Internet Redirect - iexplorer - shutting down select programs - help?

[proskoma]

Running Windows XP Ver 2002 SP 3

Last week I neglected to update AVG before the previous free version expired. Got an error message (didn't write down) that the installer had problems - installed new version anyway - full scan - but have four symptioms:
1. Web page redirects - especially from google, but not exclusivly
2. CyberSitter will not stay running. If I type cyb2k.exe in start/run the icon shows up in the tray and I see the process appear in task manager but the process ends almost right away and the icon dissapears when the curser rolls over it.
3. Certain windows dialog boxes will not populate... ie system resore opens to a white screen. Before I started trying to clean it would give an internet looking error - script error occured when trying to run scripts on this screen. With no details in the underlying fields. Usually had to fource quit.
4. I seem to have the iexplorer.exe trojan as this process shows up at least once and often multiple times in the taks manager when no browser windows are open... my current default browser is Opera, but when windows boots, I usually get a message about internet explorer being the default browser even though it hasn't been run.

I have run the following to try and fix:
Malwarebytes Anti-Malware
Prevx 3.0
1-2-3-Spyware
Spybot S&D
Norman Malware Cleaner
Stinger 1001

Here's my HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:04 PM, on 4/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Promise\FastTrak\FtrakSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\TrayDay\TrayDay.exe
C:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://gulllake.gospelcom.net/unsecu...iews/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} (Live365PlayerVIP Class) - http://www.live365.com/players/p365vip.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/...swordReset.ocx
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3518.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfvi...iewerSetup.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.co...X/FileXfer.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3518.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Promise FastTrak Log Service (FastTrakSvc) - Promise Technology Inc. - C:\Program Files\Promise\FastTrak\FtrakSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (NsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 12005 bytes

[Blade81]

Hi proskoma,

I have run the following to try and fix:
Malwarebytes Anti-Malware

Do you have that log still around? Please look for C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt file. If found, post back its contents.


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop. Post them back to your topic.

[proskoma]

Computer is worse today - can't get to internet at all (posting from a borrowed lap-top), iExplorer shows up at least 10 times in process and force quit doesn't work. Had to shut down at one point and the computer had two processes I've never heard of before it asked me about shutting down "Auto Suggest Drop Down" and "SysFader".

The DDS.SCR is not automatically opening any log files - any chance they're saved on my HD somewhere?

2 Malware log files follow:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/17/2009 9:17:30 PM
mbam-log-2009-04-17 (21-17-30).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 76969
Time elapsed: 12 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/minibugtransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00021494-0000-0000-c000-000000000046} (Adware.ISTBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{87255c51-cd7d-4506-b9ad-97606daf53f3} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

_____________________________________________________________

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/17/2009 10:25:48 PM
mbam-log-2009-04-17 (22-25-48).txt

Scan type: Quick Scan
Objects scanned: 88929
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\egauth.egegauth.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egcomservice.egcomsvc.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\egcomservice2.egcomsvc2.1 (Adware.EGDAccess) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\casino1.ini (Malware.Trace) -> Quarantined and deleted successfully.

[proskoma]

Ran DDS.SCR on lap-top to understand functionality. Will not run on infected computer... sometimes briefly see command box open but never starts and runs scan.

[Blade81]

Hi

Please rename dds.scr file -> something.scr and try running again.

[proskoma]

This had no effect. Same symptoms. Could see command window open briefly - then program quit without running the scan.

[Blade81]

Hi

Time for another program.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

[proskoma]

Logfile of random's system information tool 1.06 (written by random/random)
Run by David Wilson at 2009-04-21 21:21:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (27%) free of 112 GB
Total RAM: 1535 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:21:38 PM, on 4/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdler.exe
C:\Program Files\Promise\FastTrak\FtrakSvc.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
C:\Program Files\TrayDay\TrayDay.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\David Wilson\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\David Wilson.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Yahoo!
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [C2K] C:\WINDOWS\CYB2K.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: TrayDay.lnk = C:\Program Files\TrayDay\TrayDay.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: 2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/ (file missing)
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - E:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\UpromiseRemindU\System\Temp\upromise_script0.htm (file missing) (HKCU)
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt0_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://gulllake.gospelcom.net/unsecu...iews/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} (Live365PlayerVIP Class) - http://www.live365.com/players/p365vip.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.co...veX/winrep.cab
O16 - DPF: {5197842F-0557-48AE-9552-7594F7C98F04} (PWReset Control) - http://www.cybersitter.com/recovery/...swordReset.ocx
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/inst...l/pinstall.cab
O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag3518.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://picture.vzw.com/activex/Veriz...oadControl.cab
O16 - DPF: {9DBAFCCF-592F-FFFF-FFFF-00608CEC297C} -
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk.com/global/dwfvi...iewerSetup.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.co...X/FileXfer.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax3518.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe
O23 - Service: Promise FastTrak Log Service (FastTrakSvc) - Promise Technology Inc. - C:\Program Files\Promise\FastTrak\FtrakSvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (NsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

--
End of file - 11330 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Uninstall Expiration Reminder.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}]
bho2gr Class - E:\Program Files\GetRight\xx2gr.dll [2006-12-08 243016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"PRISMSVR.EXE"=C:\WINDOWS\system32\PRISMSVR.EXE [2004-04-13 290905]
"C2K"=C:\WINDOWS\CYB2K.EXE [2007-07-24 3163648]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-02-14 7700480]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-02-14 86016]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"nwiz"=nwiz.exe /install []
"ezShieldProtector for Px"=C:\WINDOWS\system32\ezSP_Px.exe [2002-08-20 40960]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WPCycle.exe"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"LDM"=\Program\BackWeb-8876480.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADUserMon]
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe [2002-01-24 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AtiPTA]
C:\WINDOWS\system32\atiptaxx.exe [2001-09-27 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Deskup]
E:\Program Files\Iomega\DriveIcons\deskup.exe [2001-10-01 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dskmgr32]
C:\WINDOWS\System32\dskmgr32.exe [2003-04-21 671744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE [2001-09-19 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
C:\WINDOWS\System32\ezSP_Px.exe [2002-08-20 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GhostStartTrayApp]
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe [2003-12-17 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe [2001-11-15 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Drive Icons]
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe [2001-11-20 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Startup Options]
E:\Program Files\Iomega\Common\ImgStart.exe [2001-01-17 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
\Program\BackWeb-8876480.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
C:\Program Files\Hello\Hello.exe [2005-01-11 2572288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
E:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE [2001-04-02 77887]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
E:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe [2004-05-07 1552384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2005-10-07 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CorelCENTRAL 10.lnk]
C:\WINDOWS\Installer\{A0B295C3-FD3C-11D4-A811-0090279106C3}\I_26dadCC.exe [2002-10-20 5222]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^FastCheck Monitoring Utility.lnk]
C:\Program Files\Promise\FastTrak\RAIDeUtility.exe [2001-11-22 540672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sonic CinePlayer Quick Launch.lnk]
C:\PROGRA~1\COMMON~1\SONICS~1\cinetray.exe [2002-09-18 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Wilson^Start Menu^Programs^Startup^Dialog Box Assistant.lnk]
E:\Program Files\OSDEx\OSDEx.exe [2002-04-26 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David Wilson^Start Menu^Programs^Startup^Webshots.lnk]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - E:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
2Wire Wireless Client.lnk - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.exe

C:\Documents and Settings\David Wilson\Start Menu\Programs\Startup
TrayDay.lnk - C:\Program Files\TrayDay\TrayDay.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"=E:\PROGRAM FILES\EUDORA\EUSHLEXT.DLL [2005-11-14 86016]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoFavoritesMenu"=1
"NoLogOff"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\Cyb2k.exe"="C:\WINDOWS\Cyb2k.exe:*:Enabled:CYBERsitter Control Panel"
"E:\Program Files\GetRight\getright.exe"="E:\Program Files\GetRight\getright.exe:*:Enabled:GetRight® www.getright.com"
"E:\Age of Empires II\Age2_X1\AGE2_X1.ICD"="E:\Age of Empires II\Age2_X1\AGE2_X1.ICD:*:Enabled:Age of Empires II Expansion"
"E:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe"="E:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe:*:Enabled:Dreamweaver"
"C:\Program Files\Common Files\Doppler 10 Pinpoint Alert\TrueWeather.exe"="C:\Program Files\Common Files\Doppler 10 Pinpoint Alert\TrueWeather.exe:*:Enabled:TrueWeather"
"C:\Program Files\SnapStream Media\Beyond TV 3\PVSLibraryAppService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\PVSLibraryAppService.exe:*:Enabled:Beyond TV Library Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServer.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServer.exe:*:Enabled:Beyond TV Web Server"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVRecordingEngine.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVGuideDataLoader.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader"
"C:\Program Files\SnapStream Media\Beyond TV 3\PVSConfigService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\PVSConfigService.exe:*:Enabled:Beyond TV Settings Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVD3DShell.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape"
"C:\WINDOWS\System32\mmc.exe"="C:\WINDOWS\System32\mmc.exe:*:Enabled:Microsoft Management Console"
"E:\Program Files\ICQ\Icq.exe"="E:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVRegistrationService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServiceProxy.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVLibraryService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVNetworkService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service"
"C:\Program Files\Grisoft\AVG Free\avgw.exe"="C:\Program Files\Grisoft\AVG Free\avgw.exe:*:Enabled:AVG Free Edition for Windows"
"C:\Program Files\Grisoft\AVG Free\avgvv.exe"="C:\Program Files\Grisoft\AVG Free\avgvv.exe:*:Enabled:AVG Free Virus Vault"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVSettingsService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service"
"C:\Program Files\SnapStream Media\Beyond TV 3\BTVTaskManagerService.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service"
"E:\Program Files\Sierra\Empire Earth\Empire Earth.exe"="E:\Program Files\Sierra\Empire Earth\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\Program Files\RealVNC\VNC4\vncviewer.exe"="C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32"
"F:\Program Files\Opera\Opera.exe"="F:\Program Files\Opera\Opera.exe:*:Enabled:Opera Internet Browser"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat"="C:\Program Files\EA Games\Command and Conquer Generals\patchget.dat:*:Disabled:patchgrabber"
"E:\Program Files\Real\RealOne Player\realplay.exe"="E:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealOne Player"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\Program Files\SnapStream Media\Beyond TV 3\SetupWizard.exe"="C:\Program Files\SnapStream Media\Beyond TV 3\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard"
"C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:*:Enabled:Beyond TV Registration Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:*:Enabled:Beyond TV Library Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:*:Enabled:Beyond TV Network Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:*:Enabled:Beyond TV Recording Engine"
"C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:*:Enabled:Beyond TV Guide Data Loader"
"C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:*:Enabled:Beyond TV Settings Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:*:Enabled:Beyond TV Task Manager Service"
"C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:*:Enabled:Beyond TV ViewScape"
"C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe"="C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:*:Enabled:Beyond TV Setup Wizard"
"C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe"="C:\Program Files\SnapStream Media\Beyond TV\BTVWebServiceProxy.exe:*:Enabled:Beyond TV Web Service Proxy"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Smart PC Solutions\1-2-3 Spyware Free\SpywareFree.exe"="C:\Program Files\Smart PC Solutions\1-2-3 Spyware Free\SpywareFree.exe:*:Enabled:Protecting from spyware and adware can be easy and effective!"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\LaunchU3.exe -a


======File associations======

.js - open - "E:\Program Files\Macromedia\Dreamweaver 4\Dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2009-04-20 19:43:08 ----D---- C:\rsit
2009-04-18 17:51:58 ----A---- C:\WINDOWS\RegNet98.txt
2009-04-18 17:51:58 ----A---- C:\WINDOWS\RegNet.txt
2009-04-18 14:49:36 ----D---- C:\WINDOWS\ERDNT
2009-04-18 14:49:00 ----D---- C:\Program Files\ERUNT
2009-04-18 14:29:18 ----SHD---- C:\Config.Msi
2009-04-18 10:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-18 00:21:35 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-18 00:21:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-17 21:04:13 ----D---- C:\Documents and Settings\David Wilson\Application Data\Malwarebytes
2009-04-17 21:04:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-17 21:04:06 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-04-17 19:53:43 ----A---- C:\WINDOWS\wininit.ini
2009-04-17 08:22:21 ----D---- C:\!KillBox
2009-04-16 21:00:04 ----D---- C:\Documents and Settings\All Users\Application Data\{A21E413E-98CC-4ABB-9843-E6AA4F456F61}
2009-04-14 09:48:02 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-04-14 09:44:35 ----D---- C:\fixwareout
2009-04-14 09:40:48 ----D---- C:\Program Files\Trend Micro
2009-04-13 21:09:24 ----D---- C:\Program Files\AVG
2009-04-13 21:09:24 ----D---- C:\Documents and Settings\All Users\Application Data\avg8

======List of files/folders modified in the last 1 months======

2009-04-20 20:29:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-20 20:27:30 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-20 19:42:18 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-18 14:30:14 ----A---- C:\WINDOWS\cylsplog.txt
2009-04-14 07:11:02 ----A---- C:\WINDOWS\win.ini
2009-04-13 22:12:42 ----A---- C:\WINDOWS\RAIDeUtility.ini
2009-04-13 21:57:24 ----A---- C:\WINDOWS\OEWABLog.txt
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\wzfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\wrestfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\viofil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\vgamfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\urifil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\tapfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\tafil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\swfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\srchout.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\srchin.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\srchfrgn.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\sporfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\spmfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\snetfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\snetbonly.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\pxyfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\psyfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\popfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\pkmon.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\picsfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\perfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\nvgamfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\nfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\mp3fil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\movfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\macfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\lgwfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\lastupdate.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\jbfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\imgfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\igefil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\iawfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\hatfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\gnfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\gdwfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\gblfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\fshrfil.dll
2009-04-02 08:25:08 ----A---- C:\WINDOWS\system32\fmfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\finfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\entfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\cultfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\csnews.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\chtfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\bsnlst.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\bnrfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\Auctfil.dll
2009-04-02 08:25:06 ----A---- C:\WINDOWS\system32\adwfil.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2007-02-06 16512]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2004-04-13 285824]
R1 Cinemsup;Cinemsup; C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 6656]
R1 DCDisk;DCDisk; C:\WINDOWS\system32\drivers\DCDisk.sys [2008-06-17 155648]
R1 DVDVRRdr_xp;DVDVRRdr_xp; C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys [2004-04-15 140416]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2003-04-16 4228]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-04-13 117248]
R1 UDFReadr;UDFReadr; C:\WINDOWS\system32\drivers\UDFReadr.sys [2004-04-15 198528]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-04-13 15781]
R3 4mmdat;4mmdat; C:\WINDOWS\System32\DRIVERS\4mmdat.sys [2008-04-13 12288]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-29 36224]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-04-13 23680]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2007-02-06 185728]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\LHidFlt2.sys [2001-09-19 22064]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\system32\drivers\LHidUsb.Sys [2001-09-19 37822]
R3 LKbdFlt2;Logitech Keyboard Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LKbdFlt2.sys [2001-09-19 5840]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\System32\DRIVERS\LMouFlt2.sys [2001-09-19 67440]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-02-14 3983872]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 wlanCIG;2Wire 802.11g Driver; C:\WINDOWS\system32\DRIVERS\wlanCIG.sys [2004-05-16 390752]
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-05-04 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-05-04 2560]
S1 DVDRC;DVDRC; C:\WINDOWS\System32\drivers\DVDRC.sys []
S1 efbDisk;efbDisk; C:\WINDOWS\system32\drivers\efbDisk.sys []
S2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\atinmdxx.sys [2004-08-04 13824]
S3 AMDPCI;AMDPCI; \??\C:\DOCUME~1\DAVIDW~1\LOCALS~1\Temp\AMDPCI.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mpaa;ati2mpaa; C:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 281856]
S3 ati2mtaa;ati2mtaa; C:\WINDOWS\System32\DRIVERS\ati2mtaa.sys [2001-09-26 285088]
S3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\System32\DRIVERS\atinrvxx.sys [2004-08-04 104960]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP); C:\WINDOWS\System32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DDCCI;DDC/CI monitor; C:\WINDOWS\System32\DRIVERS\Moni2c.sys [2003-03-30 6494]
S3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder); C:\WINDOWS\system32\DRIVERS\hcwPVRP2.sys [2004-09-22 814464]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\drivers\HidUsb.sys [2008-04-13 10368]
S3 l8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\System32\DRIVERS\L8042Pr2.sys [2001-09-19 50432]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-04-13 23680]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SunkFilt;Alcor Micro Corp Reader; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 zremote;zremote; C:\WINDOWS\system32\drivers\zremote.sys [2004-03-01 10368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 _IOMEGA_ACTIVE_DISK_SERVICE_;Iomega Active Disk; C:\Program Files\Iomega\AutoDisk\ADService.exe [2002-01-24 126976]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 FastTrakSvc;Promise FastTrak Log Service; C:\Program Files\Promise\FastTrak\FtrakSvc.exe [2000-11-15 237568]
R2 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2003-12-17 200704]
R2 Iomega App Services;Iomega App Services; C:\PROGRA~1\Iomega\System32\AppServices.exe [2002-01-14 73728]
R2 Iprip;RIP Listener; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-02-22 38912]
R2 NsService;NovaStor NovaBACKUP Backup/Copy Engine; C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe [2008-06-17 207936]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-02-14 159811]
R2 Real time Backup Loader;Real time Backup Loader; C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe [2008-06-17 93248]
R2 SimpTcp;Simple TCP/IP Services; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
R2 SNMP;SNMP Service; C:\WINDOWS\System32\snmp.exe [2008-04-13 33280]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2000-11-30 57344]
S2 Backup Scheduler;Backup Scheduler; C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe [2008-06-17 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 LPDSVC;TCP/IP Print Server; C:\WINDOWS\System32\tcpsvcs.exe [2001-08-23 19456]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe [2004-01-30 65625]
S3 SNMPTRAP;SNMP Trap Service; C:\WINDOWS\System32\snmptrap.exe [2008-04-13 8704]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe [2004-01-30 65622]
S3 SupportSoft RemoteAssist;SupportSoft RemoteAssist; C:\Program Files\Common Files\supportsoft\bin\ssrc.exe [2008-07-15 394608]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Iomega Activity Disk2;Iomega Activity Disk2; []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

[proskoma]

info.txt logfile of random's system information tool 1.06 2009-04-20 19:43:15

======Uninstall list======

-->"C:\Program Files\Outlook Express\setup50.exe" /APP:WAB /CALLER:IE50 /UNINSTALL /PROMPT
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Gigabyte Management Tools\Uninst.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\GIGABYTE\Promise ATA 133 Driver\Uninst.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
123 Free Solitaire-->E:\PROGRA~1\123FRE~1\UNWISE.EXE E:\PROGRA~1\123FRE~1\INSTALL.LOG
1Click DVD to Divx Avi 2.12-->"E:\Program Files\1Click DVD to Divx Avi\unins000.exe"
2Wire Wireless Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
AccuChef-->E:\PROGRA~1\ACCUCH~1\UNWISE.EXE E:\PROGRA~1\ACCUCH~1\INSTALL.LOG
Active Disk-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\AutoDisk\uninstal.log
Actual Checkers 2000 R-->"E:\Program Files\Atlant Software\Actual Checkers 2000 R\unins000.exe"
Adaptec EZ-SCSI Standard Edition 5.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\SCSI_SE\DeIsL1.isu"
Adobe After Effects 5.5-->MsiExec.exe /I{31851B85-C98E-44DE-8750-9843BCD63963}
Adobe Atmosphere Player for Acrobat and Adobe Reader-->C:\WINDOWS\atmoUn.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe GoLive 6.0-->"C:\Program Files\InstallShield Installation Information\{97E38F11-0FBE-4BC2-9EE1-5B1421C76F27}\setup.exe"
Adobe Illustrator 10.0.3-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe"
Adobe PageMaker 6.5-->C:\WINDOWS\uninst.exe -f"E:\Program Files\PM65\DeIsL2.isu"
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"E:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 7.0.5 Language Support-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-7050000000A7}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Manager Deluxe 4.1-->C:\WINDOWS\uninst.exe -ff:\psfonts\DeIsL1.isu -c"f:\psfonts\UNINST.DLL"
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
AniRez-->C:\WINDOWS\unvise32.exe E:\Program Files\uninstal.log
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Multimedia Center-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ATI Multimedia\Uninst.isu" -c"C:\Program Files\ATI Multimedia\ISuninst.dll
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AWSPS 4.02-->C:\WINDOWS\uninst.exe -f"D:\Atelier Web\AWSPS 4.02\DeIsL1.isu" -c"D:\Atelier Web\AWSPS 4.02\_ISREG32.DLL"
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{3EDFFD11-B9AB-4296-9757-B5AF1F2B8E5C}
Beyond TV DVD Burning Foundation-->MsiExec.exe /I{E86496D9-5009-4FFF-AABD-6E62CDFAC7B7}
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
Chessmaster 8000-->C:\WINDOWS\IsUninst.exe -f"d:\Chessmaster 8000\CM8kUninst.isu"
Command & Conquer Generals-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32}
Command & Conquer Red Alert 2-->E:\Westwood\RedAlert\Uninstll.EXE
Command & Conquer Tiberian Sun-->C:\Westwood\SUN\Uninstll.EXE
Command && Conquer Red Alert 2 - Yuri's Revenge-->E:\Westwood\RedAlert\Uninstll.EXE
Command and ConquerTM Generals Zero Hour-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}
Cover Art Downloader v1.2-->"C:\Program Files\Cover Art Downloader\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CuteFTP 5.0 XP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18DF995F-2ACC-47E4-A33B-A703F4D39E92}\IS6.exe" -l0x9 /l0009 UNINSTALL
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
DesignPro 5.0 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{97AE00A8-1336-410F-B467-1C6623127BD6}
Desktop Architect-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Freeware\Desktop Architect\Uninst.isu"
Dialog Box Assistant 1.01-->"E:\Program Files\OSDEx\unins000.exe"
DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
Director 8 Shockwave Studio-->E:\PROGRA~1\MACROM~1\DIRECT~1\UNWISE.EXE E:\PROGRA~1\MACROM~1\DIRECT~1\install.log
DirectVobSub (remove only)-->"C:\Program Files\DirectVobSub\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doppler 10 Pinpoint Alert-->C:\WINDOWS\wnUninstall.exe "Doppler 10 Pinpoint Alert"
DR-92 Manager-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\DR-92 Manager\Uninst.isu"
Elecard MPEG Player-->"C:\Program Files\Elecard\Elecard MPEG Player\Uninstall.exe" "C:\Program Files\Elecard\Elecard MPEG Player\install.log" -u
Empire Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe"
Enable S3 for USB Device-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gigabyte\Enable S3 for USB Device\Uninst.isu"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Eudora-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9CD51F8E-A936-46D2-93BA-140D3F08BDD6}\setup.exe" -l0x9
FastTrak RAID controller utility-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Promise\FastTrak\UninstNT.isu" -c"C:\Program Files\Promise\FastTrak\uninst.dll"
FontLook-->E:\PROGRA~1\FONTLOOK\UNWISE.EXE E:\PROGRA~1\FONTLOOK\INSTALL.LOG
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
GetRight-->E:\Program Files\GetRight\GETRIGHT.EXE /UNINSTALL
GoldLeo DVD Ripper 2.2-->"C:\Program Files\GoldLeo DVD Ripper\unins000.exe"
Hauppauge WinTV Scheduler-->C:\PROGRA~1\WINTV\SCHEDU~1\UNISCHED.EXE C:\PROGRA~1\WINTV\SCHEDU~1\INSTALL.LOG
Hauppauge WinTV2000-->C:\PROGRA~1\WINTV\UNTV32.EXE C:\PROGRA~1\WINTV\WINTV2K.LOG
Hauppauge WinTV-PVR 150 Drivers-->C:\PROGRA~1\WINTV\UNPVR48.EXE C:\PROGRA~1\WINTV\pvr26xxx.LOG
Hello (remove only)-->"C:\Program Files\Hello\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 840c series (Remove only)-->C:\Program Files\hp deskjet 840c series\hpfiui.exe -c -vdivid=HPF -vpnum=90 -vinstport=USB001 -vproduct=840c -huninstall
hp deskjet 840c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 840c series
HTMLPad 2004 Pro v5.0-->"E:\Program Files\HTMLPad 2004 Pro\unins000.exe"
HyperCD-->C:\WINDOWS\IsUninst.exe -fC:\HyperCD\Uninst.isu
ICQ-->E:\PROGRA~1\ICQ\ICQUninstall.EXE
IKEA HomePlanner Kitchen-->MsiExec.exe /I{A36BE275-BD22-406C-8D2D-ED99F9E6C0B4}
InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
Iomega App Services-->C:\WINDOWS\unvise32.exe C:\Program Files\Iomega\System32\uninstal.log
IomegaWare-->C:\WINDOWS\unvise32.exe E:\Program Files\Iomega\uninstal.log
iSofter DVD Ripper Platinum 3.0.2007.228-->"C:\Program Files\iSofter\DVDPlatinum\unins000.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java 2 Runtime Environment Standard Edition v1.3.1-->C:\WINDOWS\IsUninst.exe -f"E:\Program Files\JavaSoft\JRE\1.3.1\Uninst.isu"
Java 2 Runtime Environment, SE v1.4.2_06-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JMail-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC0C3855-5651-4313-AC56-9A3F17D2ADC9}\Setup.exe"
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" UNINSTALL /L9
Logitech MouseWare 9.41 .1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0009 UNINSTALL
Macromedia Dreamweaver 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ABDA9912-5D00-11D4-BAE7-9367CA097955}\Setup.exe" mmUninstall
Macromedia Extension Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5BA14E0-7384-11D4-BAE7-00409631A2C8}\setup.exe" mmUninstall
Macromedia Flash 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C93C363-414E-11D4-9756-00C04F8EEB39}\SETUP.EXE" UNINSTALL
Macromedia FreeHand 9-->C:\WINDOWS\IsUninst.exe -f"D:\Macromedia\FreeHand 9\Uninst.isu"
Macromedia Generator 2-->C:\WINDOWS\IsUninst.exe -f"d:\macromedia\Generator2\Generator 2\Uninst.isu" -c"d:\macromedia\Generator2\Generator 2\bin\uninstall.dll"
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~3\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~3\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Media Cleaner Pro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Media Cleaner Pro 4.0.2\DeIsL1.isu" -c"C:\PROGRA~1\MEDIAC~1.2\uninst.dll
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
microKORG SoundEditor-->MsiExec.exe /X{EB091860-8C2B-4E49-A543-666373C39E6F}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Age of Empires II-->"E:\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Interactive CD Sampler-->C:\UNWISE.EXE C:\Sampler7.LOG
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money Plus-->"C:\Program Files\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Media Video 9 VCM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmv9vcm.inf, Uninstall
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Microsoft Word 97 Time Mgmt Wizard Pack (Remove only)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wdtmgmt.inf, Uninstall.NT
Movavi Video Converter 6-->MsiExec.exe /I{6A750221-B84D-419D-B11C-5F597FDBA826}
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla Firefox (2.0.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Entertainment Download Troubleshooter-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnediag.inf,Uninstall
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{07B02BD4-E799-4945-B240-166CA9A9BE2D} /l1033
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
Musicnotes Player V1.23.1 and Viewer-->"C:\Program Files\Musicnotes\Player\unins000.exe"
MySQL Connector/ODBC 3.51-->C:\WINDOWS\SYSTEM32\UNWISE.EXE C:\WINDOWS\SYSTEM32\myodbc3_install.LOG
Myst IV - Revelation-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}\setup.exe" -l0x9
nanoPEG-Editor 2.2 Hauppauge Edition-->"C:\Program Files\nanocosmos\MPEG-Tools for Hauppauge\Editor2\unins000.exe"
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-4182-A6F2-438180894A81}\setup.exe" -l0x9 AddRemoveCPRun
NEC-Mitsubishi NaViSet-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8287E5A6-A0D1-4074-B149-F6157EE0DEEB}
NetAccountability-->C:\WINDOWS\System32\nak.exe -u
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton Ghost-->MsiExec.exe /I{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}
NovaBACKUP-->MsiExec.exe /I{372FB8CA-E690-4FB2-B2DB-649768691561}
NovaBACKUP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0C3B9465-E882-11D3-BF71-00C04FA0D6AE}\setup.exe" -L0x9
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 3.4-04-16-16-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix3.4-04-16-16-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 3.4.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26C849AB-1865-412D-B87D-B18BC5CB6C60}\setup.exe" -l0x9 UNINSTALL
Opera 9.10-->MsiExec.exe /X{5D582D33-EB35-4D77-B7AF-403322D947E6}
Palm Desktop-->MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Personal Color Viewer 2.0-->MsiExec.exe /I{B3E3EAEC-A20E-48EE-B161-A43B552D5465}
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
PolderbitS Sound Recorder and Editor-->"C:\Program Files\PolderbitS\Recorder\Recorder.exe" /uninstall
QTam Bitmap to Icon 3.5-->"E:\Program Files\QTam\Bitmap to Icon 3.5\unins000.exe"
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
Ray Dream Studio v5.0-->C:\WINDOWS\uninst.exe -f"c:\program files\RayDream\DeIsL1.isu"
Real Alternative 1.52 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
REALmagic Hollywood Plus-->C:\WINDOWS\IsUninst.exe -fC:\REALmagc\Uninst.isu -c"C:\REALmagc\rmset.dll
Red Alert Windows 95-->C:\WINDOWS\RAUNINST.EXE C:\WINDOWS\UNINST.EXE -fC:\WESTWOOD\REDALERT\DEISL1.ISU
Roxio Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Roxio Easy Media Creator 7-->MsiExec.exe /I{89818D7D-C128-4DC2-8DC8-326DC904969C}
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
SCRABBLE-->C:\PROGRA~1\HASBRO\SCRABB~1\UNWISE.EXE /U C:\PROGRA~1\HASBRO\SCRABB~1\INSTALL.LOG
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\MACROMED\SHOCKW~2\Install.log
Sid Meier's Alpha Centauri-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Firaxis Games\Sid Meier's Alpha Centauri\Uninst.isu"
SimCity 3000-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maxis\SimCity 3000\Uninst.isu"
SnapStream Beyond TV 4.6.1-->"C:\Program Files\SnapStream Media\Beyond TV\uninstall-btv.exe"
SnapStream Firefly Mini 1.0.2-->"C:\Program Files\SnapStream Media\Firefly Mini\Uninstall.exe"
Solid Oak Software WhatsMyDNS 1.8.2.23-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\Solid Oak Software\WhatsMyDNS\Deploy.log"
Sonic CinePlayer MPEG Combo Pack-->MsiExec.exe /I{17F44736-17BF-4ACE-910E-A743C5D55129}
Sound Blaster PCI128-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Creative\CTSND\DeIsL1.isu"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperDVD Player V4.0-->"C:\Program Files\MasterSoft\unins000.exe"
SureThing CD Labeler 4 SE-->C:\WINDOWS\mvuninst\App1\mvuninst.exe "SureThing CD Labeler 4 SE"
Ten Thumbs 4.3-->MsiExec.exe /I{312DFE8A-7B3A-41D4-AB00-52ACDB05ABE2}
Ten Thumbs Typing Tutor-->MsiExec.exe /X{28638102-02DB-43C5-9358-7596ED0FCBC2}
TPP Storage Class Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{179C8887-E768-4FF6-9008-1F665AD9F6FC}\Setup.exe" NotFirstIntall
TrayDay-->C:\PROGRA~1\TRAYDAY\Uninstall.exe C:\PROGRA~1\TRAYDAY\Install.log
TWC Customer Controls-->MsiExec.exe /I{F8722041-B63A-47FB-82A8-5F0977E1CF45}
Tweaki...for Power Users-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\ENGINE\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71AE4702-5C47-43BB-BDD6-21C84D086B82}\setup.exe"
Tweakui Powertoy for Windows XP-->MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
USB 2.0 Host Controller Driver-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\GIGABYTE\USB 2.0 Host Controller Driver\Uninst.isu" -c"C:\Program Files\GIGABYTE\USB 2.0 Host Controller Driver\uninst.dll"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2005 Redist Package-->MsiExec.exe /I{D8C2C5B1-1A88-4B87-9116-59D082B1CE30}
VNC Free Edition 4.1.1-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Westwood Shared Internet Components-->C:\Westwood\Internet\UnstllAP.EXE
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"E:\PROGRA~1\WINZIP\winzip32.exe" /uninstall
WordPerfect Office 2002-->C:\WINDOWS\Corel\uninst32.exe
WordPerfect Office 2002-->MsiExec.exe /I{A0B295C3-FD3C-11D4-A811-0090279106C3}
Wtcc II-->C:\PROGRA~1\WTCC2\UNWISE.EXE C:\PROGRA~1\WTCC2\INSTALL.LOG
XviD MPEG-4 Video Codec-->"C:\Program Files\XviD\unins000.exe"

======System event log======

Computer Name: DAVEHOME
Event Code: 7000
Message: The ATI WDM Specialized MVD Codec service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 802605
Source Name: Service Control Manager
Time Written: 20090201155951.000000-300
Event Type: error
User:

Computer Name: DAVEHOME
Event Code: 7000
Message: The ATI WDM Specialized MVD Codec service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 802568
Source Name: Service Control Manager
Time Written: 20090131093847.000000-300
Event Type: error
User:

Computer Name: DAVEHOME
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0060B31CC114. The following error
occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 802562
Source Name: Dhcp
Time Written: 20090131093828.000000-300
Event Type: error
User:

Computer Name: DAVEHOME
Event Code: 7000
Message: The ATI WDM Specialized MVD Codec service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 802528
Source Name: Service Control Manager
Time Written: 20090127211231.000000-300
Event Type: error
User:

Computer Name: DAVEHOME
Event Code: 1001
Message: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0060B31CC114. The following error
occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 802510
Source Name: Dhcp
Time Written: 20090126211403.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833781
Source Name: CYBERsitter
Time Written: 20090319173259.000000-240
Event Type: error
User: DAVEHOME\David Wilson

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833780
Source Name: CYBERsitter
Time Written: 20090319173159.000000-240
Event Type: error
User: DAVEHOME\David Wilson

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833779
Source Name: CYBERsitter
Time Written: 20090319173059.000000-240
Event Type: error
User: DAVEHOME\David Wilson

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833778
Source Name: CYBERsitter
Time Written: 20090319172959.000000-240
Event Type: error
User: DAVEHOME\David Wilson

Computer Name: DAVEHOME
Event Code: 5
Message: Exception Error - UID List index out of bounds (1)
Record Number: 833777
Source Name: CYBERsitter
Time Written: 20090319172859.000000-240
Event Type: error
User: DAVEHOME\David Wilson

======Environment variables======

"BLASTER"=A220 I7 D1 H7 P330 T6
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\PROGRA~1\MICROS~5\Office;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Ulead Systems\MPEG;E:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0800
"PROMPT"=$p$g
"TEMP"=C:\WINDOWS\TEMP
"TMP"=C:\WINDOWS\TEMP
"winbootdir"=C:\WINDOWS
"windir"=C:\WINDOWS
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

[Blade81]

Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
   Remember to re-enable them afterwards.
   
   
2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.