Virtumonde.generic removal help needed

[Marty398]

Spybot could not remove 2 instances of Virtumonde.generic. I have read and agree with the procedures.

Thanks for your help.

Here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:29, on 2008-12-31
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r302.regserver.com/webreg?surveyID=WEIZRG456H&langCD=ENU&Begin=Begin&LPN=2000&INI_Preload_Channel10400=&INI_Preload_Build_Number10401=SP%2D0259%2D001%2D00xx&INI_Preload_Platform10402=WIN&INI_Preload_Licenses10403=&INI_Preload_Language10435=ENG&INI_Preload_Product_Code10404=&INI_Preload_version10188=8.0&INI_Preload_Classification10405=&INI_Preload_Serial_Num10116=6809AP56001001&ConnType=lan
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1230694775453
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 10096 bytes

[Shaba]

Hi Marty398

Please post next spybot report

[Marty398]

Hi Marty398

Please post next spybot report

I am not sure exactly what you mean by "next spybot report". I ran Spybot Search and Destroy again but the log was too long to post. Hopefully that is not what you need.

I also ran HijackThis again and have pasted that new log below.

Thanks for your help!

Marty
--------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15, on 2009-01-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r302.regserver.com/webreg?sur...1&ConnType=lan
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1230694775453
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 10186 bytes

[Shaba]

Please do this:

Produce a short log (showing items flagged)

* Open SpyBot.
* Check for problems.
* When the scan completes, right click on the results list, select "Copy results to clipboard".
* Paste (Ctrl+V) those results into a new post.

[Marty398]

Here is the report as requested.
----------

Hint of the Day: Click the bar at the right of this to see more information! ()


Virtumonde.generic: [SBI $6C003E72] User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

Virtumonde.generic: [SBI $6C003E72] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

Log: Activity: COM+.log (Backup file, nothing done)
C:\WINDOWS\COM+.log

Log: Activity: SchedLgU.Txt (Backup file, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: imsins.log (Backup file, nothing done)
C:\WINDOWS\imsins.log

Log: Activity: OEWABLog.txt (Backup file, nothing done)
C:\WINDOWS\OEWABLog.txt

Log: Activity: ntbtlog.txt (Backup file, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: comsetup.log (Backup file, nothing done)
C:\WINDOWS\comsetup.log

Log: Install: Directx.log (Backup file, nothing done)
C:\WINDOWS\Directx.log

Log: Install: ocgen.log (Backup file, nothing done)
C:\WINDOWS\ocgen.log

Log: Install: setupact.log (Backup file, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Backup file, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: setuplog.txt (Backup file, nothing done)
C:\WINDOWS\setuplog.txt

Log: Install: svcpack.log (Backup file, nothing done)
C:\WINDOWS\svcpack.log

Log: Install: wmsetup.log (Backup file, nothing done)
C:\WINDOWS\wmsetup.log

Log: Install: DtcInstall.log (Backup file, nothing done)
C:\WINDOWS\DtcInstall.log

Log: Shutdown: System32\wbem\logs\mofcomp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\mofcomp.log

Log: Shutdown: System32\wbem\logs\setup.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\setup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wbemprox.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemprox.log

Log: Shutdown: System32\wbem\logs\wbemsnmp.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemsnmp.log

Log: Shutdown: System32\wbem\logs\winmgmt.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\winmgmt.log

Log: Shutdown: System32\wbem\logs\wmiadap.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiadap.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Gabest Media Player Classic: [SBI $E81D76E1] Last captured file (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Gabest\Media Player Classic\Capture\FileName

Internet Explorer: [SBI $1E8157BE] Typed URL list (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_SARAH\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $FF589D0C] Download directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Internet Explorer\Download Directory

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Java Runtime Engine: [SBI $7D54008C] Temporary file () (File, nothing done)
C:\Documents and Settings\Jeff\plugin131.trace

MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_SARAH\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $E48560B4] Recent file list (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_SARAH\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $E48560B4] Recent file list (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $735D57D7] Recent open directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir

MS Media Player: [SBI $D8642806] Application data file (global) () (File, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

MS Media Player: [SBI $8E65C0EE] Last opened playlist (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

MS Media Player: [SBI $1BDA487B] Last selected track index (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Office 10.0: [SBI $A0473B14] Access recent file (1 files) (Registry key, nothing done)
HKEY_USERS\PE_C_SARAH\Software\Microsoft\Office\10.0\Access\Settings

MS Office 10.0: [SBI $A0473B14] Access recent file (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Office\10.0\Access\Settings

MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Office\10.0\Word\Data\Settings

MS Office 10.0 (Word): [SBI $E97870AB] Disabled items history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Office\10.0\Word\Resiliency\DisabledItems

MS Office 10.0 (Excel): [SBI $16D8675C] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Office\10.0\Excel\Recent Files

MS Frontpage: [SBI $852712DF] Recent web list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent Web List

MS Frontpage: [SBI $7E259C81] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Recent File List

MS Frontpage: [SBI $EA3EB68E] Last opened web (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\FrontPage\Explorer\FrontPage Explorer\Settings\LastWebOpen

MS Paint: [SBI $07867C39] Recent file list (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

MS Search Assistant: [SBI $AE0C4647] Typed search terms history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Search Assistant\ACMru

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $072F2E80] Open with list - .ACD extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ACD\OpenWithList

Windows.OpenWith: [SBI $6CBE8CD7] Open with list - .ASP extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASP\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (4 files) (Registry key, nothing done)
HKEY_USERS\PE_C_SARAH\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $691C1B44] Open with list - .BIN extension (4 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows.OpenWith: [SBI $F34FE1D0] Open with list - .CUE extension (2 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (500 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $7308A845] Run history (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $7308A845] Run history (5 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (2 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (5 files) (Registry key, nothing done)
HKEY_USERS\PE_C_SARAH\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $AA0766B5] Stream history (86 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (8 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (6 files) (Registry key, nothing done)
HKEY_USERS\PE_C_SARAH\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (11 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (1 files) (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (24 files) (Registry key, nothing done)
HKEY_USERS\PE_C_ADMINISTRATOR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (45 files) (Registry key, nothing done)
HKEY_USERS\PE_C_SARAH\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (399 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (8 files) (Registry key, nothing done)
HKEY_USERS\PE_C_SARAH\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $B7EBA926] Last visited history (26 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $A59A1C0A] Recent exe file list (3 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\WinRAR\DialogEditHistory\ArcName

WinRAR: [SBI $B84F9965] Last used directory (Registry change, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\WinRAR\General\LastFolder

WinRAR: [SBI $B510882E] Extraction directory history (1 files) (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2612691975-1315862730-3704373550-1005\Software\WinRAR\DialogEditHistory\ExtrPath

Cookie: [SBI $49804B54] Cookie (228) (Cookie, nothing done)


Cache: [SBI $49804B54] Cache (2953) (Cache, nothing done)


History: [SBI $49804B54] History (282) (History, nothing done)


Cookie: [SBI $49804B54] Cookie (13) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-12-31 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2008-11-04 Includes\Adware.sbi (*)
2008-12-29 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-29 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2008-12-16 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti (*)
2008-12-29 Includes\Trojans.sbi (*)
2008-12-29 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

[Shaba]

Two first are likely leftovers.

Let's check if there is more:

• Download random''s system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

[Marty398]

Logfile of random's system information tool 1.05 (written by random/random)
Run by Jeff at 2009-01-07 06:56:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (14%) free of 76 GB
Total RAM: 1022 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:56, on 2009-01-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Documents and Settings\Jeff\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jeff.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r302.regserver.com/webreg?sur...1&ConnType=lan
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1230694775453
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

--
End of file - 10172 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
C:\WINDOWS\tasks\bxyhvwpl.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2008-11-24 445560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"=C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [2005-02-15 57344]
"Windows Media Connect 2"=C:\Program Files\Windows Media Connect 2\WMCCFG.exe [2006-10-18 8704]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"P17Helper"=Rundll32 P17.dll []
"OneTouch Monitor"=C:\Program Files\Visioneer OneTouch\OneTouchMon.exe [2002-09-24 86016]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2006-10-16 1197648]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-01-11 623992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Creative Detector"=C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe [2004-12-02 102400]
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe [2000-07-13 28739]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
"ATI Launchpad"=C:\Program Files\ATI Multimedia\main\launchpd.exe [2003-09-02 106574]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2004-01-20 335872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero MediaHome]
C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe [2007-12-13 5047592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2008-01-20 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spywareguard]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tunebite]
C:\Program Files\RapidSolution\Tunebite\Tunebite.exe [2008-04-24 6366512]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe"="C:\Program Files\Anonymizer\Anonymizer Software\Common\AnonProxy.exe:*:Enabled:AnonProxy"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\BitPim\bitpimw.exe"="C:\Program Files\BitPim\bitpimw.exe:*:Enabled:Open Source Mobile Phone Tool"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Nero\Nero8\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome (1)"
"C:\Program Files\Nero\Nero8\Nero MediaHome\NMMediaServer.exe"="C:\Program Files\Nero\Nero8\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome (2)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\drivers\svchost.exe"="C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer"
"C:\Program Files\MySpace\IM\MySpaceIM.exe"="C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\40T7Lilo.exe"="C:\WINDOWS\system32\40T7Lilo.exe:*:Enabled:40T7Lilo"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\Documents and Settings\Jeff\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\Jeff\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-01-07 06:56:20 ----DC---- C:\rsit
2009-01-04 22:43:26 ----D---- C:\WINDOWS\LastGood
2008-12-31 21:28:48 ----D---- C:\Program Files\Trend Micro
2008-12-30 23:53:56 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-12-30 23:53:53 ----D---- C:\Program Files\Alwil Software
2008-12-30 23:21:31 ----D---- C:\Program Files\Wise Disk Cleaner
2008-12-30 23:20:52 ----D---- C:\Program Files\Wise Registry Cleaner 3
2008-12-30 22:29:23 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-30 22:29:23 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-30 22:29:23 ----A---- C:\WINDOWS\system32\java.exe
2008-12-30 22:10:40 ----DC---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-12-30 21:52:01 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-30 21:51:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-30 21:51:11 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-30 21:50:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-30 21:39:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-30 21:24:52 ----DC---- C:\cmdcons
2008-12-30 21:22:16 ----A---- C:\WINDOWS\zip.exe
2008-12-30 21:22:16 ----A---- C:\WINDOWS\VFIND.exe
2008-12-30 21:22:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-30 21:22:16 ----A---- C:\WINDOWS\SWSC.exe
2008-12-30 21:22:16 ----A---- C:\WINDOWS\SWREG.exe
2008-12-30 21:22:16 ----A---- C:\WINDOWS\sed.exe
2008-12-30 21:22:16 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-30 21:22:16 ----A---- C:\WINDOWS\grep.exe
2008-12-30 21:22:16 ----A---- C:\WINDOWS\fdsv.exe
2008-12-30 21:22:09 ----DC---- C:\ComboFix
2008-12-30 21:22:08 ----A---- C:\WINDOWS\system32\CF31001.exe
2008-12-30 21:18:15 ----DC---- C:\Qoobox
2008-12-30 21:18:15 ----D---- C:\WINDOWS\ERDNT
2008-12-29 23:31:34 ----A---- C:\WINDOWS\wininit.ini
2008-12-29 22:36:54 ----D---- C:\Documents and Settings\Jeff\Application Data\Malwarebytes
2008-12-29 22:02:03 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-29 22:02:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-27 23:17:36 ----D---- C:\WINDOWS\pss
2008-12-27 21:50:35 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-25 23:44:30 ----A---- C:\WINDOWS\system32\37cd2ad4-.txt
2008-12-25 23:17:22 ----D---- C:\Documents and Settings\Jeff\Application Data\Gamelab
2008-12-25 23:15:12 ----D---- C:\Program Files\Brighter Minds Media
2008-12-24 21:10:26 ----A---- C:\WINDOWS\system32\40T7Lilo.exe
2008-12-17 17:34:42 ----D---- C:\Program Files\Virtual Piano
2008-12-13 14:26:09 ----D---- C:\Program Files\iPod
2008-12-13 14:26:01 ----DC---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 14:26:01 ----D---- C:\Program Files\iTunes
2008-12-12 23:51:29 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2008-12-12 23:37:59 ----D---- C:\Program Files\MagicDVDRipper
2008-12-12 17:17:09 ----D---- C:\Program Files\DVD Shrink
2008-12-11 22:55:41 ----A---- C:\WINDOWS\msoffice.ini
2008-12-08 21:44:30 ----DC---- C:\Documents and Settings\All Users\Application Data\DVD Shrink

======List of files/folders modified in the last 1 months======

2009-01-07 06:56:15 ----D---- C:\WINDOWS\Prefetch
2009-01-07 06:54:20 ----D---- C:\Program Files\Mozilla Firefox
2009-01-07 06:35:49 ----D---- C:\WINDOWS\temp
2009-01-07 05:54:07 ----D---- C:\WINDOWS\system32
2009-01-07 01:01:29 ----D---- C:\Documents and Settings\Jeff\Application Data\Orbit
2009-01-07 00:54:18 ----DC---- C:\Downloads
2009-01-07 00:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-06 00:50:03 ----A---- C:\WINDOWS\win.ini
2009-01-06 00:50:03 ----A---- C:\WINDOWS\system.ini
2009-01-05 18:11:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-04 22:43:26 ----AD---- C:\WINDOWS
2009-01-04 21:47:16 ----D---- C:\WINDOWS\Registration
2009-01-04 21:46:18 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-31 21:28:48 ----RD---- C:\Program Files
2008-12-31 21:22:35 ----D---- C:\Program Files\BitLord
2008-12-31 18:25:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-31 18:11:56 ----AHD---- C:\WINDOWS\inf
2008-12-31 18:10:27 ----D---- C:\WINDOWS\system32\config
2008-12-31 00:13:23 ----D---- C:\WINDOWS\system32\drivers
2008-12-31 00:12:00 ----D---- C:\Documents and Settings\All Users\Application Data\avg7
2008-12-30 23:40:19 ----SHD---- C:\WINDOWS\Installer
2008-12-30 23:39:18 ----SHDC---- C:\Config.Msi
2008-12-30 22:40:34 ----D---- C:\WINDOWS\system
2008-12-30 22:40:05 ----D---- C:\Documents and Settings\Jeff\Application Data\AVG7
2008-12-30 22:29:21 ----D---- C:\Program Files\Java
2008-12-30 22:05:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-30 22:04:53 ----A---- C:\WINDOWS\imsins.BAK
2008-12-30 21:56:49 ----D---- C:\Program Files\Internet Explorer
2008-12-30 21:55:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-30 21:54:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-30 21:48:56 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-30 21:39:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-30 21:36:07 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-30 21:25:04 ----RASHC---- C:\boot.ini
2008-12-30 21:14:23 ----RHDC---- C:\$VAULT$.AVG
2008-12-30 00:47:57 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-30 00:34:41 ----AC---- C:\Boot.bak
2008-12-29 23:59:45 ----D---- C:\Program Files\Yahoo!
2008-12-29 23:59:31 ----AC---- C:\YServer.txt
2008-12-29 23:50:10 ----D---- C:\Program Files\Common Files
2008-12-29 23:50:02 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-29 23:39:34 ----D---- C:\Program Files\Microsoft Office
2008-12-29 23:38:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-29 23:20:14 ----D---- C:\Program Files\Adobe
2008-12-29 23:20:13 ----D---- C:\Program Files\Common Files\Adobe
2008-12-29 22:09:41 ----D---- C:\WINDOWS\system32\Restore
2008-12-29 22:02:02 ----D---- C:\Documents and Settings\Jeff\Application Data\Tunebite
2008-12-29 21:45:06 ----AC---- C:\Log.txt
2008-12-29 20:08:51 ----SHD---- C:\RECYCLER
2008-12-27 22:54:40 ----DC---- C:\Documents and Settings
2008-12-27 02:51:38 ----D---- C:\Program Files\Bonjour
2008-12-25 23:38:54 ----SD---- C:\WINDOWS\Tasks
2008-12-24 00:49:44 ----D---- C:\Documents and Settings\Jeff\Application Data\LimeWire
2008-12-24 00:44:00 ----DC---- C:\Converted Audio Files
2008-12-13 14:26:07 ----D---- C:\Program Files\Common Files\Apple
2008-12-13 14:23:19 ----D---- C:\Program Files\QuickTime
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-11 22:51:19 ----D---- C:\Program Files\Disaffected
2008-12-11 22:49:57 ----D---- C:\Program Files\MySpace
2008-12-11 22:45:39 ----SD---- C:\Documents and Settings\Jeff\Application Data\Microsoft
2008-12-11 22:45:39 ----DC---- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-12-08 22:40:37 ----D---- C:\Program Files\Total Video Converter
2008-12-08 22:07:40 ----AD---- C:\WINDOWS\EHome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;SB Live! 24-bit; C:\WINDOWS\system32\drivers\P17.sys [2007-06-15 1127936]
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2008-02-20 27936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 afi8gi9s;afi8gi9s; C:\WINDOWS\system32\drivers\afi8gi9s.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
S3 Amsmpu4p;Amsmpu4p; \??\C:\DOCUME~1\Jeff\LOCALS~1\Temp\Amsmpu4p.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2002-02-13 1171584]
S3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys [2002-02-13 166419]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 RT73;Belkin USB Network Adapter; C:\WINDOWS\System32\DRIVERS\rt73.sys [2005-08-02 232192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2002-02-13 594032]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [1999-12-12 44032]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-01-06 654848]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

[Marty398]

info.txt logfile of random's system information tool 1.05 2009-01-07 06:56:54

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\Setup.exe" /S /U /W
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34EBD418-B8E6-4E86-89C4-33B72CF5663F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{52338F65-A1C3-4CDC-B733-50051682B297}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{569A9538-86EC-44C3-8EE4-C68B165F2A75}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5B17E626-7885-4FC3-A66A-73548A4F01FD}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73919E2B-725C-4FAA-8473-45E063A3575F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD6928A2-9F8F-4AA7-9A3A-FD4A271712EE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB99E420-8071-48F9-9567-4A53BE7569C4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE4A4C48-2232-4CCB-AD61-490ACD29BA85}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acoustica Beatcraft-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~3\UNWISE.EXE C:\PROGRA~1\ACOUST~3\INSTALL.LOG
Acoustica MP3 To Wave Converter PLUS-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe Acrobat 8.1.2 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe PhotoDeluxe Home Edition 4.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PhotoDeluxe Home Edition 4.0\Uninst.isu"
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI DVD Decoder 2.2.0.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{45D228AA-4284-467A-9DB6-942B92BFF656} /l1033
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
ATI Multimedia Center 8.6.0.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{B7DC0CAF-0D27-4ACE-8E34-8594C8D7C1DB} /l1033
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Axis & Allies-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{47836B39-2465-4F39-9D7E-52F70A1C3D72}\SETUP.EXE" -l0x9
BioWare Premium Module: Neverwinter Nights(TM) Kingmaker-->C:\NeverwinterNights\NWN\premium\uninst Neverwinter Nights(TM) Kingmaker.exe
BitPim 1.0.5-->"C:\Program Files\BitPim\unins000.exe"
Canon iP1800 series-->"C:\WINDOWS\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-LayoutPrint-->C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Conexant SoftK56 Modem(M)-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D8B155D\HXFSETUP.EXE -U -IVEN_14F1&DEV_2F00&SUBSYS_200214F1
Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe
CopyTrans Suite (remove only)-->"C:\Program Files\WindSolutions\CopyTrans Suite\uninstall.exe"
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD to VCD AVI DivX Converter v3.2 (build 069)-->C:\PROGRA~1\MAGICD~1\UNWISE.EXE C:\PROGRA~1\MAGICD~1\INSTALL.LOG
E-Tools-->C:\Program Files\Wizards of the Coast\eTools\uninstall.exe
eTools-->MsiExec.exe /I{513627E7-A590-4A20-A7D5-F5A58E5B363F}
FoxyTunes for Firefox-->"C:\Program Files\Mozilla Firefox\firefox.exe" -chrome chrome://foxytunes/content/extras/uninstallExtension.xul
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ICQ-->C:\PROGRA~1\ICQ\ICQUninstall.EXE
iPod PC Transfer 2.4-->"C:\Program Files\iPod PC Transfer\unins000.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
Java 2 Runtime Environment Standard Edition v1.3.1_02-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_02\Uninst.isu"
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kazoo Player-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LightWork Design\Kazoo Player\Uninst.isu"
K-Lite Mega Codec Pack 3.7.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Magic Set Editor 2 - 0.3.5b beta-->"C:\Program Files\Magic Set Editor 2\unins000.exe"
Majesty - The Northern Expansion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8B743FD-0C42-441E-8C22-70435C53C60B}\setup.exe"
Majesty-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEAF3507-FCB3-11D2-850C-00C0F01410B1}\setup.exe" -uninst
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MediaInfo 0.7.5.7-->C:\Program Files\MediaInfo\uninst.exe
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 6.0-->MsiExec.exe /I{F8D0829C-9C6F-11D3-8080-00C04FA329AA}
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Motorola Driver Installation 3.2.0-->MsiExec.exe /I{D6A1E429-CCE1-4140-A615-710B806D12BA}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 8-->MsiExec.exe /X{5FCCD531-1B38-4A94-924C-127F722F1033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Neverwinter Nights-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\setup.exe" -l0x9
OneTouch Version 3.0-->C:\PROGRA~1\VISION~1\UNWISE.EXE C:\PROGRA~1\VISION~1\INSTALL.LOG
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PixiePack Codec Pack-->MsiExec.exe /I{61E3FE32-07B9-4563-A3E0-2DE2D620FE10}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickTime 3.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\QuickTime\DeIsL1.isu" -c"C:\WINDOWS\system32\QTUninst.dll
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Rapture 1.0-->"C:\Program Files\Cakewalk\Rapture\unins000.exe"
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Reason 4.0-->"C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"
RON Tool Cpmsky-->C:\WINDOWS\system32\bcorisjdehmtll.exe
Samsung Video Codec 1.2.5006 Uninstall-->C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_SEDG 132 C:\WINDOWS\INF\install.inf
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913433)-->C:\WINDOWS\System32\MacroMed\Flash\genuinst.exe C:\WINDOWS\System32\MacroMed\Flash\KB913433.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sony ACID Pro 6.0-->MsiExec.exe /X{87DABCF7-2C38-4996-8FBE-053CA6536168}
Sony Media Manager 2.2-->MsiExec.exe /X{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}\SETUP.EXE" -l0x9 /remove
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Studio Instruments 1.0-->"C:\Program Files\Cakewalk\Studio Instruments\unins000.exe"
The X-Files-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fox\The X-Files\Uninst.isu"
Top Chef-->"C:\Program Files\Brighter Minds Media\Top Chef\Uninstall.exe" "C:\Program Files\Brighter Minds Media\Top Chef\install.log" -u
Total Video Converter 3.12 080330-->"C:\Program Files\Total Video Converter\unins000.exe"
Tunebite-->MsiExec.exe /I{1B3D74CC-6C96-46CD-8D1F-780AC85A9DB5}
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Piano 3.0-->"C:\Program Files\Virtual Piano\unins000.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Backup Utility-->MsiExec.exe /I{76EFFC7C-17A6-479D-9E47-8E658C1695AE}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Wise Disk Cleaner 3.74-->"C:\Program Files\Wise Disk Cleaner\unins000.exe"
Wise Registry Cleaner 3 Free 3.82-->"C:\Program Files\Wise Registry Cleaner 3\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 090106-1]

System event log

Computer Name: JEFFS-SYSTEM
Event Code: 257
Message: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow"

Record Number: 108726
Source Name: PlugPlayManager
Time Written: 20081227233418.000000-360
Event Type: warning
User:

Computer Name: JEFFS-SYSTEM
Event Code: 257
Message: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow"

Record Number: 108725
Source Name: PlugPlayManager
Time Written: 20081227233418.000000-360
Event Type: warning
User:

Computer Name: JEFFS-SYSTEM
Event Code: 257
Message: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow"

Record Number: 108724
Source Name: PlugPlayManager
Time Written: 20081227233418.000000-360
Event Type: warning
User:

Computer Name: JEFFS-SYSTEM
Event Code: 257
Message: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow"

Record Number: 108723
Source Name: PlugPlayManager
Time Written: 20081227233418.000000-360
Event Type: warning
User:

Computer Name: JEFFS-SYSTEM
Event Code: 257
Message: Timed out sending notification of target device change to window of "WndClass_CWinDrivesNotifyerHelperWindow"

Record Number: 108722
Source Name: PlugPlayManager
Time Written: 20081227233418.000000-360
Event Type: warning
User:

Application event log

Computer Name: YOUR-CN2CCRVZT0
Event Code: 1
Message:
Record Number: 887
Source Name: Bonjour Service
Time Written: 20080322120515.000000-300
Event Type: information
User:

Computer Name: YOUR-CN2CCRVZT0
Event Code: 1
Message:
Record Number: 886
Source Name: AVGEMS
Time Written: 20080322120514.000000-300
Event Type: information
User:

Computer Name: YOUR-CN2CCRVZT0
Event Code: 105
Message: The service was started.

Record Number: 885
Source Name: Creative Service for CDROM Access
Time Written: 20080322120513.000000-300
Event Type: information
User:

Computer Name: YOUR-CN2CCRVZT0
Event Code: 1
Message:
Record Number: 884
Source Name: Avg7UpdSvc
Time Written: 20080322120509.000000-300
Event Type: information
User:

Computer Name: YOUR-CN2CCRVZT0
Event Code: 105
Message: The service was started.

Record Number: 883
Source Name: ATI Smart
Time Written: 20080322120505.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

[Shaba]

Go to Start > Run
Type regedit and click OK.

• On the leftside, click to highlight My Computer at the top.
• Go up to "File > Export"
  
  • Make sure in that window there is a tick next to "All" under Export Branch.
  • Leave the "Save As Type" as \Registration Files".
  • Under "Filename" put backup
• Choose to save it to C:\ or in somewhere else safe location so that you will remember where you put it (don't put it on the Desktop!)
• Click Save and then go to File > Exit.

Please download the OTMoveIt3 by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  Code:

  :files
  C:\WINDOWS\tasks\At1.job
  C:\WINDOWS\tasks\At10.job
  C:\WINDOWS\tasks\At11.job
  C:\WINDOWS\tasks\At12.job
  C:\WINDOWS\tasks\At13.job
  C:\WINDOWS\tasks\At14.job
  C:\WINDOWS\tasks\At15.job
  C:\WINDOWS\tasks\At16.job
  C:\WINDOWS\tasks\At17.job
  C:\WINDOWS\tasks\At18.job
  C:\WINDOWS\tasks\At19.job
  C:\WINDOWS\tasks\At2.job
  C:\WINDOWS\tasks\At20.job
  C:\WINDOWS\tasks\At21.job
  C:\WINDOWS\tasks\At22.job
  C:\WINDOWS\tasks\At23.job
  C:\WINDOWS\tasks\At24.job
  C:\WINDOWS\tasks\At25.job
  C:\WINDOWS\tasks\At26.job
  C:\WINDOWS\tasks\At27.job
  C:\WINDOWS\tasks\At28.job
  C:\WINDOWS\tasks\At29.job
  C:\WINDOWS\tasks\At3.job
  C:\WINDOWS\tasks\At30.job
  C:\WINDOWS\tasks\At31.job
  C:\WINDOWS\tasks\At32.job
  C:\WINDOWS\tasks\At33.job
  C:\WINDOWS\tasks\At34.job
  C:\WINDOWS\tasks\At35.job
  C:\WINDOWS\tasks\At36.job
  C:\WINDOWS\tasks\At37.job
  C:\WINDOWS\tasks\At38.job
  C:\WINDOWS\tasks\At39.job
  C:\WINDOWS\tasks\At4.job
  C:\WINDOWS\tasks\At40.job
  C:\WINDOWS\tasks\At41.job
  C:\WINDOWS\tasks\At42.job
  C:\WINDOWS\tasks\At43.job
  C:\WINDOWS\tasks\At44.job
  C:\WINDOWS\tasks\At45.job
  C:\WINDOWS\tasks\At46.job
  C:\WINDOWS\tasks\At47.job
  C:\WINDOWS\tasks\At48.job
  C:\WINDOWS\tasks\At5.job
  C:\WINDOWS\tasks\At6.job
  C:\WINDOWS\tasks\At7.job
  C:\WINDOWS\tasks\At8.job
  C:\WINDOWS\tasks\At9.job
  C:\WINDOWS\tasks\bxyhvwpl.job
  C:\WINDOWS\system32\37cd2ad4-.txt
  C:\Program Files\Brighter Minds Media
  C:\WINDOWS\system32\40T7Lilo.exe
  C:\Program Files\BitLord
  C:\Program Files\LimeWire
  C:\WINDOWS\system32\drivers\svchost.exe
  C:\Documents and Settings\Jeff\Application Data\LimeWire
  
  :reg
  [-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
  
  [-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Program Files\BitLord\BitLord.exe"=-
  "C:\Program Files\LimeWire\LimeWire.exe"=-
  "C:\WINDOWS\system32\drivers\svchost.exe"=-
  "C:\WINDOWS\system32\winlogon.exe"=-
  "C:\WINDOWS\system32\40T7Lilo.exe"=-
  "C:\WINDOWS\system32\logonui.exe"=-
  
  :commands
  [EmptyTemp]
  [reboot]

• Return to OTMoveIt3, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Re-run rsit.

Post:

- a fresh rsit log (only log.txt will appear)
- otmoveit3 log

[Marty398]

========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\bxyhvwpl.job moved successfully.
C:\WINDOWS\system32\37cd2ad4-.txt moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\xml\manifests moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\xml\DishLayouts\DishDisplayLayouts_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\xml\DishLayouts moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\xml\config moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\xml moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\LvlSelectImages moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Loading moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Ingredients\Default moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Ingredients\BGImages moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Ingredients moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Game Screen Misc\PantryRollover_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Game Screen Misc moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\PowerUps\Shuffle moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\PowerUps\ProgressSpeed moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\PowerUps\ComboHighlight moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\PowerUps\AttHighlight_Station moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\PowerUps\AttHighlight moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\PowerUps moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\ClassicCombo moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\Chain moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\AttributeSet moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback\AttMatch moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Feedback moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\SAUCE-SALAD_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\SAUCE-PIZZA_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\SAUCE-PASTA_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\SAUCE-ENTREE_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\SAUCE-BROTH_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\RAW-SLICED_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\RAW-SLICED_Flavor_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\RAW-CHOPPED_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\RAW-CHOPPED_Flavor_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\COOKED-WHOLE_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\COOKED-SLICED_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients\COOKED-CHOPPED_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images\Dish Display Ingredients moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\fonts moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\Tutorial\TutorialMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\Tutorial moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\TitleMainMenuMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\Station_IdleAnimations_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\QuitConfirmMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\ProfileModes_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\PowerUpUIButtons_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\PlayfieldUI_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\Player\Veg moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\Player\Meat moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\Player\Idle moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\Player\Flavor moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\Player moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\PauseMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\OptionsMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\Misc moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\LevelSelectMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\LevelOutroMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\LevelIntroMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\JudgingMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\HelpScreen_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\FinalDishDisplay_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\CutsceneMode_images\CharacterStates moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\CutsceneMode_images\BGs moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\CutsceneMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\CreditsMode_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\CookingStationUI_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\ComponentDisplay_images\FlameMeter_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\ComponentDisplay_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export\AddIngredient_images moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\export moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\audio\VO moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\audio\sounds moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\audio\music moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\audio\Game\Station moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\audio\Game moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef\audio moved successfully.
C:\Program Files\Brighter Minds Media\Top Chef moved successfully.
C:\Program Files\Brighter Minds Media moved successfully.
C:\WINDOWS\system32\40T7Lilo.exe moved successfully.
C:\Program Files\BitLord\Torrents moved successfully.
C:\Program Files\BitLord\rules moved successfully.
C:\Program Files\BitLord\lang moved successfully.
C:\Program Files\BitLord\Downloads\Mickey's Christmas Carol (1983)-JBW moved successfully.
C:\Program Files\BitLord\Downloads moved successfully.
C:\Program Files\BitLord moved successfully.
File/Folder C:\Program Files\LimeWire not found.
File/Folder C:\WINDOWS\system32\drivers\svchost.exe not found.
C:\Documents and Settings\Jeff\Application Data\LimeWire\xml\data moved successfully.
C:\Documents and Settings\Jeff\Application Data\LimeWire\xml moved successfully.
C:\Documents and Settings\Jeff\Application Data\LimeWire\themes\limewirePro_theme moved successfully.
C:\Documents and Settings\Jeff\Application Data\LimeWire\themes moved successfully.
C:\Documents and Settings\Jeff\Application Data\LimeWire\promotion moved successfully.
C:\Documents and Settings\Jeff\Application Data\LimeWire\certificate moved successfully.
C:\Documents and Settings\Jeff\Application Data\LimeWire\.AppSpecialShare moved successfully.
C:\Documents and Settings\Jeff\Application Data\LimeWire moved successfully.
========== REGISTRY ==========
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitLord\BitLord.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\drivers\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\winlogon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\40T7Lilo.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\system32\logonui.exe deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Jeff\LOCALS~1\Temp\etilqs_kQC51Urg7XzRcH1vFeb6 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_500.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01072009_072452

Files moved on Reboot...
File C:\DOCUME~1\Jeff\LOCALS~1\Temp\etilqs_kQC51Urg7XzRcH1vFeb6 not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_500.dat scheduled to be moved on reboot.
C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Jeff\Local Settings\Application Data\Mozilla\Firefox\Profiles\6ckfuz2e.default\XUL.mfl moved successfully.