Roaming\DC++
2010-03-22 08:39:28 ----D---- C:\ProgramData\NOS
2010-03-22 08:39:24 ----SD---- C:\Windows\Downloaded Program Files
2010-03-19 08:46:54 ----D---- C:\ProgramData\Microsoft Help
2010-03-18 09:26:59 ----D---- C:\Program Files\Alkali Software
2010-03-15 10:23:21 ----D---- C:\ProgramData\JollyBear
2010-03-14 10:45:09 ----D---- C:\Users\Home Computer\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2007-10-15 38952]
R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2007-10-15 40488]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-09-26 215680]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
R3 KeyScrambler;KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [2009-01-18 114024]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista; C:\Windows\system32\DRIVERS\netr28u.sys [2007-08-15 552448]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-06 8230496]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
R3 X10Hid;X10 Hid Device; C:\Windows\System32\Drivers\x10hid.sys [2006-11-17 13976]
R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2007-10-15 125864]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Scan.sys [2008-01-19 10752]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 EZUSB;EZUSB PC/SC Smart Card Reader; C:\Windows\system32\DRIVERS\ezusb.sys [2008-06-03 63288]
S3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\Windows\system32\4069.tmp []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 NAL;Nal Service ; \??\C:\Windows\system32\Drivers\iqvw32.sys [2008-10-08 30816]
S3 pbfilter;pbfilter; \??\C:\Program Files\PeerBlock\pbfilter.sys [2009-09-28 16472]
S3 Pcouffin;Low level access layer for CD devices; C:\Windows\System32\Drivers\Pcouffin.sys []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM); C:\Windows\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter; C:\Windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver; C:\Windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM); C:\Windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS); C:\Windows\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM); C:\Windows\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
S3 SQTECH905C;DualCamera; C:\Windows\System32\Drivers\Capt905c.sys [2005-07-13 33890]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;Sony Ericsson USB Serial Port; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 wrssweep;Webroots Volume Access Driver; \??\C:\Program Files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2008-01-19 521216]
S3 XUIF;X10 USB Wireless Transceiver; C:\Windows\System32\Drivers\x10ufx2.sys [2006-11-30 27416]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-04-08 56448]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-19 21504]
R2 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe [2007-10-15 1440552]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-14 215584]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-07-14 239648]
R2 wwEngineSvc;Window Washer Engine; C:\Program Files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-10-24 655624]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
Second Log reads as

info.txt logfile of random's system information tool 1.06 2010-04-12 15:54:26

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Windows\NuNInst.exe /UNINSTALL
-->C:\Windows\UNNeroBackItUp.exe /UNINSTALL
-->C:\Windows\UNNeroMediaHome.exe /UNINSTALL
-->C:\Windows\UNNeroShowTime.exe /UNINSTALL
-->C:\Windows\UNNeroVision.exe /UNINSTALL
-->C:\Windows\UNRecode.exe /UNINSTALL
-->MsiExec /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
7-Zip 4.65-->MsiExec.exe /I{23170F69-40C1-2701-0465-000001000000}
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Acrobat.com-->msiexec /qb /x {C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Acrobat.com-->MsiExec.exe /I{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Reader 9.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ashampoo Burning Studio 9.12-->"C:\Program Files\Ashampoo\Ashampoo Burning Studio 9\unins000.exe"
AVI to DVD Converter-->C:\Paul\DVDrip\AVI to DVD Converter\Uninstall.exe
AVIConverter 3.0-->C:\Program Files\AVIConverter\uninst.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AVS Video Tools 5.6-->"C:\Program Files\AVSMedia\VideoTools\unins000.exe"
AxCrypt (Remove Only)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Big City Adventure Vancouver CE 1.00-->C:\Program Files\Games\Big City Adventure Vancouver CE\Uninstall.exe
Bitmap to Icon Wizard-->"C:\Program Files\Alkali Software\Bitmap to Icon\uninstall.exe"
Bob the Builder Can Do Zoo-->"C:\Windows\Bob the Builder Can Do Zoo\uninstall.exe" "/U:C:\Paul\Games\Bob the Builder\Uninstall\uninstall.xml"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bubble Shooter v2.12-->C:\Paul\Games\Bubbles\unins000.exe
Cars - Radiator Springs Adventures-->"C:\Program Files\THQ\Disney-PIXAR\Cars\Radiator Springs Adventures\Uninstall_Cars - Radiator Springs Adventures\Uninstall Cars - Radiator Springs Adventures.exe"
Citrix XenApp Web Plugin-->MsiExec.exe /X{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}
Classic Menu 3.x for Office 2007-->"C:\Program Files\Classic Menu for Office\unins000.exe"
DC++ 0.750-->"C:\Paul\Direct C++\DC++\uninstall.exe"
DDR - Digital Picture Recovery 4.0.1.6-->C:\Windows\UnDeployV.exe "C:\Program Files\DDR - Digital Picture Recovery\Deploy.log"
Dekart SIM Manager 2.4-->RunDll32 advpack.dll,LaunchINFSection C:\PROGRA~1\Dekart\SIMMAN~1\meditor.inf, DefaultUninstall
Dekart SIM Reader 3.1-->RunDll32 advpack.dll,LaunchINFSection C:\PROGRA~1\Dekart\SIMREA~1\simrd.inf, DefaultUninstall
deskUNPDF 3 Professional-->C:\ProgramData\{465E445C-2745-4FD0-B818-21ABB78A8627}\deskUNPDF3.exe
Digital Photo Data Recovery-->"C:\Program Files\Digital Photo Data Recovery\Uninstall.exe"
Disney-Pixar Ratatouille-->C:\Program Files\InstallShield Installation Information\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}\setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dragon Hatchery-->"C:\Windows\Dragon Hatchery\uninstall.exe" "/U:C:\Program Files\Dragon Hatchery\Uninstall\uninstall.xml"
EzUSB SmartCard Reader Setup For Windows VISTA 32bit-->MsiExec.exe /X{C0E93E74-1733-482A-A360-4CC392EE10BC}
ffdshow [rev 2019] [2008-06-22]-->"C:\Program Files\ffdshow\unins000.exe"
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
Free Studio version 4.3-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
GSpot Codec Information Appliance-->C:\Program Files\GSpot\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Imaging Device Functions 8.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP OCR Software 8.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
HP Photosmart Essential-->MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B-->C:\Program Files\HP\Digital Imaging\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}\setup\hpzscr01.exe -datfile hposcr19.dat -onestop -showdisconnect -forcereboot
HP Solution Center 8.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
Intel® Network Connections 13.4.22.0-->MsiExec.exe /i{999104C6-AC4B-43D3-B8E2-125C0EEA9A71} ARPREMOVE=1
Intel® Network Connections 13.4.22.0-->MsiExec.exe /i{999104C6-AC4B-43D3-B8E2-125C0EEA9A71} ARPREMOVE=1
iPhone Configuration Utility-->MsiExec.exe /I{FA54AFB1-5745-4389-B8C1-9F7509672ED1}
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
Madagascar-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{0FB261F3-6F16-43FD-A404-F377C169B937}
Magic ISO Maker v5.4 (build 0239)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Go-->MsiExec.exe /X{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}
Media Player Classic - Home Cinema v. 1.3.1249.0-->"C:\Program Files\MPC HomeCinema\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Moleskinsoft Directory Size 2.4-->"C:\Program Files\Moleskinsoft Directory Size 2.4\unins000.exe"
MP3 Player Utilities 4.00-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22}
MP3 Surgeon 2.1-->"C:\Program Files\MP3 Surgeon 2\unins000.exe"
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mystery Case Files - Dire Grove Collector's Edition-->"C:\Windows\Mystery Case Files - Dire Grove Collector's Edition\uninstall.exe" "/U:C:\Program Files\Mystery Case Files - Dire Grove Collector's Edition\Uninstall\uninstall.xml"
Need for Speedâ„¢ Most Wanted-->C:\Program Files\EA GAMES\Need for Speed Most Wanted\EAUninstall.exe
Nero 8-->MsiExec.exe /X{D3AAAEA9-9A0C-4568-8E9D-073497291033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{B83FC356-B7C0-441F-8A4D-D71E088E7974}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PeerBlock 1.0.0 (r181)-->"C:\Program Files\PeerBlock\unins000.exe"
PlayStation®Network Downloader-->MsiExec.exe /X{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}
PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
Privacy Mantra 2.05-->"C:\Program Files\Privacy Mantra 2.05\uninstall.exe"
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
Prototype™-->C:\Program Files\InstallShield Installation Information\{9322A850-9091-4D0E-B252-3E82EDA3D94A}\setup.exe -runfromtemp -l0x0409
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Sage 50 Accounts 2009-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{FC9D0B7B-5D95-411B-B14D-CD074E5CCA4A}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F}
Security Update for Microsoft Office Excel 2007 (KB978382)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6DE3DABF-0203-426B-B330-7287D1003E86}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
SIM Card Editor V1.1-->MsiExec.exe /I{E09B0A57-19E6-40E8-B9D7-5D72BD9A8488}
Sony Ericsson PC Companion 1.60.13-->"C:\Program Files\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe" -runfromtemp -l0x0009 -removeonly
Sony Ericsson PC Suite 6.011.00-->"C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe" -runfromtemp -l0x0009 -removeonly
Sony Vegas Pro 8.0-->MsiExec.exe /X{1246FF64-3035-4A92-8FE6-A968275495EB}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for 2007 Microsoft Office System (KB977724)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CC0E469C-5006-48B9-BBDC-D11B562499B4}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 (KB974561)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0CDDBAA2-2111-4A0E-A1B0-76C40C635331}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb979895)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {D45674C6-9127-4C84-8826-93FBC552DF53}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Window Washer-->C:\Windows\Unwash6.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WSC Real 09-->MsiExec.exe /X{51AA8C3F-B316-44A8-B371-4BB6047E45DF}
X10 Hardware™-->C:\Windows\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
Yophoto Editor-->"C:\Program Files\Yophoto Editor\unins000.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AS: Windows Defender
AS: SUPERAntiSpyware

======System event log======

Computer Name: HomeComputer
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Microsoft-Windows-AutomationAPI-Package-Package-zh-HK-MiniLP(Update) into Install Requested(Install Requested) state
Record Number: 181325
Source Name: Microsoft-Windows-Servicing
Time Written: 20091107191722.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: HomeComputer
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971513_uk-UA(Language Pack) into Install Requested(Install Requested) state
Record Number: 181323
Source Name: Microsoft-Windows-Servicing
Time Written: 20091107191722.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: HomeComputer
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Microsoft-Windows-AutomationAPI-Package-Package-uk-UA-MiniLP(Update) into Install Requested(Install Requested) state
Record Number: 181321
Source Name: Microsoft-Windows-Servicing
Time Written: 20091107191722.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: HomeComputer
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package KB971513_tr-TR(Language Pack) into Install Requested(Install Requested) state
Record Number: 181319
Source Name: Microsoft-Windows-Servicing
Time Written: 20091107191722.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: HomeComputer
Event Code: 4376
Message: Servicing has required reboot to complete the operation of setting package Microsoft-Windows-AutomationAPI-Package-Package-tr-TR-MiniLP(Update) into Install Requested(Install Requested) state
Record Number: 181317
Source Name: Microsoft-Windows-Servicing
Time Written: 20091107191722.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: HomeComputer
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
4 user registry handles leaked from \Registry\User\S-1-5-21-911397221-495934593-2420493742-1000:
Process 2332 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000
Process 2332 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000
Process 2332 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 2332 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner

Record Number: 10912
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080930161916.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: HomeComputer
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
2 user registry handles leaked from \Registry\User\S-1-5-21-911397221-495934593-2420493742-1000_Classes:
Process 916 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000_CLASSES
Process 1700 (\Device\HarddiskVolume1\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Record Number: 10882
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080929213056.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: HomeComputer
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-911397221-495934593-2420493742-1000:
Process 3700 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000
Process 3700 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000
Process 916 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000
Process 3700 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 3700 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner

Record Number: 10881
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080929213055.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: HomeComputer
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-911397221-495934593-2420493742-1000_Classes:
Process 912 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000_CLASSES

Record Number: 10851
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080928221139.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: HomeComputer
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
5 user registry handles leaked from \Registry\User\S-1-5-21-911397221-495934593-2420493742-1000:
Process 4092 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000
Process 4092 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000
Process 912 (\Device\HarddiskVolume1\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000
Process 4092 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner
Process 4092 (\Device\HarddiskVolume1\Program Files\Common Files\Nero\Lib\NMIndexingService.exe) has opened key \REGISTRY\USER\S-1-5-21-911397221-495934593-2420493742-1000\Software\Ahead\Nero Home\MediaLibrary\Scanner

Record Number: 10850
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20080928221138.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

=====Security event log=====

Computer Name: HomeComputer
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: HOMECOMPUTER$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x280
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 45202
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090504104454.076531-000
Event Type: Audit Success
User:

Computer Name: HomeComputer
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Privileges: SeAssignPrimaryTokenPrivilege
SeAuditPrivilege
SeImpersonatePrivilege
Record Number: 45201
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090504104454.014131-000
Event Type: Audit Success
User:

Computer Name: HomeComputer
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: HOMECOMPUTER$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x280
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 45200
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090504104454.014131-000
Event Type: Audit Success
User:

Computer Name: HomeComputer
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 45199
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090504104453.982931-000
Event Type: Audit Success
User:

Computer Name: HomeComputer
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: HOMECOMPUTER$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x280
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 45198
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090504104453.982931-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=4
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Sage SData\;C:\Program Files\Common Files\Sage SBD\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0b
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"UNPDFHOME"=C:\Program Files\Docudesk\deskUNPDF3

-----------------EOF-----------------



Please help

Edited by Orange Blossom, 12 April 2010 - 07:37 PM.


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:16 PM

Posted 16 April 2010 - 01:44 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 AM

Posted 21 April 2010 - 01:31 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users