PDA

View Full Version : registery review


c4real
2009-06-16, 03:20
Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2009-06-15 17:08:32
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 74 GB (64%) free of 114 GB
Total RAM: 495 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:56 PM, on 6/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Y4YNQAW6\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 security-problem.microsoft.com
O1 - Hosts: 94.232.248.66 inetavirus.com
O1 - Hosts: 94.232.248.66 www.inetavirus.com (http://www.inetavirus.com)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: BHO - {BAD4551D-9B24-42cb-9BCD-818CA2DA7B63} - C:\WINNT\system32\iehelper.dll (file missing)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [LXBRKsk] C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/XSL/mb_us/html/activexplayer/SMALStreaming.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp.coupons.com/r3302/cpbrkpie.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.e-centives.com/cif/download/bin/actxcab.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Unknown owner - C:\Program Files\Yahoo!\Antivirus\ISafe.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11791 bytes

======Scheduled tasks folder======

C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\CAAntiSpywareScan_Daily as Owner at 10 27 AM.job
C:\WINNT\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}]
Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll [2004-06-30 28745]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-30 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-05-31 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}]
BHO - C:\WINNT\system32\iehelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-05-30 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F8AD5AA5-D966-4667-9DAF-2561D68B2012} - Viewpoint Toolbar - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll [2004-06-30 897075]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-05-30 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINNT\System32\igfxtray.exe [2003-11-18 155648]
"HotKeysCmds"=C:\WINNT\System32\hkcmd.exe [2003-11-18 118784]
"Gateway Ink Monitor"=C:\Program Files\Gateway Utilities\GWInkMonitor.exe [2003-06-24 303180]
"NeroCheck"=C:\WINNT\System32\NeroCheck.exe [2001-07-09 155648]
"GWMDMMSG"=C:\WINNT\GWMDMMSG.exe [2002-08-06 90112]
"Lexmark 3100 Series"=C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe [2003-09-03 106496]
"LXBRKsk"=C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe [2003-06-13 294912]
"Microsoft Works Update Detection"=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2003-06-07 50688]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-09-27 81920]
"MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2006-01-19 11776]
"CaAvTray"=C:\Program Files\Yahoo!\Antivirus\CAVTray.exe []
"CAVRID"=C:\Program Files\Yahoo!\Antivirus\CAVRID.exe []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"medicsp2"=C:\Program Files\twc\medicsp2\bin\sprtcmd.exe [2007-03-07 198184]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 200704]
"ctfmon.exe"=C:\WINNT\system32\ctfmon.exe [2008-04-13 15360]
"Update Service"=C:\PROGRA~1\COMMON~1\TEKNUM~1\update.exe [2007-09-21 19456]
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [2009-06-14 2356088]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-31 39408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Image Transfer.lnk - C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINNT\system32\igfxsrvc.dll [2003-11-18 323584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINNT\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINNT\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE"="C:\PROGRA~1\Yahoo!\MESSEN~1\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe"="C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Engine"
"C:\WINNT\system32\LEXPPS.EXE"="C:\WINNT\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINNT\system32\rundll32.exe"="C:\WINNT\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINNT\system32\dpvsetup.exe"="C:\WINNT\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Cartoon Network\Ben 10 Bounty Hunters\RT_Multiplayer.exe"="C:\Program Files\Cartoon Network\Ben 10 Bounty Hunters\RT_Multiplayer.exe:*:Enabled:RT_Multi Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-06-15 17:08:32 ----D---- C:\rsit
2009-06-13 06:49:49 ----D---- C:\WINNT\ie8updates
2009-06-13 06:41:48 ----HDC---- C:\WINNT\ie8
2009-06-10 10:23:37 ----HDC---- C:\WINNT\$NtUninstallKB961501$
2009-06-10 10:23:04 ----HDC---- C:\WINNT\$NtUninstallKB969898$
2009-06-10 10:15:54 ----HDC---- C:\WINNT\$NtUninstallKB970238$
2009-06-10 10:13:02 ----HDC---- C:\WINNT\$NtUninstallKB968537$
2009-06-08 16:27:33 ----D---- C:\Program Files\Safari
2009-06-02 17:17:09 ----D---- C:\Documents and Settings\Owner\Application Data\Media Player Classic
2009-06-02 10:04:36 ----D---- C:\Program Files\Trend Micro
2009-06-02 09:46:52 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-06-02 09:46:52 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-05-30 14:27:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google

======List of files/folders modified in the last 1 months======

2009-06-15 17:08:46 ----D---- C:\WINNT\Prefetch
2009-06-15 13:20:45 ----D---- C:\WINNT\CAVTemp
2009-06-15 13:20:20 ----D---- C:\WINNT\Temp
2009-06-15 13:20:20 ----A---- C:\WINNT\FLASHKSK.INI
2009-06-15 10:57:15 ----A---- C:\WINNT\SchedLgU.Txt
2009-06-13 06:55:45 ----AD---- C:\WINNT\system32
2009-06-13 06:55:45 ----AD---- C:\WINNT
2009-06-13 06:55:12 ----D---- C:\WINNT\system32\en-US
2009-06-13 06:55:11 ----RSHD---- C:\WINNT\system32\dllcache
2009-06-13 06:55:11 ----HD---- C:\WINNT\inf
2009-06-13 06:55:11 ----D---- C:\WINNT\Media
2009-06-13 06:55:11 ----D---- C:\WINNT\Help
2009-06-13 06:55:11 ----D---- C:\Program Files\Internet Explorer
2009-06-13 06:54:04 ----D---- C:\WINNT\system32\CatRoot2
2009-06-13 06:51:07 ----HD---- C:\WINNT\$hf_mig$
2009-06-13 06:50:28 ----A---- C:\WINNT\imsins.BAK
2009-06-10 10:30:09 ----SHD---- C:\WINNT\Installer
2009-06-10 10:28:52 ----A---- C:\WINNT\win.ini
2009-06-10 10:13:30 ----D---- C:\WINNT\ie7updates
2009-06-08 20:58:54 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-06-08 20:58:51 ----D---- C:\WINNT\system32\drivers
2009-06-08 20:14:56 ----D---- C:\WINNT\system32\Macromed
2009-06-08 17:34:13 ----D---- C:\Program Files\QuickTime
2009-06-08 17:01:32 ----DC---- C:\WINNT\system32\DRVSTORE
2009-06-08 16:27:33 ----RD---- C:\Program Files
2009-06-05 11:42:38 ----A---- C:\WINNT\system32\usbaaplrc.dll
2009-06-02 16:48:33 ----SD---- C:\WINNT\Downloaded Program Files
2009-06-02 13:57:06 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-06-02 09:47:03 ----D---- C:\Program Files\Adobe
2009-06-02 09:47:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-01 09:51:12 ----A---- C:\WINNT\system32\MRT.exe
2009-06-01 08:34:47 ----D---- C:\Documents and Settings\Owner\Application Data\Google
2009-05-31 18:33:29 ----D---- C:\Program Files\Google
2009-05-21 15:23:18 ----D---- C:\WINNT\system32\CatRoot
2009-05-21 15:00:41 ----D---- C:\WINNT\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Cdr4_xp;Cdr4_xp; C:\WINNT\system32\drivers\Cdr4_xp.sys [2004-11-10 44288]
R1 Cdralw2k;Cdralw2k; C:\WINNT\system32\drivers\Cdralw2k.sys [2004-11-10 24832]
R1 intelppm;Intel Processor Driver; C:\WINNT\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 VETEFILE;VET File Scan Engine; C:\WINNT\system32\drivers\VETEFILE.sys [2007-08-25 879832]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINNT\system32\drivers\VETFDDNT.sys [2006-06-05 15735]
R1 VET-FILT;VET File System Filter; C:\WINNT\system32\drivers\VET-FILT.sys [2006-06-05 21031]
R1 VETMONNT;VET File Monitor; C:\WINNT\system32\drivers\VETMONNT.sys [2006-08-18 26787]
R1 VET-REC;VET File System Recognizer; C:\WINNT\system32\drivers\VET-REC.sys [2006-06-05 15478]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINNT\System32\drivers\ws2ifsl.sys [2003-03-31 12032]
R2 MASPINT;MASPINT; C:\WINNT\system32\drivers\MASPINT.sys [2000-03-29 8096]
R3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINNT\system32\drivers\ialmsbw.sys [2003-11-20 122110]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINNT\system32\drivers\ialmkchw.sys [2003-11-20 99002]
R3 aeaudio;aeaudio; C:\WINNT\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINNT\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINNT\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 GTWModem;GTW V.92 Voicemodem; C:\WINNT\System32\DRIVERS\GWMDM.sys [2002-08-06 1107680]
R3 ialm;ialm; C:\WINNT\System32\DRIVERS\ialmnt5.sys [2003-11-20 95579]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINNT\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 pfc;Padus ASPI Shell; \??\C:\WINNT\System32\drivers\pfc.sys []
R3 smwdm;smwdm; C:\WINNT\system32\drivers\smwdm.sys [2003-03-18 542976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINNT\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINNT\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINNT\system32\drivers\VETEBOOT.sys [2007-08-25 108360]
S3 2WIREPCP;2Wire USB; C:\WINNT\System32\DRIVERS\2WirePCP.sys [2003-04-17 68672]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINNT\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 CCDECODE;Closed Caption Decoder; C:\WINNT\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FarStoneFireWallDrive;FarStoneFireWallDrive; C:\WINNT\System32\Drivers\FarDrive.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINNT\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINNT\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINNT\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlmnt5;Mtlmnt5; C:\WINNT\System32\DRIVERS\Mtlmnt5.sys [2004-08-03 126686]
S3 Mtlstrm;Mtlstrm; C:\WINNT\System32\DRIVERS\Mtlstrm.sys [2004-08-03 1309184]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINNT\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINNT\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NtMtlFax;NtMtlFax; C:\WINNT\System32\DRIVERS\NtMtlFax.sys [2004-08-03 180360]
S3 nv;nv; C:\WINNT\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINNT\system32\drivers\PalmUSBD.sys []
S3 RecAgent;recagent; \??\C:\WINNT\System32\DRIVERS\RecAgent.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINNT\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 Slntamr;SmartLink AMR_PCI Driver; C:\WINNT\System32\DRIVERS\slntamr.sys [2004-08-03 404990]
S3 SlNtHal;SlNtHal; C:\WINNT\System32\DRIVERS\Slnthal.sys [2004-08-03 95424]
S3 SlWdmSup;SlWdmSup; C:\WINNT\System32\DRIVERS\SlWdmSup.sys [2003-01-16 39348]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINNT\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINNT\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usb_rndisx;USB RNDIS Adapter; C:\WINNT\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINNT\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINNT\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINNT\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINNT\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINNT\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINNT\System32\DRIVERS\wanatw4.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINNT\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINNT\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINNT\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-02-23 100032]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 LexBceS;LexBce Server; C:\WINNT\system32\LEXBCES.EXE [2003-08-29 307200]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2); C:\Program Files\twc\medicsp2\bin\sprtsvc.exe [2007-03-07 202280]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S2 CAISafe;CAISafe; C:\Program Files\Yahoo!\Antivirus\ISafe.exe []
S2 SymWSC;SymWMI Service; C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
S2 VETMSGNT;VET Message Service; C:\Program Files\Yahoo!\Antivirus\VetMsg.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-31 182768]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-02-23 2045632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-08-30 53337]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-08-30 53337]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-08-30 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-09-27 69632]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINNT\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-06-15 17:09:04

======Uninstall list======

-->"C:\Program Files\SBC Yahoo!\umuninst.exe" /S
-->C:\WINNT\IsUninst.exe -fC:\WINNT\orun32.isu
-->Dummy
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINNT\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINNT\atmoUn.exe
Adobe Download Manager 2.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 ActiveX-->C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A367C28-423C-48E2-8C76-EBA1171F932A}\apxp.ex_" -l0x9
Adobe Photoshop Elements 2.0-->C:\WINNT\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements 2\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINNT\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~2\Install.log
Ahead Nero BurnRights-->C:\WINNT\UNNeroBurnRights.exe /UNINSTALL
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
Art Explosion Greeting Card Factory Express-->MsiExec.exe /X{AE15D0F7-8C2E-4419-97B4-995ED16FBB4E}
Art Explosion Scrapbook Factory-->MsiExec.exe /X{E432C362-6A71-4E8A-A68A-AE5246520656}
Avatar - Legends of The Arena-->MsiExec.exe /I{ED87CE5E-0890-4016-ADA7-8036BED0BCBB}
Ben 10 Alien Force Bounty Hunters-->MsiExec.exe /X{BC7E9D03-F7B1-4179-AAEC-941D14DF5EF3}
Blackhawk Striker from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\70216ACD-1547-44E5-8966-615BE9569EAD\Uninstall.exe"
Blasterball 2 from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\4AF3F682-FE2A-488D-A11C-A0470A325E93\Uninstall.exe"
Bob the Builder - Bob Builds a Park-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C13AD07-5129-11D5-96DB-AE99AF79C743}\SETUP.EXE" -l0x9
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Bounce Symphony from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\AA4162B8-1BB1-4110-8F93-0092D4DEF122\Uninstall.exe"
Caillou(R) Party Fun & Games(TM)-->C:\Program Files\The Learning Company\Caillou(R) Party Fun & Games(TM)\uninstall.exe
Canon MP Navigator 2.0-->"C:\Program Files\Canon\MP Navigator 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 2.0\uninst.ini
Canon MP500-->"C:\WINNT\system32\CanonMP Uninstaller Information\{BA4DF4C3-196E-4128-969A-00996B5A46F8}\DelDrv.exe" /U:{BA4DF4C3-196E-4128-969A-00996B5A46F8} /L0x0009
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINNT\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Cubis for Pocket PC-->C:\Program Files\Astraware\Cubis for Pocket PC\uninst.exe
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe /uninstall
DIG Game Manager-->C:\PROGRA~1\Disney\DISNEY~1\DIGGAM~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\DIGGAM~1\INSTALL.LOG
DoMore-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E5B26C1E-4751-4F03-BC18-634F41F31EC6}\setup.exe" -l0x9
DVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
Easy-WebPrint-->C:\WINNT\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Excavation from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\ADFCE1E4-A420-437C-998D-EAF04E3601BE\Uninstall.exe"
FaxTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F45298E5-0083-426F-A668-1A2C5F04B8A0}\setup.exe" -l0x9 ControlPanel
Five Card Frenzy from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\97D31CB6-F2B5-4875-B6B0-8AF75AC414DB\Uninstall.exe"
Gateway Ink Monitor-->MsiExec.exe /X{F10082FE-BACB-4E58-A423-DAD6BFC8B3A2}
Gateway Rhapsody-->"C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20BBF229-A337-40AD-9FEB-2C98CDA53D1C /Prompt
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GTW V.92 Voicemodem-->C:\WINNT\GWMDMU.exe verbose
HandyBits ZipNGo-->"C:\Program Files\Common Files\Teknum Systems\tsUninst.exe" "C:\Program Files\HandyBits\ZipNGo\HandyBits ZipNGo.del"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINNT\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINNT\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINNT\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINNT\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINNT\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}\Setup.exe" UNINSTALL
ImageMixer for Sony-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B4AA674-F5CA-4BB5-831A-CD37B4021959}\setup.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINNT\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Intellisync® for Yahoo!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{395131D0-71C3-4411-8DDD-84E7A4EC8754}\Setup.exe" -l0x9 YahooUninstall2
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
JumpStart Advanced School Time-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSSchoolTimeUn.exe
JumpStart Art Time-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\JSArtTimeUn.exe
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Lexmark 3100 Series-->C:\WINNT\System32\spool\drivers\w32x86\3\LXBRUN5C.EXE -dLexmark 3100 Series
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Magic 3D Coloring Book Amazing Animals-->C:\WINNT\IsUninst.exe -f"C:\Program Files\IBM and Crayola\Amazing Animals\Uninst.isu"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINNT\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINNT\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINNT\muninst.exe C:\WINNT\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINNT\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Learning and Research Plus Support Files-->MsiExec.exe /I{00000000-3976-4267-9F39-1DC4745090B7}
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft National Language Support Downlevel APIs-->"C:\WINNT\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Small Business Edition 2003-->MsiExec.exe /I{91CA0409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Express 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE130}
Microsoft Picture It! Photo Premium 9-->C:\WINNT\System32\msiexec.exe /i {DBA8B9E1-C6FF-4624-9598-73D3B41A0903}
Microsoft Streets and Trips 2004-->MsiExec.exe /I{8704D51E-25B7-4F23-81E7-AA4F54790210}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINNT\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Works 2004 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe d:\
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{33BEE6F3-9987-4F98-A069-97A64EC8321A}
Microsoft Works-->MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}
MicroStaff WINASPI-->C:\MWASPI\uninst.exe
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
Mr. Robot (remove only)-->"C:\Program Files\Yahoo! Games\Mr. Robot\Uninstall.exe"
MSN Internet Software-->C:\Program Files\MSN\MSNCoreFiles\Setup\msnunin.exe
MSN Messenger 5.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314B00527}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton WMI Update-->MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
Office 2003 Setup Files-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BD74F5D-4089-4064-B6AF-8E8A93022650}\setup.exe" -l0x9
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
OpenMG Limited Patch 4.3-05-10-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.3-05-10-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.3.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F5E4C38C-73BC-4D44-8BFC-969C2B4DABCA} UNINSTALL
Orbital from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BECB8A74-E07D-44A1-813D-1E390EB3047B\Uninstall.exe"
Otto from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5A137FCB-35EA-4849-8239-AFEBD2F45B3B\Uninstall.exe"
Overball from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A375E2C6-77CA-4F2F-AB6F-CD0A96D87B24\Uninstall.exe"
Palm Bluetooth ActiveSync Plug-in-->MsiExec.exe /X{CEAB0A77-E60B-40C3-A58A-7304177C6CC8}
Pencil-Pal Preschool-->C:\WINNT\unvise32.exe C:\Program Files\sz8080_6\uninstal.log
Picsel File Viewer-->C:\Program Files\Microsoft ActiveSync\picsel-2006-01-01-16-47-11\ifv\PicselUninstall.exe
Polar Bowler from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C4D2212B-5331-470D-9BF7-96DB25A398C7\Uninstall.exe"
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Road Runner Medic 6.1-->"C:\Program Files\twc\medicsp2\unins000.exe"
Safari-->MsiExec.exe /I{0A9C92A5-D27F-4BD9-9DB9-0EFD8C681E29}
SBC Yahoo! DSL Home Networking Installer-->C:\Program Files\2Wire\Uninstaller.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINNT\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINNT\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINNT\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINNT\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINNT\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINNT\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINNT\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINNT\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINNT\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINNT\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINNT\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINNT\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINNT\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINNT\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINNT\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINNT\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINNT\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINNT\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINNT\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINNT\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINNT\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINNT\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINNT\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINNT\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINNT\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINNT\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINNT\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINNT\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINNT\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINNT\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINNT\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINNT\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINNT\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINNT\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINNT\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINNT\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINNT\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINNT\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINNT\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINNT\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINNT\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINNT\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINNT\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINNT\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINNT\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINNT\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINNT\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINNT\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINNT\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINNT\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINNT\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINNT\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINNT\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINNT\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINNT\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINNT\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINNT\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINNT\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINNT\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINNT\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINNT\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINNT\$NtUninstallKB970238$\spuninst\spuninst.exe"
Shockwave-->C:\WINNT\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINNT\system32\Macromed\SHOCKW~1\Install.log
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slyder from Gateway (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\618CD711-AFB3-4EB4-9B48-ABD2AB370B21\Uninstall.exe"
Smart Link 56K Modem-->C:\WINNT\Modio\SLAMR2KO\Setup.exe /Remove
SonicStage 3.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Sprint PCS Business Connection Personal Edition-->"C:\Program Files\Sprint\PCS Business Connection\Uninstall.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Stitch's Blazing Lasers-->C:\PROGRA~1\Disney\DISNEY~1\STITCH~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\STITCH~1\INSTALL.LOG
Treo 700w User Guide-->MsiExec.exe /X{E962D5C3-6356-450D-AD38-471B3EA3923D}
TrueSwitch Wizard SBC-->C:\Program Files\TrueSwitchSBC\TrueWizard.exe -uninstall
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINNT\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINNT\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINNT\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINNT\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINNT\$NtUninstallKB967715$\spuninst\spuninst.exe"
VeryPDF PDF2Word v3.0-->"C:\Program Files\VeryPDF PDF2Word v3.0\unins000.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarInstaller.exe /u /k
Windows Internet Explorer 8-->"C:\WINNT\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINNT\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB894476-->"C:\WINNT\$NtUninstallKB894476$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINNT\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player 9 Hotfix [See KB885492 for more information]-->C:\WINNT\$NtUninstallKB885492$\spuninst\spuninst.exe
Windows XP Service Pack 3-->"C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Hosts File======

127.0.0.1 localhost
::1 localhost
94.232.248.66 security-problem.microsoft.com
94.232.248.66 inetavirus.com
94.232.248.66 www.inetavirus.com (http://www.inetavirus.com)
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com

======Security center information======

AV: Anti-Virus - SBC Yahoo! Online Protection

======System event log======

Computer Name: CRESPO
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000CF1869933. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 12
Source Name: Dhcp
Time Written: 20081103110148.000000-480
Event Type: warning
User:

Computer Name: CRESPO
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 11
Source Name: Tcpip
Time Written: 20081102123538.000000-480
Event Type: warning
User:

Computer Name: CRESPO
Event Code: 10010
Message: The server {D0AAD3D6-EB93-4363-A24E-2C3D80CDBAC7} did not register with DCOM within the required timeout.

Record Number: 6
Source Name: DCOM
Time Written: 20081102110448.000000-480
Event Type: error
User: CRESPO\Jennifer

Computer Name: CRESPO
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000CF1869933. The following
error occurred:
The semaphore timeout period has expired.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 5
Source Name: Dhcp
Time Written: 20081102110313.000000-480
Event Type: warning
User:

Computer Name: CRESPO
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 000CF1869933. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 4
Source Name: Dhcp
Time Written: 20081102110236.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: CRESPO
Event Code: 1013
Message: Product: iTunes -- There is a problem with this Windows Installer package. A program required for this install to complete could not be run. Contact your support personnel or package vendor.

Record Number: 15770
Source Name: MsiInstaller
Time Written: 20090301194328.000000-480
Event Type: error
User: CRESPO\Jennifer

Computer Name: CRESPO
Event Code: 1001
Message: Detection of product '{41B9E2CF-0B3F-442A-B5B3-592A4A355634}', feature 'iTunes' failed during request for component '{E8A1D3E2-F5D3-4B24-AB93-52F7E602A235}'

Record Number: 15695
Source Name: MsiInstaller
Time Written: 20020204220735.000000-480
Event Type: warning
User: CRESPO\Owner

Computer Name: CRESPO
Event Code: 1004
Message: Detection of product '{41B9E2CF-0B3F-442A-B5B3-592A4A355634}', feature 'iTunes', component '{EDC78402-7A24-11DD-ABFC-457355D89593}' failed. The resource 'HKEY_CURRENT_USER\SOFTWARE\Apple Computer, Inc.\iTunes\SM Shortcut Installed' does not exist.

Record Number: 15694
Source Name: MsiInstaller
Time Written: 20020204220735.000000-480
Event Type: warning
User: CRESPO\Owner

Computer Name: CRESPO
Event Code: 1002
Message: Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 15683
Source Name: Application Hang
Time Written: 20020204215543.000000-480
Event Type: error
User:

Computer Name: CRESPO
Event Code: 1002
Message: Hanging application AcroRd32.exe, version 8.1.0.137, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 15682
Source Name: Application Hang
Time Written: 20020204215543.000000-480
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip

-----------------EOF-----------------


http://forums.spybot.info/showthread.php?p=316423#post316423
pskelley
2009-06-17, 16:48
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance) http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

You must have read and followed the "Before you Post" instructions.

You understand Shaba closed the thread because you did not respond to his last post for four or more days. I would also like to mention that when you post here, there should be a malware reason and it helps if you tell us what it is, describe any symptoms, post error messages, etc.

Did you have anything to do with adding these items to your hosts file?
O1 - Hosts: 94.232.248.66 security-problem.microsoft.com
O1 - Hosts: 94.232.248.66 inetavirus.com
O1 - Hosts: 94.232.248.66 wXXXw.inetavirus.com << rouge link

If you wish to continue, we will start our search like this.

1) Please DO NOT ENABLE Spybot S&D TeaTimer while we work together.

2) A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use

Download ComboFix from here:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://i24.photobucket.com/albums/c30/ken545/RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i24.photobucket.com/albums/c30/ken545/whatnext.jpg

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Tutorial if needed
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

3) Post also an uninstall list: Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
Image: http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg

Thanks...Phil
pskelley
2009-06-23, 12:34
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.