Results 1 to 10 of 16

Thread: Win32.TDSS.rtk Help! (Resolved)

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Unhappy Win32.TDSS.rtk Help! (Resolved)

    Please help!
    My home computer has been attacked by Win32.TDSS.rtk and I do not have the know-how to get rid of it. I have run Spybot S&D several times and it picks up 5 or 6 TrojansC entries that always come back when I try to fix the selected problems. I have only average computer knowledge and need a professional to help me through this. I have read many of the other posts regarding this same issue, each saying do not try this at home, this issue requires individual attention, so here I am, asking for individual attention. Spybot shows the following set up in a drop down fashion after I scan:

    Win32.TDSS.rtk
    (SBI $1473B578) File
    C:\WINDOWS\system32\drivers\geyekrsscupuve.sys
    (SBI $5CC20873) File
    C:\WINDOWS\system32\geyekrpwlgmaeo.dll
    (SBI $5CC200873) File
    C:\WINDOWS\system32\geyekrwqdgxgnm.dll
    (SBI $E9F5D25E) File
    C:\WINDOWS\temp\geyekrwdqppxgban.tmp
    (SBI $0419F0A4) File
    C:\WINDOWS\system32\geyekrwittgyus.dat
    (SBI $0419F0A4) File
    C:\WINDOWS\system32\geyekrxunbjivh.dat
    I don't know much about what kind of logs you might need or how to aquire them, so I appreciate your patience in helping me out. One question I have about the eradication process is should I attempt to back up my documents, photos, and music before downloading any programs to kill this virus or would that just endanger my computer again, after its fixed? Will the process even affect these types of files, does it involve a complete wipe? Thanks for your answers and help in advance, I wish I was as techno-savvy as all you, but since I'm clearly not, Thanks Again!
    Kylie


    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Last edited by tashi; 2009-08-07 at 01:37. Reason: moved from Spybot-S&D support to malware removal, added link to FAQ so you are aware of who will be helping ;-)

  2. #2
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Manchester UK
    Posts
    3,425

    Default

    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.


    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly

    Some of the logs I request will be quite large, You may need to split them over a couple of replies.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe

    ----------------------------------------------------------------------------------------

    1) I don't know much about what kind of logs you might need or how to aquire them,
    2) One question I have about the eradication process is should I attempt to back up my documents, photos, and music
    3) Will the process even affect these types of files, ~ does it involve a complete wipe?
    1) Don't worry, I'll let you know what is needed
    2) It is recommended that you backup any data that you don't want to lose, before any removal or update process
    3) It depends on what infection is present


    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
      ( They can also be found in the C:\RSIT folder )



    SysProt Antirootkit

    Download SysProt Antirootkit from the link below (you will find it at the bottom of the page under attachments, or you can get it from one of the mirrors).

    http://sites.google.com/site/sysprotantirootkit/

    Unzip it into a folder on your desktop.
    • Double click Sysprot.exe to start the program.
    • Click on the Log tab.
    • In the Write to log box select all items.
    • Click on the Create Log button on the bottom right.
    • After a few seconds a new window should appear.
    • Select Scan Root Drive. Click on the Start button.
    • When it is complete a new window will appear to indicate that the scan is finished.
    • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
    Microsoft MVP Consumer Security 2009 -2010
    If we have helped, please consider a donation
    THESE INSTRUCTIONS ARE FOR THIS USER ONLY

  3. #3
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default Requested RSIT Logs

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by HP_Administrator at 2009-08-07 11:47:30
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 274 GB (59%) free of 468 GB
    Total RAM: 2046 MB (64% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:47:43 AM, on 8/7/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Common Files\AOL\1235350536\ee\AOLSoftware.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AOL 9.1\waol.exe
    C:\Program Files\AOL 9.1\shellmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\JF8LJ026\RSIT[1].exe
    C:\Program Files\trend micro\HP_Administrator.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: IAOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL Toolbar\aoltb.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: (no name) - MRI_DISABLED - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: AOL Toolbar Loader - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1235350536\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7984] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC5656] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9241] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC502] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1693] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6687] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3902] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9993] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7459] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3244] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6884] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3408] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6733] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8971] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8979] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4414] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9616] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC49] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2652] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3319] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1395] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2614] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8335] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6322] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7032] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9728] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5710] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2674] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6709] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2514] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5081] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3230] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1510] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2915] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4070] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2198] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4221] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2934] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6784] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7861] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA858] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6898] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1711] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4950] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA6178] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6738] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA2721] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7626] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA3364] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8926] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9021] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7767] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA4635] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3757] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA9844] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1033] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7491] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC3955] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA7880] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC1983] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA1399] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC9093] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA8791] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC7135] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5144] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC2510] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA276] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC8638] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5838] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC6879] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7226] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7361] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7242] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5996] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3825] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1461] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8402] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3958] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8292] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5535] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3502] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5495] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6877] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6881] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB109] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6797] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB4934] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9118] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9469] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7490] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB943] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9319] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6444] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9807] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7501] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8817] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6612] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4443] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5624] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD975] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7882] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8781] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3298] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD1582] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7994] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD8553] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB1335] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7954] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3843] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD4059] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5838] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9347] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7034] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6984] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8831] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7375] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB8149] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9748] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9712] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2457] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7768] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7910] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9922] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7986] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB2886] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5892] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB5868] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2045] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6918] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2316] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB278] command.com /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD6853] cmd.exe /c del "C:\WINDOWS\system32\drivers\geyekrsscupuve.sys"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB6093] command.com /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5421] cmd.exe /c del "C:\WINDOWS\system32\geyekrpwlgmaeo.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB9000] command.com /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD2067] cmd.exe /c del "C:\WINDOWS\system32\geyekrwqdgxgnm.dll"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7235] command.com /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7943] cmd.exe /c del "C:\WINDOWS\system32\geyekrwittgyus.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB428] command.com /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD7287] cmd.exe /c del "C:\WINDOWS\system32\geyekrxunbjivh.dat"
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.trymedia.com (HKLM)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/ca..._2.3.7.109.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/de...e/HPDEXAXO.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://deere.webex.com/client/T26L1...ex/ieatgpc.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...99/mcfscan.cab
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

    --
    End of file - 26236 bytes

  4. #4
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default RSIT logs

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\DMATask 0 {D2B22905-47C9-4b82-8E74-47AA9D2DE378} 0~0.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\MRI_DISABLED]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
    Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
    AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2008-10-21 1275176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-02 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-02 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2008-10-21 1275176]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-30 67584]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
    "HostManager"=C:\Program Files\Common Files\AOL\1235350536\ee\AOLSoftware.exe [2008-11-06 41264]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-11-01 180269]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-02 148888]
    "nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
    "nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingA7984"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC5656"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA9241"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC502"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA1693"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC6687"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA3902"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC9993"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA7459"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC3244"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA6884"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC3408"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA6733"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC8971"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA8979"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC4414"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA9616"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC49"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA2652"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC3319"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA1395"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC2614"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA8335"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC6322"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA7032"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC9728"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA5710"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC2674"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA6709"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC2514"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA5081"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC3230"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA1510"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC2915"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA4070"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC2198"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA4221"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC2934"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA6784"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC7861"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA858"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC6898"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA1711"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC4950"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA6178"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC6738"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA2721"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC7626"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA3364"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC8926"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA9021"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC7767"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA4635"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC3757"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA9844"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC1033"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA7491"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC3955"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA7880"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC1983"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingA1399"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingC9093"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingA8791"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingC7135"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingA5144"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingC2510"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingA276"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingC8638"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingA5838"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingC6879"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
    "igndlm.exe"=C:\Program Files\Download Manager\DLM.exe [2008-08-01 1103216]
    "TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-04-08 251240]
    "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
    "AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-11-06 50472]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SpybotDeletingB7226"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD7361"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB7242"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD5996"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB3825"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD1461"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB8402"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD3958"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB8292"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD5535"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB3502"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD5495"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB6877"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD6881"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB109"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD6797"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB4934"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD9118"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB9469"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD7490"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB943"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD9319"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB6444"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD9807"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB7501"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD8817"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB6612"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD4443"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB5624"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD975"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB7882"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD8781"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB3298"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD1582"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB7994"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD8553"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB1335"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD7954"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB3843"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD4059"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB5838"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD9347"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB7034"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD6984"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB8831"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD7375"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB8149"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD9748"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB9712"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD2457"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB7768"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD7910"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB9922"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD7986"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB2886"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD5892"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB5868"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD2045"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB6918"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD2316"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingB278"=command.com /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingD6853"=cmd.exe /c del C:\WINDOWS\system32\drivers\geyekrsscupuve.sys []
    "SpybotDeletingB6093"=command.com /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingD5421"=cmd.exe /c del C:\WINDOWS\system32\geyekrpwlgmaeo.dll []
    "SpybotDeletingB9000"=command.com /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingD2067"=cmd.exe /c del C:\WINDOWS\system32\geyekrwqdgxgnm.dll []
    "SpybotDeletingB7235"=command.com /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingD7943"=cmd.exe /c del C:\WINDOWS\system32\geyekrwittgyus.dat []
    "SpybotDeletingB428"=command.com /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []
    "SpybotDeletingD7287"=cmd.exe /c del C:\WINDOWS\system32\geyekrxunbjivh.dat []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    c:\Program Files\Common Files\Symantec Shared\ccApp.exe []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]
    C:\Program Files\DISC\DISCover.exe [2006-04-07 1073152]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]
    C:\Program Files\DISC\DiscUpdMgr.exe [2006-04-07 65536]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
    c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ftutil2]
    ftutil2.dll,SetWriteCacheMode []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
    c:\windows\system\hpsysdrv.exe [1998-05-07 52736]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-07-06 151552]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
    C:\HP\KBD\KBD.EXE [2005-02-02 61440]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    nwiz.exe /installquiet /keeploaded /nodetect []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
    []

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
    C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
    C:\WINDOWS\RTHDCPL.EXE [2007-10-25 16855552]

  5. #5
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default RSIT end of log.txt

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

    C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
    OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
    "C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
    "C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
    "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\temp\HP_WebRelease\Setup\HPZnet01.exe"="C:\temp\HP_WebRelease\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in"
    "C:\Program Files\Common Files\aol\acs\AOLDial.exe"="C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
    "C:\Program Files\Common Files\aol\acs\AOLacsd.exe"="C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
    "C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1235350536\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
    "C:\Program Files\AOL 9.5\waol.exe"="C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL"
    "C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
    "C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
    "C:\Program Files\Common Files\aol\System Information\sinf.exe"="C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
    "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
    "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe"="C:\Program Files\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends"
    "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
    "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqcopy.exe:*:Enabled:hpqcopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
    "C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "F:\setup\HPZnet01.exe"="F:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe"
    "F:\setup\hponicifs01.exe"="F:\setup\hponicifs01.exe:*:Enabled:hponicifs01.exe"
    "C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
    "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
    "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
    "C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
    "C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
    "C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
    "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e672820-0050-11de-a6c1-806d6172696f}]
    shell\AutoRun\command - F:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b37424ba-1d5b-11de-a6d8-00038a000015}]
    shell\AutoRun\command - N:\setupSNK.exe


    ======List of files/folders created in the last 1 months======

    2009-08-07 11:47:30 ----D---- C:\rsit
    2009-08-07 11:47:30 ----D---- C:\Program Files\trend micro
    2009-08-06 13:17:08 ----D---- C:\WINDOWS\McAfee.com
    2009-08-06 13:17:06 ----D---- C:\WINDOWS\LastGood
    2009-08-05 13:14:01 ----D---- C:\Program Files\iPod
    2009-08-05 13:13:58 ----D---- C:\Program Files\iTunes
    2009-08-05 13:13:00 ----D---- C:\Program Files\QuickTime
    2009-08-03 09:08:08 ----A---- C:\WINDOWS\ntbtlog.txt
    2009-07-30 19:49:11 ----D---- C:\Program Files\Infogrames Interactive
    2009-07-19 20:38:25 ----D---- C:\Barbie(TM)
    2009-07-19 20:38:05 ----A---- C:\WINDOWS\ka.ini
    2009-07-19 20:36:48 ----D---- C:\Program Files\Barbie(TM)
    2009-07-19 20:36:46 ----D---- C:\Program Files\Common Files\Knowledge Adventure
    2009-07-19 20:31:03 ----A---- C:\WINDOWS\SIERRA.INI
    2009-07-16 17:37:44 ----D---- C:\Program Files\AOL Toolbar
    2009-07-16 17:36:59 ----D---- C:\WINDOWS\aolshare
    2009-07-16 17:36:56 ----D---- C:\Program Files\Common Files\aolshare
    2009-07-16 17:36:56 ----D---- C:\Program Files\AOL 9.1
    2009-07-16 17:29:06 ----A---- C:\WINDOWS\msoffice.ini
    2009-07-15 09:51:16 ----D---- C:\WINDOWS\ie8updates
    2009-07-15 09:50:28 ----HDC---- C:\WINDOWS\ie8
    2009-07-15 03:01:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-15 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-15 03:00:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
    2009-07-14 16:40:24 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-07-14 16:40:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

    ======List of files/folders modified in the last 1 months======

    2009-08-07 11:47:30 ----D---- C:\Program Files
    2009-08-07 11:29:18 ----D---- C:\WINDOWS\Temp
    2009-08-07 11:29:18 ----D---- C:\WINDOWS\system32
    2009-08-07 10:21:40 ----D---- C:\WINDOWS\Prefetch
    2009-08-07 05:14:53 ----AD---- C:\WINDOWS
    2009-08-06 20:38:29 ----A---- C:\WINDOWS\win.ini
    2009-08-06 18:45:11 ----A---- C:\WINDOWS\WININIT.INI
    2009-08-06 13:17:15 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-08-06 13:17:07 ----HD---- C:\WINDOWS\inf
    2009-08-05 15:03:54 ----D---- C:\WINDOWS\Registration
    2009-08-05 15:03:39 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-05 15:02:48 ----HD---- C:\Config.Msi
    2009-08-05 15:01:50 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-05 13:14:17 ----SHD---- C:\WINDOWS\Installer
    2009-08-05 13:14:00 ----D---- C:\Program Files\Common Files\Apple
    2009-08-05 13:12:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-08-03 21:03:48 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\LimeWire
    2009-07-31 20:57:54 ----D---- C:\Program Files\Microsoft Silverlight
    2009-07-30 19:49:11 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-07-30 13:27:55 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
    2009-07-30 12:05:51 ----D---- C:\WINDOWS\Minidump
    2009-07-30 03:00:32 ----RSHD---- C:\WINDOWS\system32\dllcache
    2009-07-30 03:00:31 ----D---- C:\Program Files\Internet Explorer
    2009-07-30 03:00:22 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-30 03:00:17 ----D---- C:\WINDOWS\WinSxS
    2009-07-28 21:32:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Move Networks
    2009-07-26 17:09:18 ----D---- C:\WINDOWS\system32\drivers
    2009-07-19 20:36:46 ----D---- C:\Program Files\Common Files
    2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
    2009-07-19 08:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-16 17:39:05 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AOL
    2009-07-16 17:38:27 ----D---- C:\Program Files\Common Files\aol
    2009-07-16 17:38:27 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
    2009-07-16 17:29:46 ----D---- C:\Program Files\AOL
    2009-07-16 17:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
    2009-07-16 16:34:25 ----SD---- C:\WINDOWS\Tasks
    2009-07-15 09:53:02 ----D---- C:\WINDOWS\system32\en-us
    2009-07-15 09:53:02 ----D---- C:\WINDOWS\Media
    2009-07-15 09:53:02 ----D---- C:\WINDOWS\Help
    2009-07-15 09:51:27 ----A---- C:\WINDOWS\imsins.BAK
    2009-07-14 17:27:51 ----D---- C:\WINDOWS\network diagnostic
    2009-07-14 12:48:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2009-07-11 16:40:03 ----D---- C:\Documents and Settings\All Users\Application Data\Firefly Studios
    2009-07-11 16:25:20 ----D---- C:\Program Files\Firefly Studios

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
    R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
    R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
    R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
    R2 {22D78859-9CE9-4b77-BF18-AC83E81A9263};{22D78859-9CE9-4b77-BF18-AC83E81A9263}; \??\C:\Program Files\HP\DVDPlay\000.fcl []
    R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
    R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992]
    R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
    R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2006-04-20 82048]
    R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-12-11 242320]
    R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-10 9728]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidIr;Microsoft Infrared HID Driver; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-14 19200]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
    R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
    R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-25 4623872]
    R3 IrBus;Infrared bus filter driver for eHome remote controls; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-14 46592]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
    R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
    R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
    R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
    R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
    S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
    S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-14 71552]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-03-19 49920]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-03-19 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-03-19 21568]
    S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
    S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
    S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
    S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
    S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
    S3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
    R2 ELService;Intel(R) Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe [2006-06-02 180224]
    R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-07-06 90112]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-02 152984]
    R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
    R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-04-14 75064]
    R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-07-30 189072]
    R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-04-08 92008]
    R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
    S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
    S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
    S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
    S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
    S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

    -----------------EOF-----------------

  6. #6
    Junior Member
    Join Date
    Aug 2009
    Posts
    11

    Default RSIT info.txt

    info.txt logfile of random's system information tool 1.06 2009-08-07 11:47:45

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
    -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
    -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
    2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
    Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
    AOL Toolbar -->"C:\Program Files\AOL Toolbar\uninstall.exe"
    AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
    Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x0009 -removeonly
    Barbie(TM) Explorer(TM)-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\BrbExpPCUn.exe
    Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
    BlackBerry Media Sync-->C:\WINDOWS\Installer\BBMediaSyncUninstall.exe
    BlackBerry® Media Sync-->MsiExec.exe /X{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
    Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
    DISCover-->"C:\Program Files\DISC\uninstall.exe"
    DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
    Dogz (remove only)-->"C:\Program Files\Ubisoft\Dogz\uninstall.exe" 1033
    Download Manager 2.3.7-->C:\Program Files\Download Manager\uninst.exe
    Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
    Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
    GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
    Harry Potter and the Order of the Phoenix™-->C:\Program Files\Electronic Arts\Harry Potter and the Order of the Phoenix\EAUninstall.exe
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
    HP Driver Diagnostics-->MsiExec.exe /X{4CCC7F68-A437-4559-A840-F5E010934951}
    HP DVD Play HD DVD 2.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
    HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
    HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Officejet Pro All-In-One Series-->C:\Program Files\HP\Digital Imaging\{7729A02E-D1AD-4830-8FC5-11853500D90D}\setup\hpzscr01.exe -datfile hpwscr05.dat
    HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
    HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
    HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
    HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
    HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
    Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
    Intel(R) Network Connections Drivers-->Prounstl.exe
    Intel(R) Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
    Intel® Viiv™ Software-->MsiExec.exe /X{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}
    iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
    J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
    Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
    LimeWire 5.1.2-->"C:\Program Files\LimeWire\uninstall.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Standard Edition 2003 60 days trial-->c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
    MPM-->MsiExec.exe /X{D48AD533-BAD5-469B-A9AA-272C6D80E70B}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Network Magic-->C:\Documents and Settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
    Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
    Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
    Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
    Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\install.log
    RollerCoaster Tycoon Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{924EAD66-F854-4605-8493-696DD59A113B}\Setup.exe" -l0x9
    Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
    Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
    Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
    Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
    Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
    Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
    Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Stronghold 2 Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{16D2C649-CBA8-44EE-B730-12584667D487}\setup.exe" -l0x9 -removeonly
    Stronghold Legends-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66A405D2-BA14-4594-BF36-B3B544F0754E}\setup.exe" -l0x9 -removeonly
    TomTom HOME 2.6.2.1586-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
    TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
    Transformers(TM) - The Game-->C:\Program Files\InstallShield Installation Information\{5645BA4F-2BF3-4F31-B3F7-710700C92456}\setup.exe -runfromtemp -l0x0409
    Uninstall AOL Emergency Connect Utility 1.0-->C:\Program Files\Common Files\AOL\ECU\uninst.exe
    Unity Web Player-->C:\Program Files\Unity\WebPlayer\Uninstall.exe
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
    WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
    Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
    Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Hosts File======


    192.168.0.197 HP00156047F315
    192.168.0.193 HP00215AA3D615
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com

    ======System event log======

    Computer Name: YOUR-4DACD0EA75
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Record Number: 13038
    Source Name: Service Control Manager
    Time Written: 20090801030503.000000-300
    Event Type: error
    User:

    Computer Name: YOUR-4DACD0EA75
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Record Number: 12811
    Source Name: Service Control Manager
    Time Written: 20090801023633.000000-300
    Event Type: error
    User:

    Computer Name: YOUR-4DACD0EA75
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Record Number: 12584
    Source Name: Service Control Manager
    Time Written: 20090731215629.000000-300
    Event Type: error
    User:

    Computer Name: YOUR-4DACD0EA75
    Event Code: 7026
    Message: The following boot-start or system-start driver(s) failed to load:
    ftsata2

    Record Number: 11758
    Source Name: Service Control Manager
    Time Written: 20090731205856.000000-300
    Event Type: error
    User:

    Computer Name: YOUR-4DACD0EA75
    Event Code: 9
    Message: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

    Record Number: 11734
    Source Name: iaStor
    Time Written: 20090731193609.000000-300
    Event Type: error
    User:

    =====Application event log=====

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 1617
    Source Name: MsiInstaller
    Time Written: 20090407142556.000000-300
    Event Type: warning
    User: YOUR-4DACD0EA75\HP_Administrator

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 1616
    Source Name: MsiInstaller
    Time Written: 20090407142556.000000-300
    Event Type: warning
    User: YOUR-4DACD0EA75\HP_Administrator

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 1615
    Source Name: MsiInstaller
    Time Written: 20090407142554.000000-300
    Event Type: warning
    User: YOUR-4DACD0EA75\HP_Administrator

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1015
    Message: Failed to connect to server. Error: 0x800401F0

    Record Number: 1614
    Source Name: MsiInstaller
    Time Written: 20090407142554.000000-300
    Event Type: warning
    User: YOUR-4DACD0EA75\HP_Administrator

    Computer Name: YOUR-4DACD0EA75
    Event Code: 1000
    Message: Faulting application hpdj00.exe, version 2.335.5.0, faulting module unknown, version 0.0.0.0, fault address 0x0012e731.

    Record Number: 1562
    Source Name: Application Error
    Time Written: 20090407135115.000000-300
    Event Type: error
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=6
    "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
    "PROCESSOR_REVISION"=0f06
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------
    Sorry I had to post in so many pieces, my computer kept giving me an error message about exceeding 30 seconds and wouldn't upload the bigger chunks. Sysprot log to come next.
    keddie7

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •